[Iot-onboarding] So... looking where we are
Eliot Lear <lear@cisco.com> Tue, 27 November 2018 10:14 UTC
Return-Path: <lear@cisco.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1484B130EA7 for <iot-onboarding@ietfa.amsl.com>; Tue, 27 Nov 2018 02:14:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.959
X-Spam-Level:
X-Spam-Status: No, score=-15.959 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lt1Md4mIUDPz for <iot-onboarding@ietfa.amsl.com>; Tue, 27 Nov 2018 02:14:14 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08BEA130E9F for <iot-onboarding@ietf.org>; Tue, 27 Nov 2018 02:14:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4119; q=dns/txt; s=iport; t=1543313654; x=1544523254; h=from:mime-version:subject:message-id:date:to; bh=PFXkWQ9WUAeXvz5JLb/AsPkbI4poFNjOt81yPJTwDrA=; b=QTES/1v1W72ecbulyWJZa9W+kZpTBCiDeZvm2so2ambbamhHvaxYPjDF q08mujIDwlKToYa8VvV4d3E/IZhd2Mfo9jV5opvlSm61Uj49ThuzACNEz ZJswWo9m07aZGxUsx8UsLuM//BkaBtfFD5a8TE97zfwYeo5uHjplTnfRX o=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AEAAAkGP1b/xbLJq1bCRoBAQEBAQIBAQEBBwIBAQEBgVEFAQEBAQsBg1kSjDhfjQ+SEYVUFIFmCAMBAYlANAkNAQMBAQIBAQJtKIZbgSmDKgGCAZZIkBaKIg+CbYdegVmBf4E4DBOHIxNkgmiCJgKPY5ApCYQhhgiHBxIGiWKHKZU1glsCBAYFAhSBRjiBVTMaCBsVZQGCQj2QHT8DjyEBAQ
X-IronPort-AV: E=Sophos;i="5.56,286,1539648000"; d="asc'?scan'208,217";a="8357622"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Nov 2018 10:14:12 +0000
Received: from [10.230.24.220] ([10.230.24.220]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id wARAEBcT020090 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <iot-onboarding@ietf.org>; Tue, 27 Nov 2018 10:14:12 GMT
From: Eliot Lear <lear@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_7316F989-B424-44C8-A094-A73AEF0CCA5D"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Message-Id: <E743C0EF-7540-4EEF-A9DD-B995F396AB42@cisco.com>
Date: Tue, 27 Nov 2018 10:14:11 +0000
To: iot-onboarding@ietf.org
X-Mailer: Apple Mail (2.3445.101.1)
X-Outbound-SMTP-Client: 10.230.24.220, [10.230.24.220]
X-Outbound-Node: aer-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/Qv69KpCdc4hGdgqSt4_WsIRDvnQ>
Subject: [Iot-onboarding] So... looking where we are
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 10:14:28 -0000
Hi everyone, Thanks to a few people for contributing to the GitHub repo we are well on our way. Dave Thaler in particular has pointed out that we might be asking the wrong questions in some cases. I wonder if we could have that discussion. Here are the questions, as they are listed there: How does device introduce itself to the infrastructure or peer? What, if any, proof of possession mechanism is there? Is access to other IP-based devices required in order to fully onboard the device? What form of credential is returned? Is full Internet access required for onboarding? Who becomes the root of trust at the end of onboarding (if any) Could/Is the resulting credential be used for application identity? What happens if the box gets reset? How can transfer of ownership occur? How can transfer to a different cloud service (if applicable) occur? What sort of manufacturing requirements are there? What sort of crypto requirements are there? Reference link The one in red is the one that Dave called out as not well-formed. Eliot
- [Iot-onboarding] So... looking where we are Eliot Lear
- Re: [Iot-onboarding] So... looking where we are Michael Richardson
- Re: [Iot-onboarding] So... looking where we are Randy Bush
- Re: [Iot-onboarding] So... looking where we are Michael Richardson