[I2nsf] draft-qi-i2nsf-access-network-usecase-00
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 24 November 2014 20:31 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F4B1A8A8B for <i2nsf@ietfa.amsl.com>; Mon, 24 Nov 2014 12:31:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UFtPbvgXzAj for <i2nsf@ietfa.amsl.com>; Mon, 24 Nov 2014 12:31:31 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2129D1A1A65 for <i2nsf@ietf.org>; Mon, 24 Nov 2014 12:31:31 -0800 (PST)
Received: from [192.168.131.130] ([80.92.115.84]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0M3zG2-1Y9zBD0b4s-00rUrp for <i2nsf@ietf.org>; Mon, 24 Nov 2014 21:31:29 +0100
Message-ID: <547395A0.3040105@gmx.net>
Date: Mon, 24 Nov 2014 21:31:28 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: i2nsf@ietf.org
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ttUqCDSeG3Wxt404xBb1VBQ1fsshaAQlO"
X-Provags-ID: V03:K0:mO0izAiHOfqcZaUjbigl+zeXye1r+Q8PCoqO64mxbLdvZL7Pbj9 6EEHbdutffOuxOJ6TIfAWL2UYgf0css16JxsHY1+GaCziDJ43Mc9Ll1guQdOnVIU8Ze94JT ywCMtx1jfcFSpX33njdJ6+OW5fq/88+obPV/BMmwZZaGX0HAFMVpjczY8wwzW/rWQ7f6GN4 AsFSaIXkQNV9eOSZSqwCg==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/i2nsf/QsZFubyV7qVOMyu76rOPkuQ2HWU
Subject: [I2nsf] draft-qi-i2nsf-access-network-usecase-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 20:31:33 -0000
Following the presentation at the last IETF meeting I read draft-qi-i2nsf-access-network-usecase-00 with a focus on the mentioned Internet of Things use cases. The draft mentions Internet of Things in Section 3 as well but does not go into the details about the type of security (and configuration) provisioning. Since we have been working on various Internet of Things related scenarios in other working groups (DICE, CORE, LWIG, ACE, etc.) it would be good to go into more details. In particular, I would like to understand what is wrong with the currently developed solution. Maybe they do not provide the functionality needed or there are other use cases that have not been covered yet. I would also suggest to look at the OMA Lightweight Machine-to-Machine specification since it provides provisioning capabilities and makes use of the IETF CoAP protocol. It also offers a number of cellular operator-based scenarios. The specification can be found at: http://openmobilealliance.org/about-oma/work-program/m2m-enablers/ At the last IETF meeting my co-worker Michael Koster gave an overview talk that explained how CoAP, OMA LWM2M, and the IPSO objects fit together. The slides can be found here: http://www.slideshare.net/MichaelKoster/ietf91-ad-hoccoaplwm2mipso-41542196 Note also that this provisioning interface is rather generic and allows various parties to use it - not just network operators but also application providers. It might also be worthwhile to note that * when IoT devices execute network authentication then there is no user interaction (just a terminology issue since you are writing about users in your scenario), * the street lighting deployments I am aware of do not use cellular technology but rather a multi-hop mesh network based on sub-Ghz IEEE 802.15.4 technology. For this reason it might be useful to go into more details with regard to the description of the scenario. * when you use cellular radio technology then you would have the shared secret for the AKA algorithm already on the smart card and the credential provisioning happens during the manufacturing time. * The story about configuring different key lengths is OK but we are currently working on a profile that tries to reduce the number of options as much as possible (at least when DTLS/TLS is used in the IoT context). This work happens in the IETF DICE working group. * There could potentially be an overlap with the use cases we are investigating in the ACE working group. Please take a look at the use case document, which you can find at http://tools.ietf.org/html/draft-seitz-ace-usecases-02 Ciao Hannes
- [I2nsf] draft-qi-i2nsf-access-network-usecase-00 Hannes Tschofenig
- [I2nsf] 答复: draft-qi-i2nsf-access-network-usecase… Minpeng Qi
- Re: [I2nsf] 答复: draft-qi-i2nsf-access-network-use… Hannes Tschofenig