IETF Logo Mail Archive

Re: [Iot-directorate] [Emu] Iotdir early review of draft-ietf-emu-eap-noob-01

Mohit Sethi M <mohit.m.sethi@ericsson.com> Sat, 11 July 2020 13:27 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D4373A0F48; Sat, 11 Jul 2020 06:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7sQTqgUaSGQ; Sat, 11 Jul 2020 06:27:15 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70051.outbound.protection.outlook.com [40.107.7.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45C303A0F47; Sat, 11 Jul 2020 06:27:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SyjOvB+qA9gYsvWbwxidqfH7iXUGJqehMPSvuRqmYlE6hFp/uVXNwXmcmxjWfrk5jwkb3VfffogDQks8B3SHflO4Cl2DkUHNNYX4d257TA2oegzjIIOgcJIECG0k0G8cMZQrmY42icUu8W4ou8S+u/aNghayxvMxljbfbFmzRGfFMa8Fp1hDJQu1W4+po9vGoRICFQFxziNakI6n8Zp79JCeYbSGwcKYcKm59CySzRcdJZaYgYhN7yaIHw1mcqSlTMoCwfQXTOCfLM9qGIeDhmBdXCF8aCLnd7dtCrKPgd1TEM/yAiu4j7X4ag47rkaGK3JFzJgsL9Hh94h513wEtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=91IM84eGbTPU9S3SfbiMUOXAGLuIFXgu3iDtq1iL8jw=; b=F68x5kdmuHnrO1TR4A5zczguFEev15DQorcc5Uz4lLgJCspNYLQZzhV3z6IJ5Q0hFuybTuc2tu3DMA3gQUrQCjykX16E85RwcAJYX/jx+x4HYh5bpFnswo3bWCIQvudFor0AmOBeYfdMKBCaO/H3Ig6JMZe6xDtcEaW4FDZGBWdb/VSYZKCo0iaMWvyG+ZMSOzOAyth/p4kCXYxa/pFQIvxUnRXbZ3dfAH0ML7OloTbXXkIkeImstk1kTeNNpeU8jT+FedWzG1etzrCRA0fffRfz/diEqm2LAz4TW5bEv6RU2ZBZTKfsW1Lok3N0eRkThhDJFpVPEl4bSU1XnQFRCA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=91IM84eGbTPU9S3SfbiMUOXAGLuIFXgu3iDtq1iL8jw=; b=J1AaylOi4sILVUsff5/QaeNJRtR++vUBWQ3hU2BhoRnGp9JtsBxH3OsDtnjUZrqKBYyZH6uLlaYm8XZD8ujCvwfu9ZACbbBjA/tCeCf6/f8t1hO4rvvVPwUM6UpBZT4d95l8VaAablZPk8GkI/7stVhrvM+4Cjesm7qO7PLcEbM=
Received: from VI1PR07MB3390.eurprd07.prod.outlook.com (2603:10a6:802:1e::16) by VI1PR0701MB2912.eurprd07.prod.outlook.com (2603:10a6:800:86::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.10; Sat, 11 Jul 2020 13:27:06 +0000
Received: from VI1PR07MB3390.eurprd07.prod.outlook.com ([fe80::211c:500c:f155:7b16]) by VI1PR07MB3390.eurprd07.prod.outlook.com ([fe80::211c:500c:f155:7b16%4]) with mapi id 15.20.3195.010; Sat, 11 Jul 2020 13:27:06 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Dave Thaler <dthaler@microsoft.com>, "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "draft-ietf-emu-eap-noob.all@ietf.org" <draft-ietf-emu-eap-noob.all@ietf.org>, "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] [Iot-directorate] Iotdir early review of draft-ietf-emu-eap-noob-01
Thread-Index: AQHWQRs8s152gJac1EmZLzcQAQpMGKj+E6uAgAR4DQA=
Date: Sat, 11 Jul 2020 13:27:06 +0000
Message-ID: <cd4eb7c4-2780-2c10-9946-c44862deef73@ericsson.com>
References: <159200881222.13853.13790945720958773822@ietfa.amsl.com> <962.1594228341@localhost>
In-Reply-To: <962.1594228341@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:14bb:180:32e0:4410:998:b5bb:a856]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 37270e01-ce55-498f-e28d-08d8259e1b1f
x-ms-traffictypediagnostic: VI1PR0701MB2912:
x-microsoft-antispam-prvs: <VI1PR0701MB2912E68702F42F1978D5A93DD0620@VI1PR0701MB2912.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Jcudg6j7IbLpAWi5zWHoPo8y37+dgbh9Di015VLuICghosU3/ry2xM3TprQ2c6bxao9sklz9FEBxtLPz/GpZu8j02FaHKgWTva6idr+knC6IdxjzZsSKeI84MhmMzFxkRAGkQSGXqI8PbFABbyfEanzCgUFpD0mQwDrh7a3vxmXftmwzebEscJtgNNPwbSO28Sp3qZmKDSf8RE7XaAsOhU6J5f6eKxhZLnVm1CMjCYanFIvubFuUyYV2Ou0/Qd0G60+GQxD8SNSrp+GezoPcMEeEIGwxAcPMVx3HpS97WQX/ZDO42OD9CmPBqDAIEOyEgbYv/+/+3SPaQAiXC+CEf3fqaFGMYPAATvG8FUfpl/A6PsMYfZp3Ze2UcCFSmhV/9jwU2rLqO1juQiRwCPlXVwEQI6nFqsKu0G8isTflQl1aKaPUH7MaoAH0D87QRFXSW30kelxYb1Iw8ey+Xir/yA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB3390.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(39860400002)(366004)(376002)(346002)(2906002)(316002)(186003)(83380400001)(31686004)(76116006)(66446008)(64756008)(66556008)(66476007)(66946007)(21615005)(2616005)(6512007)(966005)(5660300002)(478600001)(86362001)(166002)(8676002)(6486002)(36756003)(71200400001)(110136005)(8936002)(53546011)(6506007)(31696002)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: gjqk4QUT1g//KCLbGwmSoYPfgLN0MUWH4+LRiDJEZGnRVbOD+bwygnoKP/EyJ4z6vyY9mTgw2LsdXJBlvg05qltMceWn7ATwC0CUPPTMfhA6zODHdDY6VOgmCwR7OWy1uFRQ9B8IhKYAHY8CE3E6lX690nDutiVvkkKTkrnCz1ggeGXXnPm9aaXsVb3mZQARlzKZfgxKotMEpIvfJXw5+y4vcN0UU7lZ5cXjYxmhid1plXXf0S+DQMM9xVTQHsZ1bcAplvhgJjae3JUH+gbhmYM28RKLOsSm2nievcWKJksxT/BxkGk7iJjuLPVoQI9dQxMuRk+XvcdoaR65ViTmB8TiecdTPJziMvfsV4Jk/nrnkJ1QZX89AiZZirPibScFU3cJgfsNAsjTOwkr3X7lar/j5vgylhGJEhM6EfByOsjdCJ9PHYfHGEtAyUWg4MeF+k1G0SViXYk+EBTPH8Hlk3o0hKvku3AkzrIo8L/QmuOrMCgxKRwli3VTWD2iJAZRIuJ+G+z30dJz0htK3P8GqKqFSSEGNVkbs6LiLzqQCEU=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_cd4eb7c427802c109946c44862deef73ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB3390.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 37270e01-ce55-498f-e28d-08d8259e1b1f
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2020 13:27:06.0681 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Pygfvp/PoV6rGIPN8r4sXo5cnqDnws84mMAbTPc41F2w0BpKw4BNp1+zsJenWJ3frKv1zIZQo8lGHvz3+sa/a0/mBotcIYEG9j+opcLVycM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2912
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/GWd0P3PcTaCyxZYVnJLDzRtmr90>
Subject: Re: [Iot-directorate] [Emu] Iotdir early review of draft-ietf-emu-eap-noob-01
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2020 13:27:19 -0000

Hi Michael,

Thanks for the input. This is indeed something we should discuss at the upcoming virtual EMU meeting.

Some colleagues (Ingles Sanchez et al.) have also investigated and documented the savings that might result from the use of CBOR in EAP-NOOB: https://hal.archives-ouvertes.fr/hal-02880326/document

EAP-NOOB also relies on the JWK specification for encoding public keys. While CBOR equivalent is defined in RFC 8152, it is a rather large document that contains all the functionality of JWK, JWS, JWA (as far as I understand). Following smaller modular specifications was somehow easier at the time.

What is more important is that wpa_supplicant currently has a JSON encoder and parser (https://w1.fi/cgit/hostap/tree/src/utils/json.c). I think you would agree that wpa_supplicant is probably the most important tool for those using EAP (at least on 802.11).

One could use an external library since there are many CBOR implementations available: https://cbor.io/impls.html. However this has two major downsides:

- Adding an external library dependency implies that the overall system becomes more brittle.
- Updating and maintaining two components is definitely harder than one.

As said, this is worth discussing at the meeting since it would result in a large change to the existing EAP-NOOB implementations.

--Mohit


On 7/8/20 8:12 PM, Michael Richardson wrote:


Speaking as a WG participant.

Dave Thaler via Datatracker <noreply@ietf.org><mailto:noreply@ietf.org> wrote:
    > 3) Section 3.3.2 says:
    >> The in-band messages are formatted as JSON objects [RFC8259]

    > So this limits applicability to constrained IoT devices, since JSON can be
    > verbose compared to, say, CBOR, and if the IoT device already uses CBOR for
    > its normal protocol use this requires adding a separate parser for JSON which
    > may cause code size issues.   Is there a rationale for why CBOR could not be
    > an option?  E.g., if this protocol is not applicable for constrained devices,
    > then say so.  (I don’t know whether EAP itself already inherently has
    > problems that limit its applicability for constrained devices.)

I think that the document predates widespread availability of CBOR :-)
I think that it would benefit from only using CBOR, as CBOR works into EAP
much better than I think JSON does.
That would be a radical change, but the document as only just been adopted by
the EMU WG.

To the extent that EAP is used more on 802.11 rather than 802.15.4 [not that
you can't do EAP/1x on 15.4, it just hasn't caught on], IoT devices that have
power budget for WiFi can generally do EAP.  There is a large variety of
arduino class devices running FreeRTOS+micropython, for instance, which
already have EAP supplicants.

CBOR would be easier for them in the C code parts of them, while if the
EAP-NOOB were to involve the python code (for callbacks, etc.) it wouldn't
matter much as whether JSON or CBOR, it would likely be presented as python
dict() anyway.

Where there is a problem is a slightly smaller class of device which use
various WiFi *MODULES*.  Usually the microcontroller speaks i2c to this
module, and the module takes care of all the TCP/IP/Ethernet/WiFi stuff.
Those devices do not use EAP today, and they are hard to upgrade.
(and from a security point of view, those architectures concern me greatly)

--
Michael Richardson <mcr+IETF@sandelman.ca><mailto:mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-







_______________________________________________
Emu mailing list
Emu@ietf.org<mailto:Emu@ietf.org>
https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email