[Dtls-iot] IP Addresses in Certificates
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 15 July 2015 11:08 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F26A1A8709 for <dtls-iot@ietfa.amsl.com>; Wed, 15 Jul 2015 04:08:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cR5cQdNFm9Gy for <dtls-iot@ietfa.amsl.com>; Wed, 15 Jul 2015 04:08:35 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF851A8945 for <dtls-iot@ietf.org>; Wed, 15 Jul 2015 04:07:30 -0700 (PDT)
Received: from [192.168.131.133] ([195.149.223.246]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LjZn2-1YiScq23ZI-00bXPt; Wed, 15 Jul 2015 13:07:28 +0200
Message-ID: <55A63EEF.7010608@gmx.net>
Date: Wed, 15 Jul 2015 13:07:27 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="acQiFwHFvRKn8cpispmiKhWG0mcvRUSVq"
X-Provags-ID: V03:K0:TE/bBVIzNAi2O7iLRZBQ0q4/0SBJmtdpFysMa2AsSMMNdJbU1wa GXPG64iCiLIRVNtoj5MREux54nEigrW0lQj0LMY2HtluiiTXDQA3JwINEzv6NyyF+7efyyb JtP4IzPfvslQYzO6MEJVCZN8kuhU15OZjaF1Fghn8q1SYuQUdF5oYZvH0KD44tcjBZFxofR E3IF7hf7PCV4JKzftNElA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:l1n+ZwrUQoQ=:bcFqzOPGs+MY5kUxTnVD8e udGirafGZQO3V1aiqaEj2pco+sPQ5AEUNoMS/aBiIG0kWy7ha9uvp0zTf+9mTyCcJh0nT4Ims ZyIoFoHLw2BFDUIhFIJ6x+3UsA6xMJu8Xqhuyvlshdz1d9Psc6rqFzS9BD2pcEMFJXModSd3c 1+wD5vZXjOt2wMnAfws4ldx33z4g+eez9+5mDqgSrYzuSx4Yktaqg1mZe0zqavrmvlnwuuI6o 9sUkda8ZDVpqOseVmMKlpM33vvm4ucQD/F4H2x48R4YVnPAbmtsJbopu5FhWwo+rzzScTcMPL qh9at0QZdKYbUS8FEzICeU8ZnwpaUUxa/AkFcvbkg2ont/oHlLY3F6wWAnbCsO6Fubz0ZIGw2 q0yAAcpjwKnopfIFJYUFIJAWyCLVk8gorrBwOQ2bV1gKbe7m7ArrT5irfmIZhwNaEwApT88yt K9clKof8ifYBMyE+AQHFLNr6lYvsSiYciau1yBWVSNNoFDSv6WvqJCSF5DKXKncxMesYwU7Bz nsYrh7f72IPMKH7AcnxTnV46nj3LN8uWTrnduEPBesUUDZ2mqYezWrjrkHjdf8G5tXcpX2m14 JVzMi5tfeTzncoj9/aaxRLKaKzHFJceFyAq2h3fNMtF770kCtcFAAy0orQb6LtPlpiRE086pM rs4c/sb3E/U8t0LsrGapHCkiOTAvuxDpjjv/+WTClRFizVg==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/98pqNY-YVMjQwU-j64A8mnMGjpA>
Subject: [Dtls-iot] IP Addresses in Certificates
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 11:08:37 -0000
Stephen wrote: (5) 6.3: Forgetting CoAP for the moment, surely this profile will be used with devices that only have (possibly bogon) IP addresses and that want to have those in certs. I do get that how to handle that well is not very clear, esp. for certs for e.g. 192.168.0.1, but shouldn't it really be covered by this profile? In general, it is not clear how server-side certificates work with IoT devices that do not use DNS. This motivated us to write a separate document about this topic, see https://tools.ietf.org/html/draft-fossati-core-certmode-rd-names-01 For client certificates it does not really matter that much what you put into the certificates since the content is only matched against an access control policy (without further interpreting the structure of the identifier). So, are you talking about server or client-side certificates?
- [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson
- Re: [Dtls-iot] IP Addresses in Certificates FOSSATI, Thomas (Thomas)
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Michael StJohns
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Michael StJohns
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson