IETF Logo Mail Archive

Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 15 May 2018 08:15 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9152912D77A for <core@ietfa.amsl.com>; Tue, 15 May 2018 01:15:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxB3stscNYIg for <core@ietfa.amsl.com>; Tue, 15 May 2018 01:15:12 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50054.outbound.protection.outlook.com [40.107.5.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 025EE120721 for <core@ietf.org>; Tue, 15 May 2018 01:15:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=67HOgalekUOLSQqHSxnmJGzktiUncj0/bAJTfBj/VJo=; b=bUXhlFvnOPlEEK+XXdu/64rk/piLatItMZAJPngb2RxDC/GMKd8VonZihLRKsFs7CeP0hq0nWYAVbzqhBg4HQdkdZlgPq5W6afbHkFBZtT3Bqg8GL96wNuhtCqkrM4aPo8ZzgLNlmQFlDtluJ7e9a6TI+2uOKBAMkVYCA2IDXOk=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB2736.eurprd08.prod.outlook.com (10.166.199.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Tue, 15 May 2018 08:15:09 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::7c43:c1a5:4f69:5365]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::7c43:c1a5:4f69:5365%17]) with mapi id 15.20.0755.018; Tue, 15 May 2018 08:15:07 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>, "consultancy@vanderstok.org" <consultancy@vanderstok.org>
CC: "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft
Thread-Index: AdPmCfncz1IX5t6GRJaeO0C+mMHM9QAlTHGAAV/KmAAAAWEEwA==
Date: Tue, 15 May 2018 08:15:07 +0000
Message-ID: <VI1PR0801MB2112CCC0F54274336BFE3EB7FA930@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112B9A4410DA3EDE39183BEFA9B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <9970c70fea6ea457c74c8ae3ca303f76@xs4all.nl> <4EBB3DDD0FBF694CA2A87838DF129B3C01F48F8A@DEFTHW99EL4MSX.ww902.siemens.net>
In-Reply-To: <4EBB3DDD0FBF694CA2A87838DF129B3C01F48F8A@DEFTHW99EL4MSX.ww902.siemens.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [156.67.194.220]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2736; 7:MCDXSzfYxh9QWEmRgD4+jRMN2qc5B2EJ2Wj2Y/E7E7uW2zzg1JsgJJfjYafWHbqE7DyvdqyW+bRXAJJK3aTONJupBqEgd4E1QC8m51fnqQXMjXRmEQT8gW4WC1RBLtxTgTzbACvlDwkQk7bbs3KnSdYpc+I4kbl4OH4IBlseK9oRgwJlY8mJVHCnaceBocKNe6SPFoyIxkNFsfHSu1sU1kTWESHS1iUr4EVvr2PnhzldtnyNyZlZqMz9pUnZy5pF
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB2736;
x-ms-traffictypediagnostic: VI1PR0801MB2736:
x-microsoft-antispam-prvs: <VI1PR0801MB273617A64964B00E8662BD32FA930@VI1PR0801MB2736.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:VI1PR0801MB2736; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB2736;
x-forefront-prvs: 0673F5BE31
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(39860400002)(366004)(39380400002)(189003)(199004)(40434004)(97736004)(316002)(476003)(68736007)(5890100001)(2501003)(3660700001)(486006)(446003)(5250100002)(72206003)(478600001)(66066001)(33656002)(3280700002)(25786009)(2906002)(2900100001)(110136005)(105586002)(6116002)(106356001)(7696005)(186003)(99286004)(6436002)(5660300001)(229853002)(81156014)(11346002)(55016002)(86362001)(9686003)(14454004)(102836004)(8676002)(81166006)(3846002)(26005)(7736002)(59450400001)(53936002)(74316002)(305945005)(4326008)(8936002)(6246003)(6506007)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2736; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: aNP2qQC90lfBf72KQDta6q3vVD7nx5cAgd4aXtqleCqBFrLckGH+44TczmHQ8T/+0hnbSqRFyPtMyIFTKeI/v5R1MzE5z5Su1bqpmOAwCNdh0vlQZcf+6A9WoUjgIfsu5rkcC50aeEE1YGLJMkRpLudfMDVFbrykmAXXGK0d4ioaPNdmgei8J2DgA3v+0xXt
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 21e008c8-ccbc-447d-5286-08d5ba3bf89c
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 21e008c8-ccbc-447d-5286-08d5ba3bf89c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2018 08:15:07.8686 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2736
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/ygedf-gkZOCZfaPQjE5JzAu_oFg>
Subject: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2018 08:15:14 -0000

@Hannes: Could you provide some more detail, how exactly the Endpoint Client Name is extracted from "security context"? Overall, I like this, but we should provide concrete text on how people should do it.

You want to store the security context on the server side and the Endpoint Client Name points to the identifier part of it.
(Other parts of the security context will be relevant for other purposes.)

 * For PSK-based credential the Endpoint Client Name becomes the PSK Identity
 * For raw-public keys the Endpoint Client Name becomes the SubjectPublicKeyInfo structure (or a hash of it).
 * For certificates the Endpoint Client Name becomes the leftmost CN component of subject name or the SubjectAltName of the certificate, depending on what you use.

Ciao
Hannes


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email