Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 17 July 2011 13:31 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C40621F869C for <core@ietfa.amsl.com>; Sun, 17 Jul 2011 06:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGGTux0+9xB2 for <core@ietfa.amsl.com>; Sun, 17 Jul 2011 06:30:59 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id D5F3521F8698 for <core@ietf.org>; Sun, 17 Jul 2011 06:30:58 -0700 (PDT)
Received: (qmail invoked by alias); 17 Jul 2011 13:30:57 -0000
Received: from unknown (EHLO [172.16.1.103]) [12.176.29.2] by mail.gmx.net (mp066) with SMTP; 17 Jul 2011 15:30:57 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX194fehH5ON4YUmtlLSNBaNIbQU6ampgQVC0rjijx4 zi41yGLeGOY5EN
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <DC1F5A33-19E1-4102-AD25-8E591E359DF5@gmx.net>
Date: Sun, 17 Jul 2011 16:30:54 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <56345F95-BED6-40F9-924D-CE5105B50ACE@gmx.net>
References: <1310490517.84307.YahooMailRC@web111403.mail.gq1.yahoo.com> <96EBDFA8-7693-4A46-BA3A-6085A790B1DF@gmx.net> <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com> <4E1CD50B.6090505@toshiba.co.jp> <DC1F5A33-19E1-4102-AD25-8E591E359DF5@gmx.net>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: core@ietf.org
Subject: Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2011 13:31:00 -0000
Yoshi, I would also like to add that my comment regarding Bahcet's suggestion for a terminology change does not lower the value of your contribution in any way. In fact, I find your document a very interesting discussion contribution regarding the envisioned smart object security architecture. Ciao Hannes On Jul 13, 2011, at 11:33 AM, Hannes Tschofenig wrote: > Hi Yoshi, > > it was a mistake to use the term "bootstrapping" in mobile IPv6 context as well. > There was no good reason to create a new term given the existence of already well-established terms. > > Time to change that. > > Ciao > Hannes > > On Jul 13, 2011, at 2:13 AM, Yoshihiro Ohba wrote: > >> Hi Hannes, Bahcet, >> >> Please see my comments below. >> >> (2011/07/13 4:25), Behcet Sarikaya wrote: >>> Hi Hannes (Kelly and Rene who replied to me only), >>> >>> >>> Let me clarify. >>> >>> I checked the Wiki page, it is about what I talked, i.e. bootstrapping your PC. >>> I am OK with it. >>> >>> In Core WG drafts, draft-ohba is about "bootstrapping" CoAP applications, >>> establishing a secure channel between the CoAP client and CoAP server. >>> >> >> Yes. >> >>> As such it assumes a secure IP communication which is what we cover in >>> draft-sarikaya. >>> >>> I think that establishing a secure channel between the CoAP client and CoAP >>> server should not be called bootstrapping. >> >> For example, RFC 4640 discuss "bootstrapping MIPv6", and in its abstract: >> >> "A mobile node needs at least the following information: a home >> address, a home agent address, and a security association with home >> agent to register with the home agent. The process of obtaining this >> information is called bootstrapping." >> >> This means that bootstrapping MIPv6 security is part of bootstrapping >> MIPv6. >> >> Following the same logic, I think bootstrapping CoAP security can be >> considered as part of bootstrapping CoAP application. >> >>> >>> OTOH, draft-garcia is totally chaotic about "bootstrapping". In Section 3 it >>> talks about trust bootstrapping between nodes of >>> different vendors. Then it talks about bootstrapping phase/procedures. >>> Later on they mention the bootstrapping of security keys. >>> >>> Section 5.2 Bootstrapping of a Security Domain >>> In Section 5.2.2 it tries to give a definition to bootstrapping. >>> >>> My suggestions are: >>> >>> for draft-ohba: please do not use bootstrapping, otherwise your draft is clear >>> enough. >> >> Since the term bootstrapping is already used for MIPv6 case, I think >> it can still use the term, but I agree that the draft should say >> bootstrapping CoAP security instead of bootstrapping CoAP application. >> >> Regards, >> Yoshihiro Ohba >> >> >> >>> >>> for draft-garcia: This draft talks about so many things. In most places, what it >>> refers to as bootstrapping and the description match what is covered in the >>> original document which is draft-sarikaya. I suggest removing all those sections >>> about bootstrapping because they are mostly repeating what we already had. Stay >>> with whatever remains and see if it is worth to have such a document. >>> >>> Regards, >>> >>> Behcet >>> >>> >>> >>>> Hi Behcet, >>>> >>>> I agree with you that the term "bootstrapping" is not very helpful. >>>> >>>> There are three cases: >>>> >>>> a) Key Distribution and Key Derivation >>>> >>>> Here an existing keying material is used to derive other keying material or to >>>> use securely distribute keying material. >>>> >>>> draft-ohba-core-eap-based-bootstrapping and >>>> >>>> b) Bootstrapping (in terms of operating systems procedures) >>>> >>>> See description in http://en.wikipedia.org/wiki/Bootstrapping_%28computing%29 >>>> >>>> draft-garcia-core-security seems to refer to this aspect, I believe. >>>> >>>> c) Establishing initial keying material in a leap of faith style. >>>> >>>> Example: Bluetooth pairing protocol >>>> http://tools.ietf.org/html/draft-pritikin-ttimodel-01 also discusses these >>>> aspects. >>>> >>>> Here the terms used are imprinting, pairing, enrollment, and introduction are >>>> used to describe >>>> >>>> >>>> Ciao >>>> Hannes >>>> >>>> On Jul 12, 2011, at 8:08 PM, Behcet Sarikaya wrote: >>>> >>>>> Hi all, >>>>> It seems that the word bootstrapping has been used and overused in so many >>> >>>>> drafts (including draft-ohba-core-eap-based-bootstrapping and >>>>> draft-garcia-core-security) and I suggest that we clarify this. >>>>> >>>>> Colin had a draft on >>>>> Initial Configuration of Resource-Constrained Devices >>>>> called draft-oflynn-6lowapp-bootstrapping submitted on Jan. 2010 in which he >>>> >>>>> defined bootstrapping ashow to initially configure the network. >>>>> >>>>> Later on we continued this work on where Colin left >>>>> indraft-sarikaya-core-sbootstrapping. >>>>> >>>>> I think that the definition Colin gave to bootstrapping is the right one. It >>>> >>>>> matches with the historical use of bootstrapping in computers: you bootstrap >>>> >>>>> your computer to initially configure it by a physical action (pressing a >>>> button) >>>> >>>>> which loads a small record to the memory which when executed bootstraps >>>> (brings >>>> >>>>> the whole OS to the memory) the system. >>>>> >>>>> Regards, >>>>> >>>>> Behcet >>>>> _______________________________________________ >>>>> core mailing list >>>>> core@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/core >>>> >>>> >>> _______________________________________________ >>> core mailing list >>> core@ietf.org >>> https://www.ietf.org/mailman/listinfo/core >>> >> >> _______________________________________________ >> core mailing list >> core@ietf.org >> https://www.ietf.org/mailman/listinfo/core >
- [core] Bootstrap in draft-ohba-core-eap-based-boo… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Yoshihiro Ohba
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Yoshihiro Ohba