IETF Logo Mail Archive

Re: [Dtls-iot] IP Addresses in Certificates

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 07 August 2015 14:24 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 606F91A0358 for <dtls-iot@ietfa.amsl.com>; Fri, 7 Aug 2015 07:24:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cuBQvy6IfcH for <dtls-iot@ietfa.amsl.com>; Fri, 7 Aug 2015 07:24:58 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7434E1B2DB1 for <dtls-iot@ietf.org>; Fri, 7 Aug 2015 07:24:51 -0700 (PDT)
Received: from [192.168.131.133] ([80.92.114.74]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0McVGq-1Z6Bir1Wz2-00HbpY; Fri, 07 Aug 2015 16:24:41 +0200
Message-ID: <55C4BFA1.1030600@gmx.net>
Date: Fri, 07 Aug 2015 16:24:33 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Michael Richardson <mcr+ietf@sandelman.ca>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <55A63EEF.7010608@gmx.net> <55A641EC.4030203@cs.tcd.ie>, <D1D3F9D5.31B15%thomas.fossati@alcatel-lucent.com> <trinity-5e418e2e-726a-4c31-8498-634e598fb57e-1438786484782@3capp-gmx-bs46> <55C23E1B.5050300@cs.tcd.ie> <22776.1438803665@sandelman.ca>
In-Reply-To: <22776.1438803665@sandelman.ca>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="acnGnXrAiLq0idUnlAk3Dgj5lU7s3oSPI"
X-Provags-ID: V03:K0:9B25BMEtRYhOOILS/F4J4xV4h/Z5ffg6IX6lN4k2mkVaHzxXvmt BBQQ15RwpIRSrDk5jh8zjnDlkfm00cIIMIu3UnPwywKjBxP01FKlxHrphFf0ncDI7ZSQqM9 ckyvYsAe3jtlSaXeOqVwHQbBSrKLUTSYh/xAlo31YK2yEkg3kvgO8C7vmAV86atuku5Boto jatnkpOLZtp1wWAtRUTQA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:766jWZ6kaRg=:gzlEtFIPVT3cuHyasF5SL9 MwVIkwR7Wox7FF8decRZwqBL4mXhSyXkKTUdyDYHu+ssqlMz6OVBmJVg/DoblFH247CUycvYf 1UBaFoKSztD3fAnsmzlOVpFU6sQ75EPQ6E7rsz/rPfOSJfu2Lmd/XbWuOl/wjjOsNj8a5lwCB m1I2zByR5JPITKzoYQ+HVIzQ5ols7/NaVTwhdfVMKPjiknAVAEyP6tsRQVo9I1EObqJKW+ScJ 6kR/tEMhJ3d3JDJv0/KS7CFxGWGCH0SHmEH5gECiRp3ViBKfefcWVwC+PLI5fgZRjQG8WZ39z UjmH8U7wHfgMA5PNO2CixEyNxE9+XABOlZEQIabBBqf04+H3xcSHeFQrpRPu+9DaClXfZwlDA kbIKF2uJbRyWnjLTvTR80q8Crm6NJ+fH0UpTIkmek2W3EKthKKUTAjFRTDpHZl5Fv/b7d+jXF b6NP85LQhG284+0IiZAyAMe1ujTE6lXzllKjVqgY5RW/5IIJdpfAJ4vZs0uVTge8gD7yPlprn rvuCQNmcQww9H6LnxftJBVP+fePBzZXdvGysytI5tmF3XZB9v6S3Ee08EktKb7MO2PlawwD1+ bKpua5iXciWHjrOH4HPjV+PgFQhdHqhwD3M4KuaVU/G5wmOlZRLmKMb64K/U/qRlqPS2bchfz wAZdRyXzh7Z7Dq7QEaG2acnir9reiayZTjSFQcMAsmVK1RpERy1Dzvo/URm3UPgWPLQ0UEvjZ okTw30YEceNPLiUR
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/jsI-RuEw_vsEIBD4KIvlwLJD55g>
Cc: "FOSSATI, Thomas (Thomas)" <thomas.fossati@alcatel-lucent.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Subject: Re: [Dtls-iot] IP Addresses in Certificates
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 14:24:59 -0000

Hi Michael,

could you explain the idea behind draft-richardson-6tisch-idevid-cert?

I don't see how it relates to Stephen's request to add a description on
how to use IP addresses in certificates for the DTLS/TLS IoT profiles
draft.

Ciao
Hannes

On 08/05/2015 09:41 PM, Michael Richardson wrote:
> 
> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>     > On 05/08/15 15:54, Hannes Tschofenig wrote:
>     >> Hi Stephen, reading through this issue again I believe you could help
>     >> us further explain what we could recommend in the document.
> 
>     > Assuming that it'd be a bunch of work to recommend how to best handle
>     > certificates for devices that will only ever have a bogon IP address, I
>     > guess the best for now is to just say that that work is not (yet) done
>     > and hence this document makes no recommendation.
> 
>     > Seem ok? (And yes it could be that the current text on that is just
>     > fine, I didn't go look back right now)
> 
> okay, but we need to do this work for ANIMA, and other places.
> 
> I wrote:
>   http://datatracker.ietf.org/doc/draft-richardson-6tisch-idevid-cert/
> 
> But elsewhere in this thread I mentioned a current killer-app need for
> this is with service processors (ILOM/iDRAC/...) which seldom have anything
> other than a rfc1918 dhcp address, and really, the browser location bar
> should show the end user the vendor and mac address of the unit, not the IP
> address.
> 
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
>

v2.23.0 | Report a Bug | By Email