IETF Logo Mail Archive

Re: [Emu] draft-ietf-emu-bootstrapped-tls

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 16 December 2022 11:42 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CD90C14CE55 for <emu@ietfa.amsl.com>; Fri, 16 Dec 2022 03:42:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=4Q0XH4cT; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=4Q0XH4cT
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TLeEUVqnnEs for <emu@ietfa.amsl.com>; Fri, 16 Dec 2022 03:42:45 -0800 (PST)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2057.outbound.protection.outlook.com [40.107.241.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72F7EC14CE53 for <emu@ietf.org>; Fri, 16 Dec 2022 03:42:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hUMaVJSF4x6TFwL9LvCWooGiTOA0922zGJiltxvmUXk=; b=4Q0XH4cTojis6ZD/QJQbhfC9Uu0CtLhPUhjJsy+SO2LlhM5jAbCrz2Jm20tgCa9bww5mAKj8qz9hm6Gu2TUSRpVYfzKorcZdDa5auFunrJO/sv3XOXkWXw+JF2TmlYPLsrMGnTB3evlsY6nTp0WpQ/UakWAzBMexG5C7TrmXxVI=
Received: from ZR0P278CA0158.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::17) by PA4PR08MB6128.eurprd08.prod.outlook.com (2603:10a6:102:f2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.5; Fri, 16 Dec 2022 11:42:40 +0000
Received: from VI1EUR03FT051.eop-EUR03.prod.protection.outlook.com (2603:10a6:910:41:cafe::8c) by ZR0P278CA0158.outlook.office365.com (2603:10a6:910:41::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.15 via Frontend Transport; Fri, 16 Dec 2022 11:42:40 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VI1EUR03FT051.mail.protection.outlook.com (100.127.144.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.15 via Frontend Transport; Fri, 16 Dec 2022 11:42:39 +0000
Received: ("Tessian outbound 0800d254cb3b:v130"); Fri, 16 Dec 2022 11:42:38 +0000
X-CR-MTA-TID: 64aa7808
Received: from 5e75c2fe4bd0.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 7A49BBE5-3BFE-440A-9148-8E72C211B5C1.1; Fri, 16 Dec 2022 11:42:32 +0000
Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 5e75c2fe4bd0.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 16 Dec 2022 11:42:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TGHYp9drz2cgKfRiy7fvR7Z88bOT/D0jshL+eTa6tjnegEu5W9rk9SuHf7xI42hSFhdlyhbkIB/VZ+BBasFgySVsZZ5GsfR7K9wmgo1WGU9CoVUwKMuezglhByYsZ6lsS1zcV8IEbZBAh/9/IroHuwFclwysjQ7viVlwk7WYOTp6E7+Vi0uQKRAeyRvlaAnqzEVC9qtc31LNHhKX5aDBxZ3NzZUADdxlFbEKJDx2wjPBJ7hcAkmqtwdnqf7TZ7RHD5Fi/0HvyyZkvHNHf400pCXyEAffv4qfWt7QaurOuFvWbDLKKfyg3nfKvLU7xarlUzArG5hEFsSq+UMxOBUH3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hUMaVJSF4x6TFwL9LvCWooGiTOA0922zGJiltxvmUXk=; b=XTlvKQI4jeUTt8Yj+PwzYuJHsdNcgUjwJ0fnEnCtQMgXahCbAHa/80D3TsHsjOR37Fdig5O6rpLURw9i3KOYexNQ7gHg0O+S2qkUKF+7OrHUOhFqJHgVVhHUhhUNQkI/NqIUXXmt8RyEIf9p34nRpFmEBN2dHnKDDt1Mnc4KMU36kwSs+EQGX25VRfJzcrUD5Zjo0fjxmBZkJ97VfrGrRvDI4bCAiyCuqW+zevBHChIpplPNKm9XnDvmeeuQ9R1U0JIvQxoNwPA4DedCzrydAc/xeBSZFkcwvFiYTunX6VFI5G/Mv6nWLbT8xwS903j55G3mjwoh5Rb9ujhxrW+u7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hUMaVJSF4x6TFwL9LvCWooGiTOA0922zGJiltxvmUXk=; b=4Q0XH4cTojis6ZD/QJQbhfC9Uu0CtLhPUhjJsy+SO2LlhM5jAbCrz2Jm20tgCa9bww5mAKj8qz9hm6Gu2TUSRpVYfzKorcZdDa5auFunrJO/sv3XOXkWXw+JF2TmlYPLsrMGnTB3evlsY6nTp0WpQ/UakWAzBMexG5C7TrmXxVI=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by PAVPR08MB9187.eurprd08.prod.outlook.com (2603:10a6:102:30b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.5; Fri, 16 Dec 2022 11:42:31 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::33b2:bbda:19e7:b5c2]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::33b2:bbda:19e7:b5c2%8]) with mapi id 15.20.5944.005; Fri, 16 Dec 2022 11:42:31 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Owen Friel (ofriel)" <ofriel@cisco.com>, "emu@ietf.org" <emu@ietf.org>
Thread-Topic: draft-ietf-emu-bootstrapped-tls
Thread-Index: AdkECOxcxYGmmwmZSHKQAMHQFQN0jANOHgoAAACEWAA=
Date: Fri, 16 Dec 2022 11:42:31 +0000
Message-ID: <DBBPR08MB5915DA8656CB2903EF96B160FAE69@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <AS8PR08MB5911BAEF746DFE1F6E38441FFAE39@AS8PR08MB5911.eurprd08.prod.outlook.com> <DS0PR11MB64452D359246FB3F08D12B2ADBE69@DS0PR11MB6445.namprd11.prod.outlook.com>
In-Reply-To: <DS0PR11MB64452D359246FB3F08D12B2ADBE69@DS0PR11MB6445.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: F8E34A7AB9D7CA46AD5EBF6EC1832220.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DBBPR08MB5915:EE_|PAVPR08MB9187:EE_|VI1EUR03FT051:EE_|PA4PR08MB6128:EE_
X-MS-Office365-Filtering-Correlation-Id: 5de2d11e-eee0-4e91-c41c-08dadf5aa26f
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: HeaCAHieNCRCi3+Ezlv3bxdkIntUJ+AlvBYwB+5+BGnMbIUoDsov3b13XRrYncgf4hOy2b8Ly1wTVRyC2MM2rraZvsYK2AR/wjX2CHGBjjk8grPXSlxax+WwlD8h1zXoQIPYdQrSTpJ3j9x/FhPf3cDHgS6s1MgAYgqkrDR5mHuf8XjFBv7no2Acfw0KTa/PFcSEngWWhvBO2D9tWY2BEzhQ7P169oq5hvP9y+gGYdoKuWTQERCA7cagrndw1wrDVxkPcu0kT3HZC9Q6QiM8FAXbauNTnl01j0Gbbu8Pza9QVdEwJiWLzaDBiFX6XhVyPEycMYjcgNClF/3kPW21IWIgHd+SaWW3p5mw9ch3ZUslsb66tJr8UJxSWLRJFLudiqZCJftFBp5fWShIsGyefltKZcNt07YL8nSf99K8R90zBHNm7s5Qys9T3bvdjVsColnEjevGlhtvMP+1a6WGQDwpeBJwXmoT6c9yeT7tUpUgr9U5Q6LxEPvG6brwEt3Ba0wKJesV9m0s/IoErZbgaalTQS943DyWopSJbTjtZ2Anjqwsm3vaknK9DFJaWZxIX/0WztKyS/QT0h7GaXEKqovSIwIgVauUemTgAOqI86djOWR/G61tXPatJte9ukIPRGS4vDH8hiXElPIwQj1N0n3CoPjTzX4n9Dwac/+ftxAVwocIWW4b4rocqJvGlEZ5fOBXjfsclzc1quKWTWll1DUWBpeKKXYFqS3gXTf59NA=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(366004)(39860400002)(376002)(396003)(346002)(451199015)(83380400001)(53546011)(122000001)(38070700005)(52536014)(86362001)(55016003)(38100700002)(64756008)(33656002)(8676002)(66446008)(41300700001)(76116006)(66476007)(66946007)(66556008)(8936002)(5660300002)(316002)(966005)(478600001)(186003)(26005)(9686003)(6506007)(71200400001)(7696005)(110136005)(2906002); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9187
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VI1EUR03FT051.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: f20c60d3-b00b-4c3f-a296-08dadf5a9da1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 7K4m5oulMUmiQ+kiHIvQqbUX09rXdtcQdsoroayrWz3Gi4ouBTCreKWFTlphYSmIbdR+eEEvqWSOCARTg1lrueEKsykbIjJHTRupC6kdCzeGIQfDgcEpoM7LjLJHvjtIzkBTCMX59yS/WyIXPZb+XLmrOhgfQbNMsr6BkG72Wt8g71l8QjcdMZuwwdJbibueqLN8dBZ2urOfrbQKodsRkwtmYSA8XAO0R/by0O9FXTktS8Q8H2+qYZB7wir7zYoAOwD6hBcMQp4jap6QQDTIGeR7DtaB4pskvYdopdyWVXa9/wfcAiMgicgLHNQrHtVoo8AAPV/xaWc7Q5Yb/NeeaaFQYUQSvfhF+8BIJW61Y2KLHQfSpiaT68aTriptwgTBr1eXjFa0W9pmifHCjwaIO3GQ/6wFsdKgtpkE9mNmO0jr5nsoB8dRayQlaE6IoO6P9l7AX1/oaqKkNGMgUoZ+a9NDiwDI1qKhjoiX64HXjTdkz/ajxQl/y32Tlhh4PJGM6EHAFDfTrKeJkTrjHZu2VWhmhOj4yXfXdJu8Igyj7OWHM5fWy3A19n5Ai77Fpor4TClnlpIXa1s3Hp7UqGo7LrMFqeMga6i9phHdIc3g9Qp90ivrWSnd6pIU+g3yyuHmgQZLNCqcYjgPIpIMNteFwxW2TEG187u6bfis1pGVgXvh7ZisQ6W/k4i9v/AvICuNtHSmfDBnvj6Oaqp2DWRUHKh7igP8iKm9SO79MU7s3v0=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(346002)(396003)(376002)(136003)(451199015)(46966006)(36840700001)(40470700004)(55016003)(82740400003)(2906002)(966005)(356005)(478600001)(81166007)(83380400001)(336012)(7696005)(36860700001)(40460700003)(33656002)(9686003)(53546011)(26005)(82310400005)(6506007)(186003)(47076005)(52536014)(8936002)(40480700001)(5660300002)(41300700001)(8676002)(70206006)(70586007)(86362001)(110136005)(316002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Dec 2022 11:42:39.0537 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5de2d11e-eee0-4e91-c41c-08dadf5aa26f
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VI1EUR03FT051.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6128
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/cI9ccWREz_5B53n_caSJDmTdqJo>
Subject: Re: [Emu] draft-ietf-emu-bootstrapped-tls
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2022 11:42:50 -0000

Thanks, Owen.

-----Original Message-----
From: Owen Friel (ofriel) <ofriel@cisco.com>
Sent: Friday, December 16, 2022 12:31 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; emu@ietf.org
Subject: RE: draft-ietf-emu-bootstrapped-tls

Thanks Hannes. These all make sense and are now all addressed in github and I will include in draft-02

And yes, the intention is that DPP is recommended for Wi-Fi as it also addresses the Wi-Fi SSID discovery problem. TLK-POK is recommended for wired. I have clarified this in the introduction.


-----Original Message-----
From: Emu <emu-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Tuesday 13 December 2022 10:14
To: emu@ietf.org
Subject: [Emu] draft-ietf-emu-bootstrapped-tls

Hi all,

I have a simple question regarding draft-ietf-emu-bootstrapped-tls-01

Do you see the scope of this specification limited to the use for wired network access? In Section 2.1 you describe the story as "use DPP if the device bootstraps against a Wi-Fi network, or TLS-POK if the device bootstraps against a wired network."

If that's the goal, I think it would be useful to move this text from Section 2.1 into the introduction.

I was also wondering whether it would be better to change the title of the document from "Bootstrapped TLS Authentication" to something like "Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK)".

Minor remarks:

There is a reference to RFC 9528, which is marked as a broken reference. Most likely a typo and you mean RFC 9258 instead.

You say: "Device on-boarding protocols such as the Device Provisioning Profile [DPP], also referred to as Wi-Fi Easy Connect, address this use case but they have drawbacks." Then, you only mention one drawback. Maybe you want to mention other drawbacks.

The terminology section should contain the RFC 2119 boilerplate text.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email