IETF Logo Mail Archive

Re: [Dtls-iot] Current dtls-iot charter text - discuss...

"Keoh, Sye Loong" <sye.loong.keoh@philips.com> Tue, 11 June 2013 18:58 UTC

Return-Path: <sye.loong.keoh@philips.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E48A421F9967 for <dtls-iot@ietfa.amsl.com>; Tue, 11 Jun 2013 11:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rxXExJ4JR7C for <dtls-iot@ietfa.amsl.com>; Tue, 11 Jun 2013 11:58:24 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0248.outbound.messaging.microsoft.com [213.199.154.248]) by ietfa.amsl.com (Postfix) with ESMTP id 363EC21F9958 for <dtls-iot@ietf.org>; Tue, 11 Jun 2013 11:58:24 -0700 (PDT)
Received: from mail41-db9-R.bigfish.com (10.174.16.233) by DB9EHSOBE012.bigfish.com (10.174.14.75) with Microsoft SMTP Server id 14.1.225.23; Tue, 11 Jun 2013 18:58:23 +0000
Received: from mail41-db9 (localhost [127.0.0.1]) by mail41-db9-R.bigfish.com (Postfix) with ESMTP id 25E54C00116; Tue, 11 Jun 2013 18:58:23 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.55.7.222; KIP:(null); UIP:(null); IPV:NLI; H:mail.philips.com; RD:none; EFVD:NLI
X-SpamScore: -33
X-BigFish: VPS-33(zzbb2dI98dI15d6O9371I542I1432I9251I1447I14ffI217bIdd85kzz1f42h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ah1fc6hzz8275ch1033IL17326ah1954cbh8275bh8275dhz2dh2a8h668h839h945hd25hf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1155h)
Received: from mail41-db9 (localhost.localdomain [127.0.0.1]) by mail41-db9 (MessageSwitch) id 1370977100378612_31372; Tue, 11 Jun 2013 18:58:20 +0000 (UTC)
Received: from DB9EHSMHS032.bigfish.com (unknown [10.174.16.242]) by mail41-db9.bigfish.com (Postfix) with ESMTP id 4E3EFC40046; Tue, 11 Jun 2013 18:58:20 +0000 (UTC)
Received: from mail.philips.com (157.55.7.222) by DB9EHSMHS032.bigfish.com (10.174.14.42) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 11 Jun 2013 18:58:20 +0000
Received: from 011-DB3MMR1-015.MGDPHG.emi.philips.com (10.128.28.99) by 011-DB3MMR1-008.MGDPHG.emi.philips.com (10.128.28.47) with Microsoft SMTP Server (TLS) id 14.2.328.11; Tue, 11 Jun 2013 18:59:47 +0000
Received: from 011-DB3MPN1-031.MGDPHG.emi.philips.com ([169.254.1.27]) by 011-DB3MMR1-015.MGDPHG.emi.philips.com ([10.128.28.99]) with mapi id 14.02.0328.011; Tue, 11 Jun 2013 18:57:49 +0000
From: "Keoh, Sye Loong" <sye.loong.keoh@philips.com>
To: Don Sturek <d.sturek@att.net>, "paduffy@cisco.com" <paduffy@cisco.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Thread-Topic: [Dtls-iot] Current dtls-iot charter text - discuss...
Thread-Index: AQHOYKGKhgVVfinMhE+wOtz3Va6RyZkllauAgAPtWICABY0qcIAAHzCAgAAH2YCAAa8M9w==
Date: Tue, 11 Jun 2013 18:57:49 +0000
Message-ID: <EAE29B174013F643B5245BA11953A1BE2593FBF2@011-DB3MPN1-031.MGDPHG.emi.philips.com>
References: <51B5FFF9.9010908@cisco.com>,<CDDB540E.216E1%d.sturek@att.net>
In-Reply-To: <CDDB540E.216E1%d.sturek@att.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [86.92.83.29]
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: philips.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 18:58:29 -0000

Thanks for the Clarification Don and Paul.

Indeed, this is a good area of investigation. However, are we too early to explore revocation issues in this BOF? I had the impression that this BOF/WG aims to investigate the use of DTLS for IoT applications, or at least getting DTLS to run "comfortably" together with CoAP would be the primary goal of this activity and revocation is rather independent of this, isn't it?

BTW, Is there any plan in Zigbee-IP or Zigbee Alliance to investigate Revocation issue?

cheers
Sye Loong
________________________________________
From: dtls-iot-bounces@ietf.org [dtls-iot-bounces@ietf.org] on behalf of Don Sturek [d.sturek@att.net]
Sent: Monday, June 10, 2013 7:02 PM
To: paduffy@cisco.com; dtls-iot@ietf.org
Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...

To add onto what Paul wrote......

ZigBee IP supports white lists/ black lists for network admission but we
leave it up to the application as to how these lists are created/managed.
 As Paul noted, OCSP or CRL on device certificates is not a scalable
solution (and in many cases not even desired......)

To back up Paul's suggestion, it would be great to see this as an area of
investigation in dlts-iot (or whatever the name becomes!)

Don


On 6/10/13 9:34 AM, "Paul Duffy" <paduffy@cisco.com> wrote:

>Zigbee IP does not mandate use of CRLs or OCSP for device certificates
>(in IEEE 802.1AR-speak ... the UDevID). Supporting these mechanisms for
>device certificates on constrained devices and networks, at mass scale,
>is highly problematic.
>
>Definitely an area for investigation.
>
>
>On 6/10/2013 4:48 PM, Keoh, Sye Loong wrote:
>> Hi Bert,
>>
>> Do you know whether the current IoT Deployments, such as Zigbee-IP
>>checks the revocation list? Do you foresee Revocation a potentially
>>serious problem in the future when devices are being replaced,
>>compromised, and when reselling them?
>>
>> Cheers
>> Sye Loong
>>
>> -----Original Message-----
>> From: dtls-iot-bounces@ietf.org [mailto:dtls-iot-bounces@ietf.org] On
>>Behalf Of Bert Greevenbosch
>> Sent: vrijdag 7 juni 2013 3:56
>> To: Zach Shelby; dtls-iot@ietf.org
>> Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
>>
>> Hi all,
>>
>> I think the following draft fits in the discussion of DTLS-IOT:
>> http://datatracker.ietf.org/doc/draft-greevenbosch-tls-ocsp-lite/
>>
>> This is quite an early approach to tackling the
>>revocation/authentication issue in a scalable way. Section 4 discusses
>>some requirements.
>>
>> The draft certainly is to be seen as work in progress, but it addresses
>>an issue that requires due attention.
>>
>> Best regards,
>> Bert
>>
>>
>> -----Original Message-----
>> From: dtls-iot-bounces@ietf.org [mailto:dtls-iot-bounces@ietf.org] On
>>Behalf Of Zach Shelby
>> Sent: 2013年6月4日 21:58
>> To: dtls-iot@ietf.org
>> Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
>>
>> I know there are several people working on new I-Ds related to this
>>activity, please let us know what you are working on and if any help is
>>needed.
>>
>> On Jun 3, 2013, at 10:23 PM, Stephen Farrell
>><stephen.farrell@cs.tcd.ie> wrote:
>>
>>> Existing work
>>>
>>> http://www.ietf.org/id/draft-hartke-core-codtls-02.txt
>>> http://www.ietf.org/id/draft-tschofenig-lwig-tls-minimal-02.txt
>>> http://www.ietf.org/id/draft-keoh-lwig-dtls-iot-01.txt
>>> http://www.ietf.org/id/draft-keoh-tls-multicast-security-00.txt
>>> http://www.ietf.org/id/draft-ietf-tls-oob-pubkey-07.txt
>>>
>>>http://www.ietf.org/id/draft-jennings-core-transitive-trust-enrollment-0
>>>1.txt
>> Regards,
>> Zach
>>
>> --
>> Zach Shelby, Chief Nerd, Sensinode Ltd.
>> http://www.sensinode.com @SensinodeIoT
>> Mobile: +358 40 7796297
>> Twitter: @zach_shelby
>> LinkedIn: http://fi.linkedin.com/in/zachshelby
>> 6LoWPAN Book: http://6lowpan.net
>>
>>
>>
>>
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>
>> ________________________________
>> The information contained in this message may be confidential and
>>legally protected under applicable law. The message is intended solely
>>for the addressee(s). If you are not the intended recipient, you are
>>hereby notified that any use, forwarding, dissemination, or reproduction
>>of this message is strictly prohibited and may be unlawful. If you are
>>not the intended recipient, please contact the sender by return e-mail
>>and destroy all copies of the original message.
>>
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
>> .
>>
>
>_______________________________________________
>dtls-iot mailing list
>dtls-iot@ietf.org
>https://www.ietf.org/mailman/listinfo/dtls-iot


_______________________________________________
dtls-iot mailing list
dtls-iot@ietf.org
https://www.ietf.org/mailman/listinfo/dtls-iot

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.

v2.23.0 | Report a Bug | By Email