IETF Logo Mail Archive

Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 13 July 2011 08:34 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 664BD21F8BCD for <core@ietfa.amsl.com>; Wed, 13 Jul 2011 01:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.551
X-Spam-Level:
X-Spam-Status: No, score=-102.551 tagged_above=-999 required=5 tests=[AWL=0.048, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mq1LzAk132As for <core@ietfa.amsl.com>; Wed, 13 Jul 2011 01:34:00 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 247B321F8B49 for <core@ietf.org>; Wed, 13 Jul 2011 01:33:59 -0700 (PDT)
Received: (qmail invoked by alias); 13 Jul 2011 08:33:58 -0000
Received: from letku214.adsl.netsonic.fi (EHLO [10.0.0.6]) [194.29.195.214] by mail.gmx.net (mp067) with SMTP; 13 Jul 2011 10:33:58 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX19YIG9LTVtYoNYiPTIibEcTWe9lIQyZZID7dLO20g uItJs07uIV3Q9P
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <4E1CD50B.6090505@toshiba.co.jp>
Date: Wed, 13 Jul 2011 11:33:57 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <DC1F5A33-19E1-4102-AD25-8E591E359DF5@gmx.net>
References: <1310490517.84307.YahooMailRC@web111403.mail.gq1.yahoo.com> <96EBDFA8-7693-4A46-BA3A-6085A790B1DF@gmx.net> <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com> <4E1CD50B.6090505@toshiba.co.jp>
To: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: core@ietf.org
Subject: Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2011 08:34:04 -0000

Hi Yoshi, 

it was a mistake to use the term "bootstrapping" in mobile IPv6 context as well. 
There was no good reason to create a new term given the existence of already well-established terms. 

Time to change that.

Ciao
Hannes

On Jul 13, 2011, at 2:13 AM, Yoshihiro Ohba wrote:

> Hi Hannes, Bahcet,
> 
> Please see my comments below.
> 
> (2011/07/13 4:25), Behcet Sarikaya wrote:
>> Hi Hannes (Kelly and Rene who replied to me only),
>> 
>> 
>> Let me clarify.
>> 
>> I checked the Wiki page, it is about what I talked, i.e. bootstrapping your PC.
>> I am OK with it.
>> 
>> In Core WG drafts, draft-ohba is about "bootstrapping" CoAP applications,
>> establishing a secure channel between the CoAP client and CoAP server.
>> 
> 
> Yes.
> 
>> As such it assumes a secure IP communication which is what we cover in
>> draft-sarikaya.
>> 
>> I think that establishing a secure channel between the CoAP client and CoAP
>> server should not be called bootstrapping.
> 
> For example, RFC 4640 discuss "bootstrapping MIPv6", and in its abstract:
> 
> "A mobile node needs at least the following information: a home
> address, a home agent address, and a security association with home
> agent to register with the home agent.  The process of obtaining this
> information is called bootstrapping."
> 
> This means that bootstrapping MIPv6 security is part of bootstrapping
> MIPv6.
> 
> Following the same logic, I think bootstrapping CoAP security can be
> considered as part of bootstrapping CoAP application.
> 
>> 
>> OTOH, draft-garcia is totally chaotic about "bootstrapping". In Section 3 it
>> talks about  trust bootstrapping between nodes of
>>    different vendors. Then it talks about bootstrapping phase/procedures.
>> Later on they mention the bootstrapping of security keys.
>> 
>> Section 5.2 Bootstrapping of a Security Domain
>> In Section 5.2.2 it tries to give a definition to bootstrapping.
>> 
>> My suggestions are:
>> 
>> for draft-ohba: please do not use bootstrapping, otherwise your draft is clear
>> enough.
> 
> Since the term bootstrapping is already used for MIPv6 case, I think
> it can still use the term, but I agree that the draft should say
> bootstrapping CoAP security instead of bootstrapping CoAP application.
> 
> Regards,
> Yoshihiro Ohba
> 
> 
> 
>> 
>> for draft-garcia: This draft talks about so many things. In most places, what it
>> refers to as bootstrapping and the description match what is covered in the
>> original document which is draft-sarikaya. I suggest removing all those sections
>> about bootstrapping because they are mostly repeating what we already had. Stay
>> with whatever remains and see if it is worth to have such a document.
>> 
>> Regards,
>> 
>> Behcet
>> 
>> 
>> 
>>> Hi Behcet,
>>> 
>>> I agree with you that the term "bootstrapping" is not very  helpful.
>>> 
>>> There are three cases:
>>> 
>>> a) Key Distribution and Key  Derivation
>>> 
>>> Here an existing keying material is used to derive other  keying material or to
>>> use securely distribute keying material.
>>> 
>>> draft-ohba-core-eap-based-bootstrapping and
>>> 
>>> b) Bootstrapping (in  terms of operating systems procedures)
>>> 
>>> See description in  http://en.wikipedia.org/wiki/Bootstrapping_%28computing%29
>>> 
>>> draft-garcia-core-security  seems to refer to this aspect, I believe.
>>> 
>>> c) Establishing initial  keying material in a leap of faith style.
>>> 
>>> Example: Bluetooth pairing  protocol
>>> http://tools.ietf.org/html/draft-pritikin-ttimodel-01 also discusses  these
>>> aspects.
>>> 
>>> Here the terms used are imprinting, pairing, enrollment, and  introduction are
>>> used to describe
>>> 
>>> 
>>> Ciao
>>> Hannes
>>> 
>>> On Jul 12, 2011,  at 8:08 PM, Behcet Sarikaya wrote:
>>> 
>>>> Hi all,
>>>>  It seems  that the word bootstrapping has been used and overused in so many
>> 
>>>>  drafts (including draft-ohba-core-eap-based-bootstrapping and
>>>>  draft-garcia-core-security) and I suggest that we clarify this.
>>>> 
>>>>  Colin had a draft on
>>>> Initial Configuration of Resource-Constrained  Devices
>>>> called draft-oflynn-6lowapp-bootstrapping submitted on Jan. 2010  in which he
>>> 
>>>> defined bootstrapping ashow to initially     configure the network.
>>>> 
>>>> Later on we continued this work on where  Colin left
>>>> indraft-sarikaya-core-sbootstrapping.
>>>> 
>>>> I  think that the definition Colin gave to bootstrapping is the right one. It
>>> 
>>>> matches with the historical use of bootstrapping in computers: you  bootstrap
>>> 
>>>> your computer to initially configure it by a physical action  (pressing a
>>> button)
>>> 
>>>> which loads a small record to the memory which when  executed bootstraps
>>> (brings
>>> 
>>>> the whole OS to the memory) the  system.
>>>> 
>>>> Regards,
>>>> 
>>>> Behcet
>>>>  _______________________________________________
>>>> core mailing  list
>>>> core@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/core
>>> 
>>> 
>> _______________________________________________
>> core mailing list
>> core@ietf.org
>> https://www.ietf.org/mailman/listinfo/core
>> 
> 
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email