IETF Logo Mail Archive

Re: [Danish] Proposed WG Charter

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 15 June 2021 19:49 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD46B3A3BAF for <danish@ietfa.amsl.com>; Tue, 15 Jun 2021 12:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXyUGQTimmEo for <danish@ietfa.amsl.com>; Tue, 15 Jun 2021 12:49:01 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3A4B3A3BAD for <danish@ietf.org>; Tue, 15 Jun 2021 12:49:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A514138C2A; Tue, 15 Jun 2021 15:50:11 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id SoByJKLoSBTo; Tue, 15 Jun 2021 15:50:10 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5882038C23; Tue, 15 Jun 2021 15:50:10 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 657CE240; Tue, 15 Jun 2021 15:48:59 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Paul Wouters <paul@nohats.ca>, Ash Wilson <ash.wilson@valimail.com>, danish@ietf.org
In-Reply-To: <d997ea8-9fc8-712-e22-fac64b401ab6@nohats.ca>
References: <YMZwG/l/pne2tHJF@straasha.imrryr.org> <A7723DDA-3B78-46AD-9449-B6DF7F211706@nohats.ca> <CAEfM=vSd7CuK58W=eX86GYaxKKBfOs8z1mnQQVXnrXf9x-co0g@mail.gmail.com> <d997ea8-9fc8-712-e22-fac64b401ab6@nohats.ca>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 15 Jun 2021 15:48:59 -0400
Message-ID: <21927.1623786539@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/XFVgTEuKDBfRMqs9s7B76x2ptd0>
Subject: Re: [Danish] Proposed WG Charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 19:49:09 -0000

Paul Wouters <paul@nohats.ca> wrote:
    > But the price of this method is revealing the DNS FQDN and IP of the IoT
    > device. I can't come up with a use case where an IoT device would gain
    > more than it loses from announcing to the world who it is and where it is.

Any communication from location FOO to MQTT server BAR, announces the device
to anyone that can see the traffic.

TLS1.3 does not send certificates in the clear, so neither would it send
TLS Client IDs to get the certificate in the clear.

By making TLS client side certificate authentication easier to manager, we
eliminate (default!) passwords in the device.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email