Re: [Dtls-iot] IP Addresses in Certificates
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 06 August 2015 10:09 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A79C1B2BCF for <dtls-iot@ietfa.amsl.com>; Thu, 6 Aug 2015 03:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BL3uEl1rvZAz for <dtls-iot@ietfa.amsl.com>; Thu, 6 Aug 2015 03:09:55 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92E2B1B2B3B for <dtls-iot@ietf.org>; Thu, 6 Aug 2015 03:09:53 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7EE42E377; Wed, 5 Aug 2015 15:58:40 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 1D9F463B10; Wed, 5 Aug 2015 15:41:06 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 0295D63AD9; Wed, 5 Aug 2015 15:41:06 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <55C23E1B.5050300@cs.tcd.ie>
References: <55A63EEF.7010608@gmx.net> <55A641EC.4030203@cs.tcd.ie>, <D1D3F9D5.31B15%thomas.fossati@alcatel-lucent.com> <trinity-5e418e2e-726a-4c31-8498-634e598fb57e-1438786484782@3capp-gmx-bs46> <55C23E1B.5050300@cs.tcd.ie>
X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Wed, 05 Aug 2015 15:41:05 -0400
Message-ID: <22776.1438803665@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/f_oEjXVyOqU3hvCFm7xCW6tQQOw>
Cc: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, "FOSSATI, Thomas (Thomas)" <thomas.fossati@alcatel-lucent.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Subject: Re: [Dtls-iot] IP Addresses in Certificates
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 10:09:57 -0000
Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > On 05/08/15 15:54, Hannes Tschofenig wrote: >> Hi Stephen, reading through this issue again I believe you could help >> us further explain what we could recommend in the document. > Assuming that it'd be a bunch of work to recommend how to best handle > certificates for devices that will only ever have a bogon IP address, I > guess the best for now is to just say that that work is not (yet) done > and hence this document makes no recommendation. > Seem ok? (And yes it could be that the current text on that is just > fine, I didn't go look back right now) okay, but we need to do this work for ANIMA, and other places. I wrote: http://datatracker.ietf.org/doc/draft-richardson-6tisch-idevid-cert/ But elsewhere in this thread I mentioned a current killer-app need for this is with service processors (ILOM/iDRAC/...) which seldom have anything other than a rfc1918 dhcp address, and really, the browser location bar should show the end user the vendor and mac address of the unit, not the IP address. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson
- Re: [Dtls-iot] IP Addresses in Certificates FOSSATI, Thomas (Thomas)
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Michael StJohns
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Stephen Farrell
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Hannes Tschofenig
- Re: [Dtls-iot] IP Addresses in Certificates Michael StJohns
- Re: [Dtls-iot] IP Addresses in Certificates Michael Richardson