Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Mon, 18 July 2011 18:53 UTC
Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F19921F8B9B for <core@ietfa.amsl.com>; Mon, 18 Jul 2011 11:53:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atTZ6zSodogN for <core@ietfa.amsl.com>; Mon, 18 Jul 2011 11:53:10 -0700 (PDT)
Received: from imx12.toshiba.co.jp (imx12.toshiba.co.jp [61.202.160.132]) by ietfa.amsl.com (Postfix) with ESMTP id 1E48E21F8B89 for <core@ietf.org>; Mon, 18 Jul 2011 11:53:09 -0700 (PDT)
Received: from arc11.toshiba.co.jp ([133.199.90.127]) by imx12.toshiba.co.jp with ESMTP id p6IIr4jp007053; Tue, 19 Jul 2011 03:53:04 +0900 (JST)
Received: (from root@localhost) by arc11.toshiba.co.jp id p6IIr4vn028163; Tue, 19 Jul 2011 03:53:04 +0900 (JST)
Received: from ovp11.toshiba.co.jp [133.199.90.148] by arc11.toshiba.co.jp with ESMTP id DAA28162; Tue, 19 Jul 2011 03:53:04 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp11.toshiba.co.jp with ESMTP id p6IIr4tV000484; Tue, 19 Jul 2011 03:53:04 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id p6IIr4a5026031; Tue, 19 Jul 2011 03:53:04 +0900 (JST)
Received: from [133.199.16.123] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0LOJ003OSLSF2880@mail.po.toshiba.co.jp>; Tue, 19 Jul 2011 03:53:04 +0900 (JST)
Date: Tue, 19 Jul 2011 03:52:59 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <56345F95-BED6-40F9-924D-CE5105B50ACE@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-id: <4E24810B.40304@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <1310490517.84307.YahooMailRC@web111403.mail.gq1.yahoo.com> <96EBDFA8-7693-4A46-BA3A-6085A790B1DF@gmx.net> <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com> <4E1CD50B.6090505@toshiba.co.jp> <DC1F5A33-19E1-4102-AD25-8E591E359DF5@gmx.net> <56345F95-BED6-40F9-924D-CE5105B50ACE@gmx.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
Cc: core@ietf.org
Subject: Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 18:53:11 -0000
Thanks, Hannes. I agree to change the terminology. Chairs: I request a slot to discuss my contribution in IETF81. Regards, Yoshihiro Ohba (2011/07/17 22:30), Hannes Tschofenig wrote: > Yoshi, I would also like to add that my comment regarding Bahcet's suggestion for a terminology change does not lower the value of your contribution in any way. > In fact, I find your document a very interesting discussion contribution regarding the envisioned smart object security architecture. > > Ciao > Hannes > > On Jul 13, 2011, at 11:33 AM, Hannes Tschofenig wrote: > >> Hi Yoshi, >> >> it was a mistake to use the term "bootstrapping" in mobile IPv6 context as well. >> There was no good reason to create a new term given the existence of already well-established terms. >> >> Time to change that. >> >> Ciao >> Hannes >> >> On Jul 13, 2011, at 2:13 AM, Yoshihiro Ohba wrote: >> >>> Hi Hannes, Bahcet, >>> >>> Please see my comments below. >>> >>> (2011/07/13 4:25), Behcet Sarikaya wrote: >>>> Hi Hannes (Kelly and Rene who replied to me only), >>>> >>>> >>>> Let me clarify. >>>> >>>> I checked the Wiki page, it is about what I talked, i.e. bootstrapping your PC. >>>> I am OK with it. >>>> >>>> In Core WG drafts, draft-ohba is about "bootstrapping" CoAP applications, >>>> establishing a secure channel between the CoAP client and CoAP server. >>>> >>> >>> Yes. >>> >>>> As such it assumes a secure IP communication which is what we cover in >>>> draft-sarikaya. >>>> >>>> I think that establishing a secure channel between the CoAP client and CoAP >>>> server should not be called bootstrapping. >>> >>> For example, RFC 4640 discuss "bootstrapping MIPv6", and in its abstract: >>> >>> "A mobile node needs at least the following information: a home >>> address, a home agent address, and a security association with home >>> agent to register with the home agent. The process of obtaining this >>> information is called bootstrapping." >>> >>> This means that bootstrapping MIPv6 security is part of bootstrapping >>> MIPv6. >>> >>> Following the same logic, I think bootstrapping CoAP security can be >>> considered as part of bootstrapping CoAP application. >>> >>>> >>>> OTOH, draft-garcia is totally chaotic about "bootstrapping". In Section 3 it >>>> talks about trust bootstrapping between nodes of >>>> different vendors. Then it talks about bootstrapping phase/procedures. >>>> Later on they mention the bootstrapping of security keys. >>>> >>>> Section 5.2 Bootstrapping of a Security Domain >>>> In Section 5.2.2 it tries to give a definition to bootstrapping. >>>> >>>> My suggestions are: >>>> >>>> for draft-ohba: please do not use bootstrapping, otherwise your draft is clear >>>> enough. >>> >>> Since the term bootstrapping is already used for MIPv6 case, I think >>> it can still use the term, but I agree that the draft should say >>> bootstrapping CoAP security instead of bootstrapping CoAP application. >>> >>> Regards, >>> Yoshihiro Ohba >>> >>> >>> >>>> >>>> for draft-garcia: This draft talks about so many things. In most places, what it >>>> refers to as bootstrapping and the description match what is covered in the >>>> original document which is draft-sarikaya. I suggest removing all those sections >>>> about bootstrapping because they are mostly repeating what we already had. Stay >>>> with whatever remains and see if it is worth to have such a document. >>>> >>>> Regards, >>>> >>>> Behcet >>>> >>>> >>>> >>>>> Hi Behcet, >>>>> >>>>> I agree with you that the term "bootstrapping" is not very helpful. >>>>> >>>>> There are three cases: >>>>> >>>>> a) Key Distribution and Key Derivation >>>>> >>>>> Here an existing keying material is used to derive other keying material or to >>>>> use securely distribute keying material. >>>>> >>>>> draft-ohba-core-eap-based-bootstrapping and >>>>> >>>>> b) Bootstrapping (in terms of operating systems procedures) >>>>> >>>>> See description in http://en.wikipedia.org/wiki/Bootstrapping_%28computing%29 >>>>> >>>>> draft-garcia-core-security seems to refer to this aspect, I believe. >>>>> >>>>> c) Establishing initial keying material in a leap of faith style. >>>>> >>>>> Example: Bluetooth pairing protocol >>>>> http://tools.ietf.org/html/draft-pritikin-ttimodel-01 also discusses these >>>>> aspects. >>>>> >>>>> Here the terms used are imprinting, pairing, enrollment, and introduction are >>>>> used to describe >>>>> >>>>> >>>>> Ciao >>>>> Hannes >>>>> >>>>> On Jul 12, 2011, at 8:08 PM, Behcet Sarikaya wrote: >>>>> >>>>>> Hi all, >>>>>> It seems that the word bootstrapping has been used and overused in so many >>>> >>>>>> drafts (including draft-ohba-core-eap-based-bootstrapping and >>>>>> draft-garcia-core-security) and I suggest that we clarify this. >>>>>> >>>>>> Colin had a draft on >>>>>> Initial Configuration of Resource-Constrained Devices >>>>>> called draft-oflynn-6lowapp-bootstrapping submitted on Jan. 2010 in which he >>>>> >>>>>> defined bootstrapping ashow to initially configure the network. >>>>>> >>>>>> Later on we continued this work on where Colin left >>>>>> indraft-sarikaya-core-sbootstrapping. >>>>>> >>>>>> I think that the definition Colin gave to bootstrapping is the right one. It >>>>> >>>>>> matches with the historical use of bootstrapping in computers: you bootstrap >>>>> >>>>>> your computer to initially configure it by a physical action (pressing a >>>>> button) >>>>> >>>>>> which loads a small record to the memory which when executed bootstraps >>>>> (brings >>>>> >>>>>> the whole OS to the memory) the system. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Behcet >>>>>> _______________________________________________ >>>>>> core mailing list >>>>>> core@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/core >>>>> >>>>> >>>> _______________________________________________ >>>> core mailing list >>>> core@ietf.org >>>> https://www.ietf.org/mailman/listinfo/core >>>> >>> >>> _______________________________________________ >>> core mailing list >>> core@ietf.org >>> https://www.ietf.org/mailman/listinfo/core >> > >
- [core] Bootstrap in draft-ohba-core-eap-based-boo… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Yoshihiro Ohba
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Yoshihiro Ohba