Re: [Dtls-iot] Secure Time (again)
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 11 August 2015 14:46 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 055CD1A901F for <dtls-iot@ietfa.amsl.com>; Tue, 11 Aug 2015 07:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KXjCLlEo_JG7 for <dtls-iot@ietfa.amsl.com>; Tue, 11 Aug 2015 07:46:24 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D4771A8FD6 for <dtls-iot@ietf.org>; Tue, 11 Aug 2015 07:46:24 -0700 (PDT)
Received: from [192.168.131.134] ([80.92.114.74]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0M6AbC-1YaEsu41Ws-00y63M; Tue, 11 Aug 2015 16:46:23 +0200
Message-ID: <55CA0AAB.8070808@gmx.net>
Date: Tue, 11 Aug 2015 16:46:03 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Ludwig Seitz <ludwig@sics.se>, dtls-iot@ietf.org
References: <55C4D1CE.6010802@gmx.net> <55C79A90.5070900@nthpermutation.com> <55C9CFB4.5070702@gmx.net> <CABcZeBPfV9fmu_67sT0ewf+dRy5Ww4_nZUeQyhBQ9+RsHb_g2g@mail.gmail.com> <55CA0692.9000509@gmx.net> <55CA0837.5050008@nthpermutation.com> <55CA0A5C.1020304@sics.se>
In-Reply-To: <55CA0A5C.1020304@sics.se>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="KuD44OwpArnKJgBjpqTbXmCiRJNRl6Qci"
X-Provags-ID: V03:K0:+bbZs6eHhgdT0fWu6rPtseZ1mBkbmjDpHCNlgEXhNCsPd+loJCw lefeQZVHRdQ4ZUkXBlRfIB+J1TiZVXA1LEZ/J2pkIclqaJh9UxWFNC35RaFFPIeIs+r8I/V Nlu4AbTtK3t2XmIeU2JNCiktDrVTAjKZKx6+COdxomVLb1FPeYjFmb+qvwClskje6ma91Yj DUFUcXkcmydfg7WXAMVZQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:noE6CwK8X9g=:3ofq0WqsXbNAjH9wiGiQi1 lFSLBzjvG/x2w2eqtHPTeAde5xnzKi+vKxFnjrbtgIvV0OT+VvOnMcTmAtzyFwXgpeJbbyXVA nZlD0Y3OcunlJCvT1s9ltk4oj+xodzu1x63QPsQrfDGACtWuUZh2EL2PxKv2o5ZWnrpkoTqDu MrNVGLMMo2Vi74HJ80Va04699MetR/Xzb9AriPwvYEygf3tQQ39NgG2cZhOpArU74xg120+ZC k/cXt4nA6fhILKnP7IA6GwZoFiwKWA6R+OEv61sKnDv2FHWInDhKreI/jxqWBdWsbyHj6zOF1 U+wLEzNKKjqet/nM4fSE75k9q66xMZ36FIalWDdQLYfahJlyXors7S4i+rrAO14tb8Z6F7dX0 MvlAMOp/3dTGS7i/j/hiCM8CfOPR5C0LMNbEJKFPo3A/6QazxnwJiKmVIHM6kZ8b4QpInu5/K l4lazkhkDyigGD6LI9Q6jH3LmQJfbdGULVeMkp3j20QIpoD/F9wKxQfUp7iwfbkKDZj486nTo BlW7Qzev0xA/B6WhohBCOk3xLlC5DFC+ezGjEnyREt3qp2GYXFqng1Q7hS8eEfYGJWy7V45Et ImU4s8EdeXTldWUGH3NyjrR54JRQjxwaCTmORmInRfcAa7g7UruvySFN0xBBo9at/ZIXhbbV5 ZOLT5gU7aIYWaAfXr564m3WmjKBeVUb5VHloxQfjFuqtYGZv3rzviLf8J59zc9RR0YBb4RnAC C9sLO/AHHpDTbR5t
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/P1VGyWc7T_7_u5XeXFHux9L-YnA>
Subject: Re: [Dtls-iot] Secure Time (again)
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 14:46:26 -0000
A possible alternative is to do it like the Kerberos folks did it, namely by adding it to the key distribution mechanism (which would then be ACE). On 08/11/2015 04:44 PM, Ludwig Seitz wrote: > If falling back to NTP means additional traffic (which I strongly > suspect) this is not a god thing in the IoT world. The attraction of > using DTLS/TLS is that you can piggyback the information in the > handshake (that you have to do anyways). > > So is there an alternative? Could we use RFC4680?
- [Dtls-iot] Secure Time (again) Hannes Tschofenig
- Re: [Dtls-iot] Secure Time (again) Michael StJohns
- Re: [Dtls-iot] Secure Time (again) Hannes Tschofenig
- Re: [Dtls-iot] Secure Time (again) Hannes Tschofenig
- Re: [Dtls-iot] Secure Time (again) Eric Rescorla
- Re: [Dtls-iot] Secure Time (again) Michael StJohns
- Re: [Dtls-iot] Secure Time (again) Hannes Tschofenig
- Re: [Dtls-iot] Secure Time (again) Ludwig Seitz
- Re: [Dtls-iot] Secure Time (again) Hannes Tschofenig
- Re: [Dtls-iot] Secure Time (again) Michael StJohns
- Re: [Dtls-iot] Secure Time (again) Stephen Farrell
- Re: [Dtls-iot] Secure Time (again) Michael StJohns
- Re: [Dtls-iot] Secure Time (again) stephen.farrell
- Re: [Dtls-iot] Secure Time (again) Michael StJohns
- Re: [Dtls-iot] Secure Time (again) Derek Atkins
- Re: [Dtls-iot] Secure Time (again) Michael StJohns
- Re: [Dtls-iot] Secure Time (again) Derek Atkins
- Re: [Dtls-iot] Secure Time (again) Carsten Bormann