Re: [core] concerns re draft-oflynn-core-bootstrapping-02
Rene Struik <rstruik.ext@gmail.com> Fri, 29 October 2010 03:37 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: core@core3.amsl.com
Delivered-To: core@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C9DB83A69E3 for <core@core3.amsl.com>; Thu, 28 Oct 2010 20:37:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.852
X-Spam-Level:
X-Spam-Status: No, score=-2.852 tagged_above=-999 required=5 tests=[AWL=-0.254, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ei-F2x8NjLOq for <core@core3.amsl.com>; Thu, 28 Oct 2010 20:36:49 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by core3.amsl.com (Postfix) with ESMTP id 33C3A3A69DE for <core@ietf.org>; Thu, 28 Oct 2010 20:36:44 -0700 (PDT)
Received: by yxp4 with SMTP id 4so1872702yxp.31 for <core@ietf.org>; Thu, 28 Oct 2010 20:38:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type; bh=fBwMIzhN/bfceQGnsxngX3n5Z7itfXzWxTGwAjL66ZQ=; b=hk4qy8JYNMLZa2asH4x/SaBNdRoa+EyBnqOR3LrM+A+gt4TTyP1U0zX4sorMyxTkL/ xufHsQaPaQQMy2z0chik2QjAg77pGzCSRYXOgk4OekO4yv2uZrp7cyobFXJ+Fue5MjPN xUp0cGWHlgWkhGyIOuJ/FqkRqGbCU0ZY0G73o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; b=v3PXeKlMxrJreFvlrTKrZ/GwhbqOhUCqDfcMEnwA+UC9ImyI1YoKqCdk2+U2A/xJIc D6hlsrFqAc08usXdyIbP7KMXFE3IhJcO9fW3NkK1CGOBLDzAJaaA77fswbkj+2/ejReJ q6yMlqX3JprU7RzxaGWqUaOu7Yd85WwfC12vM=
Received: by 10.150.146.14 with SMTP id t14mr21210485ybd.421.1288323511811; Thu, 28 Oct 2010 20:38:31 -0700 (PDT)
Received: from [192.168.1.102] (CPE0013100e2c51-CM00186851d6f6.cpe.net.cable.rogers.com [99.232.69.160]) by mx.google.com with ESMTPS id v9sm6423514ybe.21.2010.10.28.20.38.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 28 Oct 2010 20:38:31 -0700 (PDT)
Message-ID: <4CCA41AC.6040800@gmail.com>
Date: Thu, 28 Oct 2010 23:38:20 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
References: <BE21691E-1C60-4E2C-B7A8-81782F46E923@tzi.org> <E96BC2D7-3C56-4859-94B3-8B1AF1990C77@tzi.org> <935DB371-B149-486A-8AD2-3B4454C9B172@tzi.org> <4CA3BB54.8050706@gmail.com> <AANLkTimFX2BuD=UT3t4XV8XvD+ZRhgj57wDzRc2sFKOc@mail.gmail.com> <4CA5E8E0.4030503@gmail.com> <AANLkTi=0yEc6Fgi2-eahb8JtRZBxC9PWD=aEwQjh3F6R@mail.gmail.com> <4CA6095F.6040403@gmail.com> <B0F8E486-051F-4C5D-A05F-BDB3701404C5@cs.rwth-aachen.de> <4CB48B9B.9010206@gmail.com> <4CC83F61.5060109@gmail.com> <023a01cb76e1$869bfcc0$93d3f640$%yegin@yegin.org> <D266D724-C345-4980-A685-5742F76C60D3@tzi.org> <4CCA052E.2010909@toshiba.co.jp>
In-Reply-To: <4CCA052E.2010909@toshiba.co.jp>
Content-Type: multipart/alternative; boundary="------------020604040200050600090504"
Cc: core@ietf.org
Subject: Re: [core] concerns re draft-oflynn-core-bootstrapping-02
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2010 03:37:02 -0000
Hi Yoshihiro: It seems that in your example each device identifier is tied to a single security manager (e.g., device A and security manager S would yield device id A@S.com). This seems to imply the following: (a) entangles the name space and device role space (since tie-ing node A to a node S that assumes a security manager role for A); (b) precludes scenarios where (b1) a device may have multiple security managers (example: remote control, spare remote under the pillow, central node); (b2) a security manager may change over time (example: change of security manager, due to malfunctioning device or ownership change); (b3) a device may not have a security manager yet (example: device is initially taken out of generic box, without any imprinting happening yet); (b4) a device and security manager may not be in hierarchical relationship (example: simple device pairing a la Bluetooth v2.1 EDR). As such, this seems to preclude many useful deployment scenarios for sensor networks. Hence, my note in my email as of Wed October 27, 2010, 11:04am EDT re the latest version of draft-oflynn-core-bootstrapping-02, in which I highlighted the importance of facilitating a flexible set of deployment scenarios. Please let me know if I misinterpreted your EAP-style explanation (above, I only focus on logical device roles and not on communication patterns). Best regards, Rene [excerpt email RS as of October 1, 2010, 12:16pm EDT] In my mind, properties of suitable authenticated key agreement schemes should include (a) key establishment; (b) implicit key authentication; (c) key confirmation; (d) mutual entity authentication; (e) forward secrecy; (f) {perhaps} some more esoteric properties (key compromise impersonation resilience, etc.). Moreover, the "name space" (device identifiers) and the "cryptographic space" (public keys, etc.) should be independent, so that this would allow trust lifecycle management to be reduced to proper management of device identifiers (i.e., ****no** entanglement of concepts from different disciplines). On 28/10/2010 7:20 PM, Yoshihiro Ohba wrote: > OK, then let me use the term "RADIUS server" to explain. > > Any EAP transport protocol such as IEEE 802.1X and PANA works with > multiple AAA domains in which a single access network may interface to > multiple RADIUS servers where each RADIUS server serves for a distinct > AAA domain. With EAP, RADIUS routing is based on the EAP peer > identity such as "foo@domainA.com" and "bar@domainB.com" in a way that > authentication messages for EAP peer "foo@domainA.com"are routed to > "domainA.com" RADIUS server and authentication messages for EAP peer > "bar@domainB.com" are routed to "domainB.com" RADIUS server. The EAP > peer identity is extracted from the initial EAP exchange by an EAP > pass-through authenticator that is co-located with a RADIUS client at > the border of the access network. In a large scale RADIUS deployment, > there may be RADIUS proxies between a RADIUS client and a RADIUS > server to simplify the AAA routing task for RADIUS clients. In PANA, > PAA (PANA Authentication Agent) is the EAP pass-through authenticator, > and PaC (PANA Client) is the EAP peer. > > Hope this helps, > Yoshihiro Ohba > > (2010/10/29 6:21), Carsten Bormann wrote: >> On Oct 28, 2010, at 22:48, Alper Yegin wrote: >> >>> mothership >> I think other terms are "mother-may-I", "trust center", "RADIUS server", or "Policy Decision Point". Just guessing, though. >> I think the use case of interest here is a single constrained network that simultaneously serves multiple trust domains, so being authorized by any one of them should give you access. >> >> With that potential explanation, can you elucidate whether (and maybe how) PANA would work in this scenario? >> >> Gruesse, Carsten >> >> _______________________________________________ >> core mailing list >> core@ietf.org >> https://www.ietf.org/mailman/listinfo/core >> > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core -- email: rstruik.ext@gmail.com Skype: rstruik cell: +1 (647) 867-5658 USA Google voice: +1 (415) 690-7363
- [core] Wed 29, 1500 UTC (Fwd: Meeting invitation:… Carsten Bormann
- [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting invita… Carsten Bormann
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Carsten Bormann
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Rene Struik
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Rene Struik
- Re: [core] Meeting minutes Oflynn, Colin
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Zhen Cao
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Rene Struik
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Zhen Cao
- Re: [core] Fwd: Wed 29, 1500 UTC (Fwd: Meeting in… Rene Struik
- [core] HIP identities and puzzle (was: Fwd: Wed 2… Tobias Heer
- Re: [core] HIP identities and puzzle Rene Struik
- [core] concerns re draft-oflynn-core-bootstrappin… Rene Struik
- Re: [core] concerns re draft-oflynn-core-bootstra… Garcia Morchon, Oscar
- Re: [core] concerns re draft-oflynn-core-bootstra… Alper Yegin
- Re: [core] concerns re draft-oflynn-core-bootstra… Carsten Bormann
- Re: [core] concerns re draft-oflynn-core-bootstra… Rene Struik
- Re: [core] concerns re draft-oflynn-core-bootstra… Yoshihiro Ohba
- Re: [core] concerns re draft-oflynn-core-bootstra… Rene Struik
- Re: [core] concerns re draft-oflynn-core-bootstra… Yoshihiro Ohba
- Re: [core] concerns re draft-oflynn-core-bootstra… Rene Struik
- Re: [core] HIP identities and puzzle Rene Struik
- Re: [core] HIP identities and puzzle Tobias Heer
- Re: [core] HIP identities and puzzle René Hummen
- Re: [core] concerns re draft-oflynn-core-bootstra… Alper Yegin
- Re: [core] concerns re draft-oflynn-core-bootstra… Robert Cragie
- [core] bootstrapping concerns still remain all (w… Rene Struik
- Re: [core] bootstrapping concerns still remain al… Behcet Sarikaya
- Re: [core] bootstrapping concerns still remain al… Robert Cragie
- Re: [core] bootstrapping concerns still remain al… Yoshihiro Ohba