IETF Logo Mail Archive

Re: [Iot-onboarding] EXTERNAL: Re: [Anima] OPC and BRSKI

"Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org> Sun, 11 August 2019 06:28 UTC

Return-Path: <randy.armstrong@opcfoundation.org>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A3C2120891; Sat, 10 Aug 2019 23:28:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=opcfoundation.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7bH11tgJdoX7; Sat, 10 Aug 2019 23:27:43 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760080.outbound.protection.outlook.com [40.107.76.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 686FA120823; Sat, 10 Aug 2019 19:55:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LDFkkOrqy2vc4uET+VwQ35MtxuN2wJNNRTc+zc8x7AokoQWl/6i4+OC27eh+7l2iRdEJU6dYsFd4yA94usvTRIJMYXltPYLSq9EOi/KXMuD91/E8oIaoggLJkGmZ7IokXrUYoiwkN4kn4vSJLpRkccQudZrq3fv0Q9tTvCgMQL4aU1+ovhjd9+3lPcJxVdtoi2Utz7k2Y/OcaLoYNQKlIrgRiI0D0vXEjNAJqbFfJi9ssssJzkOR8t/nh24u5NRM98WT7QeMtuemvz5LHzNpyx39wvGepLc/ctpg3BhnjabqNGufooGUBwgIiPnd4kQCNIQmMEYWpDt4HpzL9K4Jkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fR8+KHV7k31dzKU1jAN4A5+FjJD2LSP8ToNLmo/KftY=; b=C/5yWZbhg8NbocAIqcPvgWUoppDOv+k18bp5nf3LpBgdgtGNja7wohSxwhOynifYZzgIU+kRwce3wH8cmCMAnV9VQxI18wpqGwgEI70f5JDRU349yMdZaL192StM8bCYtJxeicpoeRffD4t+lrsUhbM782YxXBF0CwKIkUJt6sGq2r7oWklWvKXDCPZDMIoX3KhvktLZOJBgizsnbFGiVXZOgRRBqaB7ndMi3CLWjne+rMrUtG6kss+xyKcEzopt+0iUrdlSpk2hlmJJoX3Me55FetTpaABUn4cy3i03jXmb33pP+X28oDAfGUGo71F19Wm31uqSTGtpJ3XWEQEvHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=opcfoundation.org; dmarc=pass action=none header.from=opcfoundation.org; dkim=pass header.d=opcfoundation.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opcfoundation.onmicrosoft.com; s=selector1-opcfoundation-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fR8+KHV7k31dzKU1jAN4A5+FjJD2LSP8ToNLmo/KftY=; b=EMtBOlQZhqNaawQCJRsD33Xd+nTIDnhe6uCHjAi+YJlrF4fq5CYiWk6KzS+4VtDN00j/kjbdJo4LCDgY18+nk2bLS+fXReb+7HJX1a/dTvgNdpEf9EpcpldZVNb+/6um3zH4XLPJQ4xQ9UdgqRVYJB+fOD7sa5iK0boS2CrhUhk=
Received: from BYAPR08MB4903.namprd08.prod.outlook.com (20.176.255.96) by BYAPR08MB5445.namprd08.prod.outlook.com (52.135.241.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Sun, 11 Aug 2019 02:55:43 +0000
Received: from BYAPR08MB4903.namprd08.prod.outlook.com ([fe80::149d:d834:7df3:fc53]) by BYAPR08MB4903.namprd08.prod.outlook.com ([fe80::149d:d834:7df3:fc53%4]) with mapi id 15.20.2157.020; Sun, 11 Aug 2019 02:55:43 +0000
From: "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "iot-onboarding@ietf.org" <iot-onboarding@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI
Thread-Index: AdVMZzs5EDHMP+c/QWCVcWuK34MU/QAGrJ8AAADfarAABKcngAAmKcyAAAUDvQAADyfMUAAfy3oAAAGXgVAAOV4vAAA1GsaAAAH8CsAABiL5gAACgh1w
Date: Sun, 11 Aug 2019 02:55:42 +0000
Message-ID: <BYAPR08MB4903EDF247B68E31BC2C580BFAD00@BYAPR08MB4903.namprd08.prod.outlook.com>
References: <BYAPR08MB4903F02A37ED9AE092A59B8EFAD50@BYAPR08MB4903.namprd08.prod.outlook.com> <649C8221-5F33-4EC2-8E03-3EEAF4CAAB64@cisco.com> <BYAPR08MB4903129ECDEADF61E681DE0BFAD50@BYAPR08MB4903.namprd08.prod.outlook.com> <46BF5F7B-5407-45A9-9C4F-EA553DF5814B@cisco.com> <11781.1565189957@localhost> <20190807172252.4sadxaiprm6hhmdy@faui48f.informatik.uni-erlangen.de> <BYAPR08MB490385B1BED4C665C79B1937FAD70@BYAPR08MB4903.namprd08.prod.outlook.com> <4671.1565279232@localhost> <BYAPR08MB49034F3B36F6979D59561FC3FAD70@BYAPR08MB4903.namprd08.prod.outlook.com> <DM5PR2201MB1340BD83D6CF3F95E82518C299D60@DM5PR2201MB1340.namprd22.prod.outlook.com> <19592.1565471757@localhost> <BYAPR08MB49035E6C8A4C9CD1A596B7F2FAD10@BYAPR08MB4903.namprd08.prod.outlook.com> <15583.1565485709@localhost>
In-Reply-To: <15583.1565485709@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=randy.armstrong@opcfoundation.org;
x-originating-ip: [24.80.80.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 62acf3f0-63ff-4bcb-7ed7-08d71e07669e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR08MB5445;
x-ms-traffictypediagnostic: BYAPR08MB5445:
x-microsoft-antispam-prvs: <BYAPR08MB54456793BBD2CA4472E2093FFAD00@BYAPR08MB5445.namprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0126A32F74
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(366004)(136003)(376002)(39830400003)(13464003)(199004)(189003)(11346002)(508600001)(476003)(74316002)(305945005)(8936002)(316002)(486006)(54906003)(3846002)(86362001)(6116002)(99286004)(446003)(2906002)(33656002)(66066001)(66946007)(66476007)(76116006)(7736002)(64756008)(6436002)(66446008)(81156014)(81166006)(14454004)(9686003)(66556008)(8676002)(229853002)(55016002)(71190400001)(71200400001)(76176011)(25786009)(7696005)(53546011)(6506007)(102836004)(186003)(6246003)(5660300002)(52536014)(53936002)(256004)(26005)(4326008)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR08MB5445; H:BYAPR08MB4903.namprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: opcfoundation.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 0J36+R/PrOOQmUMb1ZCgDqhwhEg+Gr41dHe8i7ig3oosT+zUkP2FusYgQuQ/NMZmhmKf1PO9kLutdxvuWKmvw5e0sO/oYvnighLx1ax/iUPhxqwuUjhYd5Fzlqdmww2zqg+MDzVq8PP2bDDjcxwkK7sJQTp3pkwSG8/SYYt3Uv5Qku5O5G+dEqbc5Hrl7PpwuESJwk75Q4+CCJR45roCpYYoSpJlRNLHdOBiOxaYhTmKgmxcuxpDUvJKNdABmoJ9WFQ/4X+sE/eQ/rCoE4G7DzS8XmJzhWkVYJle4/l526X4nJoEOA2jxhLhDMJbG+uXeWei4lLLLfqaVeTg/2gtwoCzXVcdB/epMcq/aU0LEwlk6mFAEp3Go3vAN+OsLoSY+Ne17x6sVaDI+Y325UvDB1xbTsvU7yXF1Fre9wlsVZ8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: opcfoundation.org
X-MS-Exchange-CrossTenant-Network-Message-Id: 62acf3f0-63ff-4bcb-7ed7-08d71e07669e
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2019 02:55:42.9942 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2d8ef4e4-d41c-489c-8004-bb99304b60fe
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b3W8BEGF3aIkCSv+JWyCbv/DFW6KEFttvgG1mii+B8UlF8Qgww3F3MMWD0bdRU03+Yq1aWVuXyXGbSbA/0yt0xpUxjM8pS0lU8WiBbK2korUzRsmaevWVtT08ICgg3H4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR08MB5445
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/d3TqXy1WCCXMG_JwBK_l4ae2Vug>
Subject: Re: [Iot-onboarding] EXTERNAL: Re: [Anima] OPC and BRSKI
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Aug 2019 06:28:38 -0000

> I think so; there are some details of resale that BRSKI would like to make out-of-scope for the first document.  Some way, we have to deal with it, and I would actually like feedback from OPC about the parameters of different solutions here.

There are two things I would like to clarify:

1) As it stands today BRSKI is pull model only and the push model is out of scope but I don't see why that has to be the case once you allow for different protocols between the Device and the Registrar. With our proposed OPC mapping we would define a Registrar that supports both models. Is this of any interest to the IETF or would it be an OPC only thing?

2) Perhaps the most value from BRSKI comes not from the MASA per se but the voucher format (i.e. a digitally signed document with a standard format). We could meet a lot of our requirements if we had a voucher which has a list of nonce-less or bearer vouchers shipped to a particular location for use by a particular end user. We could create workflows where the manufacturer/distributor has to create this document when devices are delivered. The document could be delivered via the MASA or via some other B2B exchange or even on a USB stick. However it is delivered it can then be read by the Registrar and use it to build a whitelist of Devices allowed on the network. 

I am also thinking that this voucher would be a good application for block chain where instead of a bearer voucher we define a mechanism where the owner the device could append a "block" to the original voucher which authorizes the transfer to new owner. 

-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca> 
Sent: August 10, 2019 6:08 PM
To: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org>
Cc: Jack Visoky <jmvisoky@ra.rockwell.com>; iot-onboarding@ietf.org; anima@ietf.org
Subject: Re: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI


Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org> wrote:
    > The questions that the OPC WG needs to answer are:

    > 1) Can BRSKI meet our requirements?

I think so; there are some details of resale that BRSKI would like to make out-of-scope for the first document.  Some way, we have to deal with it, and I would actually like feedback from OPC about the parameters of different solutions here.

    > 2) If the answer to 1) is yes then can it work with OPC UA security?

yes, I think so.
is there any open source reference code for the OPC UA security?

    > 3) If the answer to 2) is no then do we use TLS or extend our own model
    > with something like BRSKI but not BRSKI?

    > While I cannot predict how the various participants in the OPC WGs will
    > respond to question 3), I do know it would make collaboration a lot
    > easier if the answer to 2) was yes.

I think yes.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email