IETF Logo Mail Archive

Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security

Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp> Tue, 12 July 2011 23:13 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6DAB11E80A4 for <core@ietfa.amsl.com>; Tue, 12 Jul 2011 16:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.089
X-Spam-Level:
X-Spam-Status: No, score=-4.089 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAoOQAjpnm27 for <core@ietfa.amsl.com>; Tue, 12 Jul 2011 16:13:47 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) by ietfa.amsl.com (Postfix) with ESMTP id 3167D11E80A2 for <core@ietf.org>; Tue, 12 Jul 2011 16:13:46 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id p6CNDjbf002149 for <core@ietf.org>; Wed, 13 Jul 2011 08:13:45 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id p6CNDjJ3014011 for core@ietf.org; Wed, 13 Jul 2011 08:13:45 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id JAA13995; Wed, 13 Jul 2011 08:13:44 +0900
Received: from mx.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id p6CNDitB001005 for <core@ietf.org>; Wed, 13 Jul 2011 08:13:44 +0900 (JST)
Received: from tsbpoa.po.toshiba.co.jp by toshiba.co.jp id p6CNDiOV014290; Wed, 13 Jul 2011 08:13:44 +0900 (JST)
Received: from [133.196.16.151] by mail.po.toshiba.co.jp (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTPA id <0LO800FVSTUW03E0@mail.po.toshiba.co.jp> for core@ietf.org; Wed, 13 Jul 2011 08:13:44 +0900 (JST)
Date: Wed, 13 Jul 2011 08:13:15 +0900
From: Yoshihiro Ohba <yoshihiro.ohba@toshiba.co.jp>
In-reply-to: <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com>
To: core@ietf.org
Message-id: <4E1CD50B.6090505@toshiba.co.jp>
MIME-version: 1.0
Content-type: text/plain; charset="ISO-2022-JP"
Content-transfer-encoding: 7bit
References: <1310490517.84307.YahooMailRC@web111403.mail.gq1.yahoo.com> <96EBDFA8-7693-4A46-BA3A-6085A790B1DF@gmx.net> <1310498755.53153.YahooMailRC@web111406.mail.gq1.yahoo.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
Subject: Re: [core] Bootstrap in draft-ohba-core-eap-based-bootstrapping and draft-garcia-core-security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2011 23:13:52 -0000

Hi Hannes, Bahcet,

Please see my comments below.

(2011/07/13 4:25), Behcet Sarikaya wrote:
> Hi Hannes (Kelly and Rene who replied to me only),
> 
> 
> Let me clarify.
> 
> I checked the Wiki page, it is about what I talked, i.e. bootstrapping your PC.
> I am OK with it.
> 
> In Core WG drafts, draft-ohba is about "bootstrapping" CoAP applications,
> establishing a secure channel between the CoAP client and CoAP server.
> 

Yes.

> As such it assumes a secure IP communication which is what we cover in
> draft-sarikaya.
> 
> I think that establishing a secure channel between the CoAP client and CoAP
> server should not be called bootstrapping.

For example, RFC 4640 discuss "bootstrapping MIPv6", and in its abstract:

"A mobile node needs at least the following information: a home
address, a home agent address, and a security association with home
agent to register with the home agent.  The process of obtaining this
information is called bootstrapping."

This means that bootstrapping MIPv6 security is part of bootstrapping
MIPv6.

Following the same logic, I think bootstrapping CoAP security can be
considered as part of bootstrapping CoAP application.

> 
> OTOH, draft-garcia is totally chaotic about "bootstrapping". In Section 3 it
> talks about  trust bootstrapping between nodes of
>     different vendors. Then it talks about bootstrapping phase/procedures.
> Later on they mention the bootstrapping of security keys.
> 
> Section 5.2 Bootstrapping of a Security Domain
> In Section 5.2.2 it tries to give a definition to bootstrapping.
> 
> My suggestions are:
> 
> for draft-ohba: please do not use bootstrapping, otherwise your draft is clear
> enough.

Since the term bootstrapping is already used for MIPv6 case, I think
it can still use the term, but I agree that the draft should say
bootstrapping CoAP security instead of bootstrapping CoAP application.

Regards,
Yoshihiro Ohba



> 
> for draft-garcia: This draft talks about so many things. In most places, what it
> refers to as bootstrapping and the description match what is covered in the
> original document which is draft-sarikaya. I suggest removing all those sections
> about bootstrapping because they are mostly repeating what we already had. Stay
> with whatever remains and see if it is worth to have such a document.
> 
> Regards,
> 
> Behcet
> 
> 
> 
>> Hi Behcet,
>>
>> I agree with you that the term "bootstrapping" is not very  helpful.
>>
>> There are three cases:
>>
>> a) Key Distribution and Key  Derivation
>>
>> Here an existing keying material is used to derive other  keying material or to
>> use securely distribute keying material.
>>
>> draft-ohba-core-eap-based-bootstrapping and
>>
>> b) Bootstrapping (in  terms of operating systems procedures)
>>
>> See description in  http://en.wikipedia.org/wiki/Bootstrapping_%28computing%29
>>
>> draft-garcia-core-security  seems to refer to this aspect, I believe.
>>
>> c) Establishing initial  keying material in a leap of faith style.
>>
>> Example: Bluetooth pairing  protocol
>> http://tools.ietf.org/html/draft-pritikin-ttimodel-01 also discusses  these
>> aspects.
>>
>> Here the terms used are imprinting, pairing, enrollment, and  introduction are
>> used to describe
>>
>>
>> Ciao
>> Hannes
>>
>> On Jul 12, 2011,  at 8:08 PM, Behcet Sarikaya wrote:
>>
>>> Hi all,
>>>   It seems  that the word bootstrapping has been used and overused in so many
> 
>>>   drafts (including draft-ohba-core-eap-based-bootstrapping and
>>>   draft-garcia-core-security) and I suggest that we clarify this.
>>>
>>>   Colin had a draft on
>>> Initial Configuration of Resource-Constrained  Devices
>>> called draft-oflynn-6lowapp-bootstrapping submitted on Jan. 2010  in which he
>>
>>> defined bootstrapping ashow to initially     configure the network.
>>>
>>> Later on we continued this work on where  Colin left
>>> indraft-sarikaya-core-sbootstrapping.
>>>
>>> I  think that the definition Colin gave to bootstrapping is the right one. It
>>
>>> matches with the historical use of bootstrapping in computers: you  bootstrap
>>
>>> your computer to initially configure it by a physical action  (pressing a
>> button)
>>
>>> which loads a small record to the memory which when  executed bootstraps
>> (brings
>>
>>> the whole OS to the memory) the  system.
>>>
>>> Regards,
>>>
>>> Behcet
>>>   _______________________________________________
>>> core mailing  list
>>> core@ietf.org
>>> https://www.ietf.org/mailman/listinfo/core
>>
>>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core
>

v2.23.0 | Report a Bug | By Email