IETF Logo Mail Archive

Re: [Danish] [EXT] Re: IoT Device Identification with TLSA via Danish

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 19 June 2021 20:25 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1233A1EF9 for <danish@ietfa.amsl.com>; Sat, 19 Jun 2021 13:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NUE2Y-9M3X60 for <danish@ietfa.amsl.com>; Sat, 19 Jun 2021 13:25:21 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC4F03A1EF6 for <danish@ietf.org>; Sat, 19 Jun 2021 13:25:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 0CB0938BC0; Sat, 19 Jun 2021 16:26:45 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fCmiXCOHVFRn; Sat, 19 Jun 2021 16:26:43 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1276038BA5; Sat, 19 Jun 2021 16:26:43 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id F3B73B75; Sat, 19 Jun 2021 16:25:16 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "danish@ietf.org" <danish@ietf.org>
In-Reply-To: <DBBPR08MB59157CFAD3D10DF22248741EFA0C9@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <02cb8931e16c4ccaa6eed1b89c0a20b6@cira.ca> <YMd3Na0Fu+Z+eqzc@straasha.imrryr.org> <90e0d38f1a394b79987b5f1517cc157e@cira.ca> <32259.1623782305@localhost> <DBBPR08MB59157CFAD3D10DF22248741EFA0C9@DBBPR08MB5915.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 19 Jun 2021 16:25:16 -0400
Message-ID: <22616.1624134316@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/-IRf3gCduA1_m8_Iby0Su-5izV8>
Subject: Re: [Danish] [EXT] Re: IoT Device Identification with TLSA via Danish
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jun 2021 20:25:27 -0000

Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > I found this email thread and was wondering about one aspect in the
    > context of authorization lists.

    > Where are these authorization lists stored and who creates them?
    > In what you use cases do you need to configure these authorization lists?

I can't speak for Ash and/or Shumon's projects where some of these
requirements came out of.   I've suggested that it would be great to know
more about some of the experiences that have driven some of their
requirements.

I think that the IoT application operator creates the lists.

I imagine that either an installer scans some (QR?) code on the
sensor/actuator, or perhaps they identify the device to the operations center
by interacting with it.  Somewhat like a brain surgeon poking neurons and
observing what things it moves, or having the person report what they sense.

Or like buzzing out wires: https://en.wikipedia.org/wiki/Signal_tracer

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email