Re: [Iot-onboarding] draft-sarikaya-t2trg-sbootstrapping-05 is really good
Behcet Sarikaya <sarikaya2012@gmail.com> Thu, 06 December 2018 16:42 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5885130E74; Thu, 6 Dec 2018 08:42:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMVG_Hp72ZDc; Thu, 6 Dec 2018 08:41:56 -0800 (PST)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40997130E11; Thu, 6 Dec 2018 08:41:56 -0800 (PST)
Received: by mail-wm1-x331.google.com with SMTP id m22so1757858wml.3; Thu, 06 Dec 2018 08:41:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=2Ki9w/I0iaCh7mIQVycQ9bRqsV3WNR3uH+fi80GtX2E=; b=P2XtVySAflduvpgzDLORBrz6jd3KQ4gn9tKcngR4gCRpDPqDTSMtfl/0mBUHtSHNpr Wbn36eZ1t8/wS8HZ7iBTvJtGN4drRaPE4mLi9H1KQ1xTbnvG/xvUcnGkPDsAtqodjvRA d2QuCUjjSVPmWUh5IRNf8S1QGYFWJC39qvV94tKD8PiT8Dzv2wQN00mK25OMfzziGOy/ 2zSmGLQAYn3VhCMaKbwqihGu+U6ijczPEqdqL4/7bnN76aoIBgu4xrxWquwlcSwmI4JS ggxklRDyO3cwdjW8f42NB3mvRemsHaPSsMpb/Sr2knarDfnAJgqw3zrR6o9b6wMmci43 u9Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=2Ki9w/I0iaCh7mIQVycQ9bRqsV3WNR3uH+fi80GtX2E=; b=H46alh947XkBPfI+8VA4Mh7kZn+pq6sf2RcxJWQmDv95GPijMj0yNRbQV96dCAj0Ff bngUvy58lbY3/xBI3cF1FCDilY7o87PK1vwmtcBD53AdEILyOfacNBxuzmGzK6peZgpE t4X8dbKuIJUoNHdOkk87f0svK+obPJgirnd1W4QvlUwq56WiCBvCZjkdVGY9vf7oWhUm lplcNEC0rTcipJHMHAVo6vn1m8RISDTOcuDwtRy9OR/hkxvEcTynmuQXS/sUzVF7xAoe jyF6qn30Mi8cOXxbvdmWGaolVNfI2DAFitMxBChdUjL2vntB7Ph9WqVUookt+puhatmq x+4A==
X-Gm-Message-State: AA+aEWaX970tDokhdVOmDla8c/oTH875lFMpjswbVAQXGu0i+W2ny/lD iggI53mEFfLjlCHRJX8o90DVHAopEkF4SsvfSePTte6x
X-Google-Smtp-Source: AFSGD/V0UIHhctfdnO6jV5dF85YmWcv1NUHPgjpJAEfx4COJRmjN+C9yjeO2wWHoQXGidI2FDCVKNHKoHsgsqtu7M3o=
X-Received: by 2002:a1c:a00f:: with SMTP id j15mr4390117wme.84.1544114514710; Thu, 06 Dec 2018 08:41:54 -0800 (PST)
MIME-Version: 1.0
References: <13966.1543783081@dooku.sandelman.ca>
In-Reply-To: <13966.1543783081@dooku.sandelman.ca>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Thu, 06 Dec 2018 10:41:43 -0600
Message-ID: <CAC8QAccE+Qo56_9nTi9bZKniv+z=Vh8ZWpGX3wOqfV7YfHCD=Q@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "t2trg@irtf.org" <t2TRG@irtf.org>
Cc: iot-onboarding@ietf.org, draft-sarikaya-t2trg-sbootstrapping@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002454bc057c5d2d64"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/5ZSHkaWFgvZ22XSqZ0XQDYPVfik>
Subject: Re: [Iot-onboarding] draft-sarikaya-t2trg-sbootstrapping-05 is really good
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 16:42:01 -0000
Hi Michael, all, Please see inline. On Sun, Dec 2, 2018 at 2:38 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > B. Sarikaya, M. Sethi and D. Garcia-Carillo > have done some very good work with > > https://datatracker.ietf.org/doc/html/draft-sarikaya-t2trg-sbootstrapping-05 > > The intro section deals with "bootstrapping" vs "onboarding", and there is > also the term "enrollment"... > > Section 3 does not mention BRSKI, and it probably should, but you mention > it > in section 4... not sure I understand why. I guess it is a managed method? > > Now in Revision 06, it does. > > "Opportunistic and leap-of-faith methods" > > I think that this category should be split up, and distinguish between > methods that are Opportunistic (no memory, no implied trust), those which > are LoF followed by Trust on First Use. > > Sure Rev. 06 will fix this. > Additionally, various > online services such as Gmail and Facebook allow anyone to create > a new identity during the initial setup and later only verify the > continuity of the same identity. > > Not sure I understand this, maybe a reference would be worth it. > Since I don't understand it, I don't know if it fits. > > This text will be removed in Rev. 06. > section 4.1 lists a bunch of one-touch (1+) methods as managed, > which I actually find puzzling. I do not consider many of the methods > listed > as enrollment or onboarding methods. (By the (a) defintion of > Introduction) > They are all (b) methods, yet you include BRSKI there. > > Well they are mostly (b) methods. This draft historically was aimed at documenting the existing (b) methods and the addition of (a) methods are more recent, so we intended to do both. > [I-D.ietf-netconf-zerotouch] is an RFC8366 based mechanism, similar to > BRSKI, > but using a different set of assumptions about communications, including > none > (USB key). > > Sure, we add this text also in Rev. 06. Sorry we had missed the reference of RFC 8366. > 4.2: I'm told that Thread version n+1 uses BRSKI. > > DPP: DPP (Device Provisioning Protocol) [dpp] is a 3 message > authentication protocol currently being standardized by the WiFi > Alliance for devices that rely on IEEE 802.11 link-layer for > communication. The current DPP specification is only aimed at > networks that use WPA2-PSK (also known as WPA2-Home) for network > access authentication. > > I was unaware that it was limited WPA2-PSK networks. I don't think that is > true. Maybe WPA2-PSK type networks are just the sweet spot where it makes > most sense. > > Now this is all fixed in Rev. 06. > Generally, I really like your section 1,2. > Section 3 could use a bit of work. > > Regarding your comments below, here what our views are: Your comments on the classification: we will add a few terms to the terminology section. Making it like RFC 7228 is a completely different endeavor, a completely new draft. But it is not in our draft's scope. We have targeted t2trg charter item when we wrote Section 4. Actually this section already was revised in response to the reviews made, including yours which was an in-depth review. I am personally interested in co-authoring such a terminology for onboarding draft. Maybe we can undertake such an activity on the context of the new onboarding effort in IETF. Regards, Behcet Regarding his comments on the classification, I suggest that we add a few definitions to the terminology section in reply to his request. Making it like RFC 7228 is a complete makeover and it would amount to a completely new draft and is not in our draft's scope. Maybe the new onboarding effort in IETF may target something like this. I suggest that we reply to his Section 4 comments saying that there is a T2TRG charter item on this and that is what our draft corresponds to. > I don't think the survey in section 4 is worthwhile as is. > > What I'd like to see is a clear set of terminology (a la RFC7228) that we > can > subsequently use. Some really clear clarification of what some terms mean. > I don't care if due to clashes with other word uses, we "Property Red", > "RFC89AB-bootstrapping"... (or use Caribean island names or whatever). > > We could stop at that point, and then let the various documents apply the > terminology to themselves. > "According to RFC89AB terminology, BRSKI is has Property Red, and > should be categorized into the set of Jamaican-Zero-Touch protocols" > > I think that getting section 4 nailed down is not very useful in an IETF > or IRTF specification. It will take too long, and might cause arguments > that can't be resolved, even in IETF publication time. > > Instead, write a survey article for a journal (the IETF Journal is always > looking for stuff...) that applies your terminology to various protocols. > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > >
- [Iot-onboarding] draft-sarikaya-t2trg-sbootstrapp… Michael Richardson
- Re: [Iot-onboarding] draft-sarikaya-t2trg-sbootst… Behcet Sarikaya
- Re: [Iot-onboarding] draft-sarikaya-t2trg-sbootst… Behcet Sarikaya