Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Tue, 12 July 2011 23:13 UTC
Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6DAB11E80A4 for <core@ietfa.amsl.com>; Tue, 12 Jul 2011 16:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAoOQAjpnm27 for <core@ietfa.amsl.com>; Tue, 12 Jul 2011 16:13:47 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id 3167D11E80A2 for <core@ietf.org>; Tue, 12 Jul 2011 16:13:46 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id p6CNDjbf002149 for <core@ietf.org>; Wed, 13 Jul 2011 08:13:45 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id p6CNDjJ3014011 for core@ietf.org; Wed, 13 Jul 2011 08:13:45 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id JAA13995; Wed, 13 Jul 2011 08:13:44 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id p6CNDitB001005 for <core@ietf.org>; Wed, 13 Jul 2011 08:13:44 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id p6CNDiOV014290; Wed, 13 Jul 2011 08:13:44 +0900 (JST)
Received: from [133.196.16.151] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0LO800FVSTUW03E0@mail.po.toshiba.co.jp> for core@ietf.org; Wed, 13 Jul 2011 08:13:44 +0900 (JST)
Date: Wed, 13 Jul 2011 08:13:15 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com>
To: core@ietf.org
Message-id: <4E1CD50B.6090505@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <1310490517.84307.YahooMailRC@web111403.mail.gq1.yahoo.com> <96EBDFA8-7693-4A46-BA3A-6085A790B1DF@gmx.net> <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
Subject: Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2011 23:13:52 -0000
Hi Hannes, Bahcet, Please see my comments below. (2011/07/13 4:25), Behcet Sarikaya wrote: > Hi Hannes (Kelly and Rene who replied to me only), > > > Let me clarify. > > I checked the Wiki page, it is about what I talked, i.e. bootstrapping your PC. > I am OK with it. > > In Core WG drafts, draft-ohba is about "bootstrapping" CoAP applications, > establishing a secure channel between the CoAP client and CoAP server. > Yes. > As such it assumes a secure IP communication which is what we cover in > draft-sarikaya. > > I think that establishing a secure channel between the CoAP client and CoAP > server should not be called bootstrapping. For example, RFC 4640 discuss "bootstrapping MIPv6", and in its abstract: "A mobile node needs at least the following information: a home address, a home agent address, and a security association with home agent to register with the home agent. The process of obtaining this information is called bootstrapping." This means that bootstrapping MIPv6 security is part of bootstrapping MIPv6. Following the same logic, I think bootstrapping CoAP security can be considered as part of bootstrapping CoAP application. > > OTOH, draft-garcia is totally chaotic about "bootstrapping". In Section 3 it > talks about trust bootstrapping between nodes of > different vendors. Then it talks about bootstrapping phase/procedures. > Later on they mention the bootstrapping of security keys. > > Section 5.2 Bootstrapping of a Security Domain > In Section 5.2.2 it tries to give a definition to bootstrapping. > > My suggestions are: > > for draft-ohba: please do not use bootstrapping, otherwise your draft is clear > enough. Since the term bootstrapping is already used for MIPv6 case, I think it can still use the term, but I agree that the draft should say bootstrapping CoAP security instead of bootstrapping CoAP application. Regards, Yoshihiro Ohba > > for draft-garcia: This draft talks about so many things. In most places, what it > refers to as bootstrapping and the description match what is covered in the > original document which is draft-sarikaya. I suggest removing all those sections > about bootstrapping because they are mostly repeating what we already had. Stay > with whatever remains and see if it is worth to have such a document. > > Regards, > > Behcet > > > >> Hi Behcet, >> >> I agree with you that the term "bootstrapping" is not very helpful. >> >> There are three cases: >> >> a) Key Distribution and Key Derivation >> >> Here an existing keying material is used to derive other keying material or to >> use securely distribute keying material. >> >> draft-ohba-core-eap-based-bootstrapping and >> >> b) Bootstrapping (in terms of operating systems procedures) >> >> See description in http://en.wikipedia.org/wiki/Bootstrapping_%28computing%29 >> >> draft-garcia-core-security seems to refer to this aspect, I believe. >> >> c) Establishing initial keying material in a leap of faith style. >> >> Example: Bluetooth pairing protocol >> http://tools.ietf.org/html/draft-pritikin-ttimodel-01 also discusses these >> aspects. >> >> Here the terms used are imprinting, pairing, enrollment, and introduction are >> used to describe >> >> >> Ciao >> Hannes >> >> On Jul 12, 2011, at 8:08 PM, Behcet Sarikaya wrote: >> >>> Hi all, >>> It seems that the word bootstrapping has been used and overused in so many > >>> drafts (including draft-ohba-core-eap-based-bootstrapping and >>> draft-garcia-core-security) and I suggest that we clarify this. >>> >>> Colin had a draft on >>> Initial Configuration of Resource-Constrained Devices >>> called draft-oflynn-6lowapp-bootstrapping submitted on Jan. 2010 in which he >> >>> defined bootstrapping ashow to initially configure the network. >>> >>> Later on we continued this work on where Colin left >>> indraft-sarikaya-core-sbootstrapping. >>> >>> I think that the definition Colin gave to bootstrapping is the right one. It >> >>> matches with the historical use of bootstrapping in computers: you bootstrap >> >>> your computer to initially configure it by a physical action (pressing a >> button) >> >>> which loads a small record to the memory which when executed bootstraps >> (brings >> >>> the whole OS to the memory) the system. >>> >>> Regards, >>> >>> Behcet >>> _______________________________________________ >>> core mailing list >>> core@ietf.org >>> https://www.ietf.org/mailman/listinfo/core >> >> > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core >
- [core] Bootstrap in draft-ohba-core-eap-based-boo… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Yoshihiro Ohba
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Behcet Sarikaya
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Hannes Tschofenig
- Re: [core] Bootstrap in draft-ohba-core-eap-based… Yoshihiro Ohba