Re: [dhcwg] DHCP and DHCPv6 options for LWM2M services

Srinivasa Rao Nalluri <srinivasa.rao.nalluri@ericsson.com> Tue, 10 January 2017 03:58 UTC

Return-Path: <srinivasa.rao.nalluri@ericsson.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45E3129A75 for <dhcwg@ietfa.amsl.com>; Mon, 9 Jan 2017 19:58:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9hJHj8mONw3q for <dhcwg@ietfa.amsl.com>; Mon, 9 Jan 2017 19:58:16 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 872B6129A76 for <dhcwg@ietf.org>; Mon, 9 Jan 2017 19:58:15 -0800 (PST)
X-AuditID: c1b4fb25-3f77f980000042ea-f5-58745bd5451c
Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.183.51]) by (Symantec Mail Security) with SMTP id 0B.C8.17130.5DB54785; Tue, 10 Jan 2017 04:58:13 +0100 (CET)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.51) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 10 Jan 2017 04:58:10 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oawiDCxMNhpQjbmqF7zl7g3MWG1H+aKJ3FaDObfNERw=; b=XgxDrX4OA1ELY3yUFFDU/5mhjWIIPL3khlVGLTAYgRyebVsF9iQdAsYjY7gnTLoHghrLMR+kuWvDKuwG+uv9PWBCapN8aK6qrOWo2fqAcfljDAAEXPGk/aA9Z0L31k9a9IG/v4tzHLfNrjbgyW6UMDty/YUcvQeCtJdL3JEFyFI=
Received: from HE1PR0701MB1914.eurprd07.prod.outlook.com (10.167.189.18) by AM2PR07MB0978.eurprd07.prod.outlook.com (10.162.37.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.6; Tue, 10 Jan 2017 03:58:09 +0000
Received: from HE1PR0701MB1914.eurprd07.prod.outlook.com ([10.167.189.18]) by HE1PR0701MB1914.eurprd07.prod.outlook.com ([10.167.189.18]) with mapi id 15.01.0829.017; Tue, 10 Jan 2017 03:58:07 +0000
From: Srinivasa Rao Nalluri <srinivasa.rao.nalluri@ericsson.com>
To: Ted Lemon <mellon@fugue.com>
Thread-Topic: [dhcwg] DHCP and DHCPv6 options for LWM2M services
Thread-Index: AdJqRXTE4zv4sumCQiCdFGjUYw4CPAAPiYsAABwroFA=
Date: Tue, 10 Jan 2017 03:58:07 +0000
Message-ID: <HE1PR0701MB1914138E2293BA8C976DC9C2DE670@HE1PR0701MB1914.eurprd07.prod.outlook.com>
References: <HE1PR0701MB191453938CCDD842F97014F3DE640@HE1PR0701MB1914.eurprd07.prod.outlook.com> <0827A698-2AF7-4D16-87BE-A86BC8E44C63@fugue.com>
In-Reply-To: <0827A698-2AF7-4D16-87BE-A86BC8E44C63@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=srinivasa.rao.nalluri@ericsson.com;
x-originating-ip: [125.16.137.146]
x-ld-processed: 92e84ceb-fbfd-47ab-be52-080c6b87953f,ExtAddr
x-microsoft-exchange-diagnostics: 1; AM2PR07MB0978; 7:A4n7QHIcQb/Gj9k0n/dLo+kbcwvqz8kRA9LWvwQTo5xaLeqnlEycDA/HFZHlDfp1+/JG2GJZoWh+OsccKAgUgSvUPs2V6crtSUFzN6MVVHyvF7tqYAplmYJOKy4+DzJ2+1tR4Kt7EpzFCjVw1m05fa6OBChCoxrdh+0+Rm6whkS8Jf44lV4KFzvx3njxSS49XN2sJxE2OK0l51IyZ/ZIlLhSBG2ArZ3kmmhFxXvMvwBqvy71SyeTYwDSiTDfWosgmPR8ioq+vK8dFQ3ZWb2rN5tFmbcB+qU9XNZsJwNKA6ImxGLMMTFoUByDJBdBnJjLGObMgLRn7sN5iPC/XbLZMt76USDV1/ooCYD1JrHF+MggOHouFuA8pI8HHr2X3s3kNMp81LqvNuYxvsEA+we7a5VJ6dt5qUYbuFiNZ8/YnuH/8yEOXe1GABb6PukLTiBOgYs6R9GKXRpHwp1frAfIHA==
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10009020)(7916002)(39450400003)(189002)(24454002)(199003)(377454003)(6916009)(2950100002)(3846002)(790700001)(102836003)(6116002)(66066001)(19609705001)(92566002)(33656002)(2906002)(189998001)(107886002)(54906002)(55016002)(97736004)(99286003)(229853002)(6506006)(86362001)(7696004)(6436002)(110136003)(25786008)(606005)(5660300001)(77096006)(38730400001)(2900100001)(9686003)(6306002)(236005)(54896002)(68736007)(122556002)(3660700001)(76176999)(54356999)(50986999)(81156014)(81166006)(8676002)(4326007)(101416001)(4001430100002)(7736002)(105586002)(8936002)(7906003)(74316002)(106356001)(3280700002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM2PR07MB0978; H:HE1PR0701MB1914.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
x-ms-office365-filtering-correlation-id: 72694cf9-0b03-40c1-cbb9-08d4390ce2c2
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM2PR07MB0978;
x-microsoft-antispam-prvs: <AM2PR07MB09785ADA9D2A038CBFC05E26DE670@AM2PR07MB0978.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(37575265505322)(158342451672863)(192374486261705)(21748063052155)(21532816269658);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123560025)(20161123558021)(20161123555025)(20161123562025)(20161123564025)(6072148); SRVR:AM2PR07MB0978; BCL:0; PCL:0; RULEID:; SRVR:AM2PR07MB0978;
x-forefront-prvs: 01834E39B7
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB1914138E2293BA8C976DC9C2DE670HE1PR0701MB1914_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jan 2017 03:58:07.0644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR07MB0978
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHe885m8fp6nV5eVA/2Mg+GGqpyBRL/SaBIX2ooaROPV7w2s60 vIFGinnB8H4pnGlqulJDKsgSp2ipeUmkoeQlFxQN0gw0wtW2d4Hffv/Ly/Pw8LK0pE/gyqZl qThlliJDKhQxrfIX/t4rMSr5uZKx07JPFXeQzKCZpMKoiNuLPTYR3d2/qSgqWhSSxGWk5XFK 34vxotTRyklhzmzRrZ3aH6gEabMrEcsCDoAFjXMlErES/BTB7HCLkIi3CO6XvkdmweAaGlbK dqxJMwV3hwYYImYQHDQ2mBJbVojDoKnpi4UdsQc8mNNQ5hKN9xBstO9S5oEncShUjYWRThgM HlZZ+8FQMT0jNFcY7AldvYVmW4zjoWFVY0Nm1SNoLv1ImQNbfAHmdFO0mRF2hv0ZjcWnsQus 6jssDBhD9+gCTdgJvm0bBaTPQfu0zupLQa8bRoRDoKWqmTYPA1zNgGG3VEBEmxBmpyasLyJh fmaJJteLhNHtKGKnQ91Bhw3hIlC/0jOE2yj4uu1N2B3WNslyEtMSvU/K0D3k1XZkb8LZMDZi YNosB3CAd616hvg+oDPdmvBZ6On8ThP2hhajljnqq5FNP3LiOT4hM8XP34dTpiXyfHaWTxan eoZM/2d85I/nS7RsCNcizCKpvXjHSSWXCBR5fH6mFgFLSx3F29EmS5ykyC/glNlxytwMjtci N5aRuogDH29ck+AUhYpL57gcTvk/pVhb1xIkPBW6NWCoW+sSbCbU1h/GeKxfeh4eu96vzhsx 5sbyNVRAkGI2eWDj59b8dfsqv2Mrmbl1e2t8cWfLNabxyn6xeqiczw+8bHejWvZZMeQWfHxl 6OHfM2m/rnba3fRNEZXKP2jfJI8nFgaXLy69PuHe5ZAStFwwKDPmbU3Mt/Y9ipMyfKrivBet 5BX/AKackrc7AwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/elGSns8S4H_7HaU4ocxwUuuGK4M>
Cc: Amit Gupta X <amit.x.gupta@ericsson.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, =?iso-8859-1?Q?Ari_Ker=E4nen?= <ari.keranen@ericsson.com>, =?iso-8859-1?Q?Jaime_Jim=E9nez?= <jaime.jimenez@ericsson.com>, Jan Melen <jan.melen@ericsson.com>
Subject: Re: [dhcwg] DHCP and DHCPv6 options for LWM2M services
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 03:58:18 -0000

Hello Ted Lemon,

If I understand correct, you are asking how certificate supplied through DHCP option is validated.

The certificate supplied through DHCP option is not validated but it can be used to validate certificate offered by LWM2M server during LWM2M bootstrapping phase.

Instead of hardcoding root certificate in device by manufacturer, we are proposing to obtain same through DHCP option.

In case I misunderstood your question, please elaborate same.

With Regards
Srinivas

From: Ted Lemon [mailto:mellon@fugue.com]
Sent: Monday, January 09, 2017 7:51 PM
To: Srinivasa Rao Nalluri
Cc: dhcwg@ietf.org; Ari Keränen; Jan Melen; Jaime Jiménez; Amit Gupta X
Subject: Re: [dhcwg] DHCP and DHCPv6 options for LWM2M services

How would this be validated?

On Jan 9, 2017, at 2:00 AM, Srinivasa Rao Nalluri <srinivasa.rao.nalluri@ericsson.com<mailto:srinivasa.rao.nalluri@ericsson.com>> wrote:

Hi,

Considering growing popularity of Internet of Things and relevant protocols like LWM2M/CoAP/MQTT, we in Ericsson see need for new DHCP options to make LWM2M service deployment easy and flexible.

Light weight machine to machine (LWM2M) protocol is used to manage end device life cycle in machine to machine communication scenarios.
LWM2M device bootstrap is an optional life cycle phase for devices to  get needed information when starting up for first time.  Information
gathered during bootstrapping might include management server details  and security certificates required to establish connectivity with
management server.  Information required to connect with bootstrap  server might be hard coded during device manufacturing phase.

Hard coding configuration by device manufacturer forces device  operator to use same configuration as hard coded.  It is possible
that reachability information of bootstrap server that is hard coded may be outdated and boot strap server reachability might fail during
first use of device.  In such cases connectivity with bootstrap server is possible only through device software upgrade.

So, we see need to introduce two options to support LWM2M server URL and LWM2M server certificate that validates public key provided by LWM2M server. Thus bootstrap related information can be gathered by LWM2M client during DHCP/DHCPv6 negotiation phase. Draft available at below link describes details.

https://www.ietf.org/internet-drafts/draft-nalluri-dhc-dhcpv6-lwm2m-bootstrap-options-01.txt

This draft considers options for both DHCP and DHCPv6.

I would like this draft to be considered by DHC working group as work item. Please contact me for any further details.


With Regards
Srinivasa Rao Nalluri
Ericssion
India
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org<mailto:dhcwg@ietf.org>
https://www.ietf.org/mailman/listinfo/dhcwg