Re: [Dtls-iot] Updated BOF information

["Kumar, Sandeep" <sandeep.kumar@philips.com>]

Hi Göran and all

I share the view that authorization is important for constrained devices, and key provisioning during this process provides advantages. However the final solution should also look at the larger problem of bootstrapping, general key management and revocation which are all inter-related in some way. Reusing DTLS for this would be preferred to reduce the need for yet another security protocol on these devices. We had a draft in LWIG (draft-keoh-lwig-dtls-iot-01) which discusses the use of DTLS for the key management, we assumed authorizations were being done with acls. And as Sye mentioned during CoRe, we had some similar work done with assertions and would be interested to join any discussions you guys plan to have.

Regards
Sandeep


From: dtls-iot-bounces@ietf.org [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Göran Selander
Sent: Tuesday, July 30, 2013 2:24 PM
To: Zach Shelby; dtls-iot@ietf.org
Subject: Re: [Dtls-iot] Updated BOF information

Hi Zach,

Sorry for being out of sync. You answered 1-2 before I sent my mail. And we maintain the coordination with CORE by keeping the discussion on that list.

On point 3, that is also about "optimising the use of DTLS in IoT" so is addressing the high level scope of DICE. I can't say yet if there is any impact on the DTLS profile or group keys with the DTLS record layer but we can take this discussion in the DICE BOF.


Thanks,
Göran


From: Göran Selander <goran.selander@ericsson.com<mailto:goran.selander@ericsson.com>>
Date: Tuesday, July 30, 2013 12:32 PM
To: Corinna Schmitt <schmitt@ifi.uzh.ch<mailto:schmitt@ifi.uzh.ch>>, Olaf Bergmann <bergmann@tzi.org<mailto:bergmann@tzi.org>>
Cc: Zach Shelby <zach@sensinode.com<mailto:zach@sensinode.com>>, "dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>" <dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>>
Subject: Re: [Dtls-iot] Updated BOF information

Hi Corinna, Olaf,

I'm also interested in this discussion.

I didn't intend to complain on lack of feedback. Here are my concerns:

  1.  To find a home for work on authorization and access control in constrained environments. The proposals on the table are really building on DTLS and COAP, so either CORE or DICE seems right to me. In the CORE WG there were a set of people showing hands of interest.
  2.  To be able to work on this now as there is a potential dependence on other ongoing things (e.g. access control in resource directory).
  3.  To make sure that the CORE and "DTLS in constrained environments"-related questions brought up in these drafts are coordinated with CORE and DICE. This includes stuff like DTLS client and server key provisioning schemes alternative to the CoAP security modes and the use of these for DoS mitigation in DTLS.
Regards,
Göran



From: Corinna Schmitt <schmitt@ifi.uzh.ch<mailto:schmitt@ifi.uzh.ch>>
Date: Tuesday, July 30, 2013 11:51 AM
To: Olaf Bergmann <bergmann@tzi.org<mailto:bergmann@tzi.org>>
Cc: Zach Shelby <zach@sensinode.com<mailto:zach@sensinode.com>>, "dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>" <dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>>
Subject: Re: [Dtls-iot] Updated BOF information

Dear Olaf,

thanks for your remark.
I think authentication is a big topic especially for constraint devices.

And yes, I agree for team up.
Due to many travelling I will arrive in Berlin late afternoon and have to leave tomorrow evening again.
Perhaps we can find some time to discuss it  as soon as possible. Tomorrow morning I am free. So if any one has time we can meet.
I stay at the Pestana Berlin Tiergarten, but will be at the meeting location after breakfast.

For the dinner tonight I have no ticket. So I cannot join if no one has one for me.

Regards,
Corinna




Am 30.07.13 10:20, schrieb Olaf Bergmann:

Zach Shelby <zach@sensinode.com><mailto:zach@sensinode.com> writes:



Hi Corinna,



On Jul 30, 2013, at 7:16 AM, Corinna Schmitt <schmitt@ifi.uzh.ch><mailto:schmitt@ifi.uzh.ch> wrote:



Just for information concerning our draft

http://tools.ietf.org/html/draft-schmitt-two-way-authentication-for-iot-00:

We already started to implemented a solution and evaluated a little

bit. So we would be glad if our draft will be approved and stay in

DICE.

Your draft was actually discussed yesterday in the CoRE WG meeting in

the scope of general authentication and authorisation in CoRE. This

subject will be out of scope for the first DICE charter as we already

have a couple concrete problems to solve. It is not clear where the

"AA" work will end up, probably in some other new working group, or

maybe in some future re-chartering of DICE.

The discussion yesterday was a bit low on the guidance level how to

proceed. Even if this topic is not the most pressing for DICE, I highly

recommend to work on this space *now*.



Corinna, maybe we could team up with the other authors of the relevant

drafts to find out what the next steps are? We had a quick talk with

Göran yesterday, and he also had the impression that the WG could have

been more active in giving feedback on these drafts.



Gruesse

Olaf

_______________________________________________

dtls-iot mailing list

dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>https://www.ietf.org/mailman/listinfo/dtls-iot

--
[cid:image001.png@01CE8D32.A3327FC0]

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.