Re: [Iot-onboarding] EduRoam for IoT
Rafa Marin-Lopez <rafa@um.es> Thu, 12 December 2019 09:27 UTC
Return-Path: <rafa@um.es>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78BC512087C for <iot-onboarding@ietfa.amsl.com>; Thu, 12 Dec 2019 01:27:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id id-uRX3_SDbA for <iot-onboarding@ietfa.amsl.com>; Thu, 12 Dec 2019 01:27:11 -0800 (PST)
Received: from mx01.puc.rediris.es (outbound1mad.lav.puc.rediris.es [130.206.19.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11465120882 for <iot-onboarding@ietf.org>; Thu, 12 Dec 2019 01:27:10 -0800 (PST)
Received: from xenon44.um.es (xenon44.um.es [155.54.212.171]) by mx01.puc.rediris.es with ESMTP id xBC9Qu1H019040-xBC9Qu1I019040; Thu, 12 Dec 2019 10:26:56 +0100
Received: from localhost (localhost [127.0.0.1]) by xenon44.um.es (Postfix) with ESMTP id 9342820168; Thu, 12 Dec 2019 10:26:56 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon44.um.es
Received: from xenon44.um.es ([127.0.0.1]) by localhost (xenon44.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id e22ZZ6344lO4; Thu, 12 Dec 2019 10:26:56 +0100 (CET)
Received: from quantum.inf.um.es (quantum.inf.um.es [155.54.204.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: rafa@um.es) by xenon44.um.es (Postfix) with ESMTPSA id 869FD200D4; Thu, 12 Dec 2019 10:26:48 +0100 (CET)
From: Rafa Marin-Lopez <rafa@um.es>
Message-Id: <B1F675A3-4E5E-46FB-9F62-8AE00778C5DE@um.es>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8604E33C-75A7-4B87-BFC7-E1107E7FEAF1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 12 Dec 2019 10:26:48 +0100
In-Reply-To: <e0478cb2-82b1-605d-95d5-412c8e10bc31@ericsson.com>
Cc: Rafa Marin-Lopez <rafa@um.es>, sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr>, "iot-onboarding@ietf.org" <iot-onboarding@ietf.org>, Guillaume Schreiner <schreiner@unistra.fr>, Michael Richardson <mcr@sandelman.ca>
To: Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>
References: <80fc1573-62f9-26a6-5b55-6ff33c0b1a94@afnic.fr> <62187F87-EC6B-4A34-ACDC-9E5BA5001A0E@cisco.com> <21488.1575913510@localhost> <c4f6ea01-4d52-7cd8-4cdf-b6f5714d1f95@afnic.fr> <22415.1575990074@localhost> <e0478cb2-82b1-605d-95d5-412c8e10bc31@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/eBzMXk9FhcaWAzEVne9frhNDpag>
Subject: Re: [Iot-onboarding] EduRoam for IoT
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 09:27:12 -0000
Hi Mohit: I fully agree with your e-mail. Some other comments inline. > El 11 dic 2019, a las 11:03, Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org> escribió: > > Hi Michael, > > On 12/10/19 5:01 PM, Michael Richardson wrote: >> sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr> <mailto:sandoche.balakrichenan@afnic.fr> wrote: >> >> I don't think that it is network onboarding, but application onboarding that >> >> is desired. >> >> >> > ==> Application onboarding is for the LoRaWAN scenario. >> >> > Don't we have the need for network onboarding for other IoT networks? >> >> > The objective is to come with a generic solution, if possible. >> >> Then, I think that you want a BRSKI based system, if you want to address a >> large number of context. I am skeptical that this can include LoRA. > I would like to understand the reasoning behind this statement. > I would like to understand it as well. As a note, we already tested and got some experimental results using CoAP-EAP (with EAP-PSK as proof-of-concept but any other method can be used, such as EAP-NOOB, EAP-AKA’, etc...). Please refer to: https://www.mdpi.com/1424-8220/17/11/2646 > I believe that EAP is better suited for a large number of contexts: > > - There are more than 52 methods to choose from. Depending on the type of credentials, you can choose from: certificates (EAP-TLS), PSK (EAP-PSK or EAP-TLS-PSK that John, Owen, and I plan to work on), one-time-password (EAP-POTP), password (EAP-pwd), SIM cards (EAP-AKA`) and so on. You can even combine different credentials such as certificates for the outer tunnel and passwords inside (EAP-PEAP/EAP-FAST/EAP-TEAP). > - EAP standard has been around for over a decade and is stable. > - Several implementations exist (including a few open source). > - Roaming and federation is natively supported in the EAP architecture. It has been widely deployed and tested (eg. eduroam). > - Can work a variety of lower-layers such as UDP (PANA), IEEE 802.11 (EAPOL), CoAP (with CoAP-EAP:https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-06 <https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-06>) > This summary is great. +1 Best Regards. > I gave a cursory look at BRSKI draft the and found references to unauthenticated TLS, TCP, CoAP, HTTP, CDDL. I am certainly not one of those folks who would use the excuse of small devices or limited bandwidth for poor security (see section 9 of RFC 8387 https://tools.ietf.org/html/rfc8387#section-9 <https://tools.ietf.org/html/rfc8387#section-9>). However, this seems a bit excessive (at least for Sandoche but probably for many others). > > --Mohit > >> >> -- >> ] Never tell me the odds! | ipv6 mesh networks [ >> ] Michael Richardson, Sandelman Software Works | IoT architect [ >> ] mcr@sandelman.ca <mailto:mcr@sandelman.ca> http://www.sandelman.ca/ <http://www.sandelman.ca/> | ruby on rails [ >> >> >> > -- > Iot-onboarding mailing list > Iot-onboarding@ietf.org > https://www.ietf.org/mailman/listinfo/iot-onboarding ------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es -------------------------------------------------------
- [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT Dan Garcia
- Re: [Iot-onboarding] EduRoam for IoT Eliot Lear
- Re: [Iot-onboarding] EduRoam for IoT Michael Richardson
- Re: [Iot-onboarding] EduRoam for IoT Eliot Lear
- Re: [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT Rafa Marin-Lopez
- Re: [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT Mohit Sethi M
- Re: [Iot-onboarding] EduRoam for IoT Michael Richardson
- Re: [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT Kent Watsen
- Re: [Iot-onboarding] EduRoam for IoT Eduardo Ingles UM
- Re: [Iot-onboarding] EduRoam for IoT sandoche Balakrichenan
- Re: [Iot-onboarding] EduRoam for IoT Mohit Sethi M
- Re: [Iot-onboarding] EduRoam for IoT Rafa Marin-Lopez
- Re: [Iot-onboarding] EduRoam for IoT Kent Watsen