IETF Logo Mail Archive

Re: [Iot-onboarding] EduRoam for IoT

Rafa Marin-Lopez <rafa@um.es> Thu, 12 December 2019 09:27 UTC

Return-Path: <rafa@um.es>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78BC512087C for <iot-onboarding@ietfa.amsl.com>; Thu, 12 Dec 2019 01:27:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id id-uRX3_SDbA for <iot-onboarding@ietfa.amsl.com>; Thu, 12 Dec 2019 01:27:11 -0800 (PST)
Received: from mx01.puc.rediris.es (outbound1mad.lav.puc.rediris.es [130.206.19.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11465120882 for <iot-onboarding@ietf.org>; Thu, 12 Dec 2019 01:27:10 -0800 (PST)
Received: from xenon44.um.es (xenon44.um.es [155.54.212.171]) by mx01.puc.rediris.es with ESMTP id xBC9Qu1H019040-xBC9Qu1I019040; Thu, 12 Dec 2019 10:26:56 +0100
Received: from localhost (localhost [127.0.0.1]) by xenon44.um.es (Postfix) with ESMTP id 9342820168; Thu, 12 Dec 2019 10:26:56 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon44.um.es
Received: from xenon44.um.es ([127.0.0.1]) by localhost (xenon44.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id e22ZZ6344lO4; Thu, 12 Dec 2019 10:26:56 +0100 (CET)
Received: from quantum.inf.um.es (quantum.inf.um.es [155.54.204.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: rafa@um.es) by xenon44.um.es (Postfix) with ESMTPSA id 869FD200D4; Thu, 12 Dec 2019 10:26:48 +0100 (CET)
From: Rafa Marin-Lopez <rafa@um.es>
Message-Id: <B1F675A3-4E5E-46FB-9F62-8AE00778C5DE@um.es>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8604E33C-75A7-4B87-BFC7-E1107E7FEAF1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 12 Dec 2019 10:26:48 +0100
In-Reply-To: <e0478cb2-82b1-605d-95d5-412c8e10bc31@ericsson.com>
Cc: Rafa Marin-Lopez <rafa@um.es>, sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr>, "iot-onboarding@ietf.org" <iot-onboarding@ietf.org>, Guillaume Schreiner <schreiner@unistra.fr>, Michael Richardson <mcr@sandelman.ca>
To: Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>
References: <80fc1573-62f9-26a6-5b55-6ff33c0b1a94@afnic.fr> <62187F87-EC6B-4A34-ACDC-9E5BA5001A0E@cisco.com> <21488.1575913510@localhost> <c4f6ea01-4d52-7cd8-4cdf-b6f5714d1f95@afnic.fr> <22415.1575990074@localhost> <e0478cb2-82b1-605d-95d5-412c8e10bc31@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/eBzMXk9FhcaWAzEVne9frhNDpag>
Subject: Re: [Iot-onboarding] EduRoam for IoT
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 09:27:12 -0000

Hi Mohit:

I fully agree with your e-mail.

Some other comments inline.

> El 11 dic 2019, a las 11:03, Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org> escribió:
> 
> Hi Michael,
> 
> On 12/10/19 5:01 PM, Michael Richardson wrote:
>> sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr> <mailto:sandoche.balakrichenan@afnic.fr> wrote:
>>     >> I don't think that it is network onboarding, but application onboarding that
>>     >> is desired.
>>     >>
>>     > ==> Application onboarding is for the LoRaWAN scenario.
>> 
>>     > Don't we have the need for network onboarding for other IoT networks?
>> 
>>     > The objective is to come with a generic solution, if possible.
>> 
>> Then, I think that you want a BRSKI based system, if you want to address a
>> large number of context.  I am skeptical that this can include LoRA.
> I would like to understand the reasoning behind this statement. 
> 
I would like to understand it as well. As a note, we already tested and got some experimental results using CoAP-EAP (with EAP-PSK as proof-of-concept but any other method can be used, such as EAP-NOOB, EAP-AKA’, etc...). 

Please refer to: https://www.mdpi.com/1424-8220/17/11/2646 
> I believe that EAP is better suited for a large number of contexts:
> 
> - There are more than 52 methods to choose from. Depending on the type of credentials, you can choose from: certificates (EAP-TLS), PSK (EAP-PSK or EAP-TLS-PSK that John, Owen, and I plan to work on), one-time-password (EAP-POTP), password (EAP-pwd), SIM cards (EAP-AKA`) and so on. You can even combine different credentials such as certificates for the outer tunnel and passwords inside (EAP-PEAP/EAP-FAST/EAP-TEAP). 
> - EAP standard has been around for over a decade and is stable. 
> - Several implementations exist (including a few open source).
> - Roaming and federation is natively supported in the EAP architecture. It has been widely deployed and tested (eg. eduroam). 
> - Can work a variety of lower-layers such as UDP (PANA), IEEE 802.11 (EAPOL), CoAP (with CoAP-EAP:https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-06 <https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-06>)
> 
This summary is great. +1

Best Regards.

> I gave a cursory look at BRSKI draft the and found references to unauthenticated TLS, TCP, CoAP, HTTP, CDDL. I am certainly not one of those folks who would use the excuse of small devices or limited bandwidth for poor security (see section 9 of RFC 8387 https://tools.ietf.org/html/rfc8387#section-9 <https://tools.ietf.org/html/rfc8387#section-9>). However, this seems a bit excessive (at least for Sandoche but probably for many others). 
> 
> --Mohit
> 
>> 
>> --
>> ]               Never tell me the odds!                 | ipv6 mesh networks [
>> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
>> ]     mcr@sandelman.ca <mailto:mcr@sandelman.ca>  http://www.sandelman.ca/ <http://www.sandelman.ca/>        |   ruby on rails    [
>> 
>> 
>> 
> -- 
> Iot-onboarding mailing list
> Iot-onboarding@ietf.org
> https://www.ietf.org/mailman/listinfo/iot-onboarding

-------------------------------------------------------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
-------------------------------------------------------

v2.23.0 | Report a Bug | By Email