IETF Logo Mail Archive

Re: [Dtls-iot] Current dtls-iot charter text - discuss...

Zach Shelby <zach@sensinode.com> Tue, 11 June 2013 19:11 UTC

Return-Path: <zach@sensinode.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E28C21F8FA3 for <dtls-iot@ietfa.amsl.com>; Tue, 11 Jun 2013 12:11:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hy6G+HCXLgkN for <dtls-iot@ietfa.amsl.com>; Tue, 11 Jun 2013 12:11:30 -0700 (PDT)
Received: from auth-smtp.nebula.fi (auth-smtp.nebula.fi [217.30.180.105]) by ietfa.amsl.com (Postfix) with ESMTP id 67A2521F8ECB for <dtls-iot@ietf.org>; Tue, 11 Jun 2013 12:11:29 -0700 (PDT)
Received: from [172.20.10.4] (80-186-8-21.elisa-mobile.fi [80.186.8.21]) (authenticated bits=0) by auth-smtp.nebula.fi (8.13.8/8.13.4) with ESMTP id r5BJBISF008697 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 11 Jun 2013 22:11:20 +0300
Content-Type: multipart/signed; boundary="Apple-Mail=_AFA975CD-2D32-4BB4-B141-3554847CA1FF"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Zach Shelby <zach@sensinode.com>
In-Reply-To: <EAE29B174013F643B5245BA11953A1BE2593FBF2@011-DB3MPN1-031.MGDPHG.emi.philips.com>
Date: Tue, 11 Jun 2013 22:11:18 +0300
Message-Id: <3544BF09-C784-4B6B-8EF5-826FD2D65BA3@sensinode.com>
References: <51B5FFF9.9010908@cisco.com>, <CDDB540E.216E1%d.sturek@att.net> <EAE29B174013F643B5245BA11953A1BE2593FBF2@011-DB3MPN1-031.MGDPHG.emi.philips.com>
To: "Keoh, Sye Loong" <sye.loong.keoh@philips.com>
X-Mailer: Apple Mail (2.1503)
Cc: "paduffy@cisco.com" <paduffy@cisco.com>, Don Sturek <d.sturek@att.net>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2013 19:11:34 -0000

Guys,

I think the revocation issue is a good idea for possible future work in this WG once we've completed our first charter on profiling and multicast. 

Regards,
Zach

On Jun 11, 2013, at 9:57 PM, "Keoh, Sye Loong" <sye.loong.keoh@philips.com> wrote:

> Thanks for the Clarification Don and Paul.
> 
> Indeed, this is a good area of investigation. However, are we too early to explore revocation issues in this BOF? I had the impression that this BOF/WG aims to investigate the use of DTLS for IoT applications, or at least getting DTLS to run "comfortably" together with CoAP would be the primary goal of this activity and revocation is rather independent of this, isn't it?
> 
> BTW, Is there any plan in Zigbee-IP or Zigbee Alliance to investigate Revocation issue?
> 
> cheers
> Sye Loong
> ________________________________________
> From: dtls-iot-bounces@ietf.org [dtls-iot-bounces@ietf.org] on behalf of Don Sturek [d.sturek@att.net]
> Sent: Monday, June 10, 2013 7:02 PM
> To: paduffy@cisco.com; dtls-iot@ietf.org
> Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
> 
> To add onto what Paul wrote......
> 
> ZigBee IP supports white lists/ black lists for network admission but we
> leave it up to the application as to how these lists are created/managed.
> As Paul noted, OCSP or CRL on device certificates is not a scalable
> solution (and in many cases not even desired......)
> 
> To back up Paul's suggestion, it would be great to see this as an area of
> investigation in dlts-iot (or whatever the name becomes!)
> 
> Don
> 
> 
> On 6/10/13 9:34 AM, "Paul Duffy" <paduffy@cisco.com> wrote:
> 
>> Zigbee IP does not mandate use of CRLs or OCSP for device certificates
>> (in IEEE 802.1AR-speak ... the UDevID). Supporting these mechanisms for
>> device certificates on constrained devices and networks, at mass scale,
>> is highly problematic.
>> 
>> Definitely an area for investigation.
>> 
>> 
>> On 6/10/2013 4:48 PM, Keoh, Sye Loong wrote:
>>> Hi Bert,
>>> 
>>> Do you know whether the current IoT Deployments, such as Zigbee-IP
>>> checks the revocation list? Do you foresee Revocation a potentially
>>> serious problem in the future when devices are being replaced,
>>> compromised, and when reselling them?
>>> 
>>> Cheers
>>> Sye Loong
>>> 
>>> -----Original Message-----
>>> From: dtls-iot-bounces@ietf.org [mailto:dtls-iot-bounces@ietf.org] On
>>> Behalf Of Bert Greevenbosch
>>> Sent: vrijdag 7 juni 2013 3:56
>>> To: Zach Shelby; dtls-iot@ietf.org
>>> Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
>>> 
>>> Hi all,
>>> 
>>> I think the following draft fits in the discussion of DTLS-IOT:
>>> http://datatracker.ietf.org/doc/draft-greevenbosch-tls-ocsp-lite/
>>> 
>>> This is quite an early approach to tackling the
>>> revocation/authentication issue in a scalable way. Section 4 discusses
>>> some requirements.
>>> 
>>> The draft certainly is to be seen as work in progress, but it addresses
>>> an issue that requires due attention.
>>> 
>>> Best regards,
>>> Bert
>>> 
>>> 
>>> -----Original Message-----
>>> From: dtls-iot-bounces@ietf.org [mailto:dtls-iot-bounces@ietf.org] On
>>> Behalf Of Zach Shelby
>>> Sent: 2013年6月4日 21:58
>>> To: dtls-iot@ietf.org
>>> Subject: Re: [Dtls-iot] Current dtls-iot charter text - discuss...
>>> 
>>> I know there are several people working on new I-Ds related to this
>>> activity, please let us know what you are working on and if any help is
>>> needed.
>>> 
>>> On Jun 3, 2013, at 10:23 PM, Stephen Farrell
>>> <stephen.farrell@cs.tcd.ie> wrote:
>>> 
>>>> Existing work
>>>> 
>>>> http://www.ietf.org/id/draft-hartke-core-codtls-02.txt
>>>> http://www.ietf.org/id/draft-tschofenig-lwig-tls-minimal-02.txt
>>>> http://www.ietf.org/id/draft-keoh-lwig-dtls-iot-01.txt
>>>> http://www.ietf.org/id/draft-keoh-tls-multicast-security-00.txt
>>>> http://www.ietf.org/id/draft-ietf-tls-oob-pubkey-07.txt
>>>> 
>>>> http://www.ietf.org/id/draft-jennings-core-transitive-trust-enrollment-0
>>>> 1.txt
>>> Regards,
>>> Zach
>>> 
>>> --
>>> Zach Shelby, Chief Nerd, Sensinode Ltd.
>>> http://www.sensinode.com @SensinodeIoT
>>> Mobile: +358 40 7796297
>>> Twitter: @zach_shelby
>>> LinkedIn: http://fi.linkedin.com/in/zachshelby
>>> 6LoWPAN Book: http://6lowpan.net
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> dtls-iot mailing list
>>> dtls-iot@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>> 
>>> ________________________________
>>> The information contained in this message may be confidential and
>>> legally protected under applicable law. The message is intended solely
>>> for the addressee(s). If you are not the intended recipient, you are
>>> hereby notified that any use, forwarding, dissemination, or reproduction
>>> of this message is strictly prohibited and may be unlawful. If you are
>>> not the intended recipient, please contact the sender by return e-mail
>>> and destroy all copies of the original message.
>>> 
>>> _______________________________________________
>>> dtls-iot mailing list
>>> dtls-iot@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dtls-iot
>>> .
>>> 
>> 
>> _______________________________________________
>> dtls-iot mailing list
>> dtls-iot@ietf.org
>> https://www.ietf.org/mailman/listinfo/dtls-iot
> 
> 
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot
> 
> ________________________________
> The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
> 
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot

-- 
Zach Shelby, Chief Nerd, Sensinode Ltd.
http://www.sensinode.com @SensinodeIoT
Mobile: +358 40 7796297
Twitter: @zach_shelby
LinkedIn: http://fi.linkedin.com/in/zachshelby
6LoWPAN Book: http://6lowpan.net

v2.23.0 | Report a Bug | By Email