IETF Logo Mail Archive

Re: [Iot-onboarding] EXTERNAL: Re: [Anima] OPC and BRSKI

Jack Visoky <jmvisoky@ra.rockwell.com> Mon, 12 August 2019 15:27 UTC

Return-Path: <jmvisoky@ra.rockwell.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90EAF121A08; Mon, 12 Aug 2019 08:27:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ra.rockwell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6b1DcNYhlhN; Mon, 12 Aug 2019 08:26:08 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820085.outbound.protection.outlook.com [40.107.82.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7268120BD3; Sun, 11 Aug 2019 14:52:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ec7qUQSA3T8RjxKR0bvTinS72OXeKvhTmnB3OK2BfhR526+TLimFsUYb3hrr5s4XhjjeUdq2X062oMSmRgObhiGLtLayDgojGmFDYjEDSDQIebdUUh6liC0aLOBsL7mVuYREVmxfqNfzcpJtEWAnF0+bdDEU4zp7JOgLbznarJbZBMwEZtJfQjTg/TsPNqKCjEmH7uQ9QJZcEBmINvCkGBRlS7IFSnmxJvKWuadC1EoEBI3LG0je2GIOX6V5BlKvDCZjAW2Gwvk2dg6KnKztpriICiNR5GkTQEQg90SojaEMIPP7zhIdiz3H6LrdzqnS5HHTGlqHDG/gHfyrFWJbvA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zRQayZfoiwd8o/eSNqZGy3icANvE8OZf0p9aayYv4Vg=; b=LmCkPVZhsET6FKDgLNr/u4kN7dqj7yR5GoqF77ZefB0npPIM+AAi4VOGf2zGYLdPVZRpcVgNrn1qLKI7hp/CkEZRO0T+aW6qKDZbCs7zaYtA78ZqquY2T7fUh9YvISnHBaDxadsAscs/LblyGG40Cls75pZ9YHW5/TInVVBaD4YHKI8oHSM+gDKqNri5fkpWB3My4vsvqgta8lvFyk5C/ScLBbUkeet4Dsb3rHKMQ05yN4QvT+deQutRbrTgstDleIF9ScUEwHu50ALqyj1lMSVGoRvtMN9ccHsfzRDh+aTSfL+uhgFubj/MKxR2F5AhHf7rI/tVWd7DUihnrrdwJQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ra.rockwell.com; dmarc=pass action=none header.from=ra.rockwell.com; dkim=pass header.d=ra.rockwell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ra.rockwell.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zRQayZfoiwd8o/eSNqZGy3icANvE8OZf0p9aayYv4Vg=; b=SExUcW2DFNj6DciOo2jCL5gikPCnnQEyZjSfajNoetGameQgk3ZNVw9BLpdzwwLD7iLus331/tAbkE2gSIs8zhnbQKaSsqoftodZABOljHksZuGMcr0e2Iv5oIoI/h7FXfBkhI0UEmn55CFneBWAiteMWA0vrB2u/4yxeNlCDEI=
Received: from DM5PR2201MB1340.namprd22.prod.outlook.com (10.172.46.145) by DM5PR2201MB1083.namprd22.prod.outlook.com (10.174.186.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.21; Sun, 11 Aug 2019 21:52:31 +0000
Received: from DM5PR2201MB1340.namprd22.prod.outlook.com ([fe80::ad07:c135:5d24:2d31]) by DM5PR2201MB1340.namprd22.prod.outlook.com ([fe80::ad07:c135:5d24:2d31%5]) with mapi id 15.20.2157.022; Sun, 11 Aug 2019 21:52:31 +0000
From: Jack Visoky <jmvisoky@ra.rockwell.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "Randy Armstrong (OPC)" <randy.armstrong@opcfoundation.org>
CC: "iot-onboarding@ietf.org" <iot-onboarding@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Thread-Topic: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI
Thread-Index: AQHVTUS+OPIhCz2qG029dL1PCmEs9qbwawQAgAD7iACAABK3gIABwB5AgAGtr4CAACRmgIAAHJKAgAFbS6A=
Date: Sun, 11 Aug 2019 21:52:30 +0000
Message-ID: <DM5PR2201MB1340ECB3168E4E444DFFB6E199D00@DM5PR2201MB1340.namprd22.prod.outlook.com>
References: <BYAPR08MB4903F02A37ED9AE092A59B8EFAD50@BYAPR08MB4903.namprd08.prod.outlook.com> <649C8221-5F33-4EC2-8E03-3EEAF4CAAB64@cisco.com> <BYAPR08MB4903129ECDEADF61E681DE0BFAD50@BYAPR08MB4903.namprd08.prod.outlook.com> <46BF5F7B-5407-45A9-9C4F-EA553DF5814B@cisco.com> <11781.1565189957@localhost> <20190807172252.4sadxaiprm6hhmdy@faui48f.informatik.uni-erlangen.de> <BYAPR08MB490385B1BED4C665C79B1937FAD70@BYAPR08MB4903.namprd08.prod.outlook.com> <4671.1565279232@localhost> <BYAPR08MB49034F3B36F6979D59561FC3FAD70@BYAPR08MB4903.namprd08.prod.outlook.com> <DM5PR2201MB1340BD83D6CF3F95E82518C299D60@DM5PR2201MB1340.namprd22.prod.outlook.com> <19592.1565471757@localhost> <BYAPR08MB49035E6C8A4C9CD1A596B7F2FAD10@BYAPR08MB4903.namprd08.prod.outlook.com> <15583.1565485709@localhost>
In-Reply-To: <15583.1565485709@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jmvisoky@ra.rockwell.com;
x-originating-ip: [205.175.240.242]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 03ec56fc-bb1e-4164-911a-08d71ea635b0
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM5PR2201MB1083;
x-ms-traffictypediagnostic: DM5PR2201MB1083:
x-microsoft-antispam-prvs: <DM5PR2201MB1083C33DEC0638DA1EC9227B99D00@DM5PR2201MB1083.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0126A32F74
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(39860400002)(346002)(136003)(366004)(396003)(199004)(189003)(13464003)(8676002)(25786009)(33656002)(54906003)(66066001)(6246003)(2906002)(110136005)(81166006)(99286004)(81156014)(71200400001)(8936002)(229853002)(478600001)(6436002)(86362001)(71190400001)(9686003)(53936002)(55016002)(6116002)(3846002)(486006)(26005)(7736002)(14454004)(102836004)(305945005)(66556008)(64756008)(66446008)(7696005)(76176011)(52536014)(186003)(11346002)(476003)(74316002)(446003)(316002)(256004)(14444005)(53546011)(5660300002)(66946007)(76116006)(66476007)(6506007)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR2201MB1083; H:DM5PR2201MB1340.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ra.rockwell.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HbsaFsMYHgS3vsI69Z8qEOvNaewtkezjOwKJUEBd+Ykl3KwFkVWb680PyQRTotV58UOcnsaQf2r7zbeB060gV18RZmugQATwQCbPbUa4xZq72L8/2vY7k5hnplhfDl19qmBi/Ss9oI2/4qKrMMGJJDgAaJti3gcmCLficXvPgOSjBGYeJ+u3zhsygUcv7dwFPBZmm0z2u1bPUDtdZUeg/jnKCLG4YnnixxKwRnMs9N2/aXN/Hg9uOwvnpaUIX+gP0bE+S8jtTsNnGYWyoZWhbky/pIFS+hkoFhyGF17tM+CdgRN5GuPhVee3r9J3+fzHaIUyKXYJ1zmeyUblMLODF/ENzqjhKD2i1MqwNLHsrqWbAyogWWk+8xCUcI4d7UVDt9JBhlTct5uhsORJbzOWU3NK6T6QVMxIumm3Kg4nnl4=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ra.rockwell.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 03ec56fc-bb1e-4164-911a-08d71ea635b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2019 21:52:30.9353 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 855b093e-7340-45c7-9f0c-96150415893e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: S3zqETLKotLEJ5hZeLb+0IBRlWfBzMRUESfM8m3U3KyQApQRvjI6M7KhFXL40LCDYN3Kt8VW1VfwaZJwP53o1GvNj+zhojooyQiqwSFJ3OE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2201MB1083
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/sAKpzdJTuGk4BGhaqzzebkjZxA4>
X-Mailman-Approved-At: Sun, 18 Aug 2019 03:11:44 -0700
Subject: Re: [Iot-onboarding] EXTERNAL: Re: [Anima] OPC and BRSKI
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Aug 2019 15:27:27 -0000

> I think so; there are some details of resale that BRSKI would like to make out-of-scope for the first document.  Some way, we have to deal with it, and I would actually like feedback from OPC about the parameters of different solutions here.

So in this case would the MASA need to be OPC specific, that is, use OPC Security and OPC methods?  Apologies if I'm getting ahead of myself on this conversation.

Thanks,

--Jack

-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca> 
Sent: Saturday, August 10, 2019 9:08 PM
To: Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org>
Cc: Jack Visoky <jmvisoky@ra.rockwell.com>; iot-onboarding@ietf.org; anima@ietf.org
Subject: Re: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI


Randy Armstrong (OPC) <randy.armstrong@opcfoundation.org> wrote:
    > The questions that the OPC WG needs to answer are:

    > 1) Can BRSKI meet our requirements?

I think so; there are some details of resale that BRSKI would like to make out-of-scope for the first document.  Some way, we have to deal with it, and I would actually like feedback from OPC about the parameters of different solutions here.

    > 2) If the answer to 1) is yes then can it work with OPC UA security?

yes, I think so.
is there any open source reference code for the OPC UA security?

    > 3) If the answer to 2) is no then do we use TLS or extend our own model
    > with something like BRSKI but not BRSKI?

    > While I cannot predict how the various participants in the OPC WGs will
    > respond to question 3), I do know it would make collaboration a lot
    > easier if the answer to 2) was yes.

I think yes.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email