Re: [Iotops] Secure IoT Bootstrapping: A Survey
Eliot Lear <lear@cisco.com> Tue, 30 March 2021 11:39 UTC
Return-Path: <lear@cisco.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F87D3A0D03; Tue, 30 Mar 2021 04:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.898
X-Spam-Level:
X-Spam-Status: No, score=-11.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMCIYzCL4Qhc; Tue, 30 Mar 2021 04:39:05 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4194A3A0CF4; Tue, 30 Mar 2021 04:39:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7611; q=dns/txt; s=iport; t=1617104345; x=1618313945; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=vsBs7FfNeii2tF2A4y7oKbU0IiOTcG14gESrrLy1xhE=; b=TfRDEY7yc7HneAeH6bYZqp2DHKcTMrL7cVFeN08BywQAeCjED4xE9lC5 e2rcigcTM8wWIqO6yPpHTC7aK/sT7IYIPWIui+qT1JyOcDg54kEk+QzhR G2z3z5MyxbV1zc6FQjXTEzJlS9dOgPBsLzilbM4TvNE3mBABYjM790LK9 w=;
X-Files: signature.asc : 488
X-IPAS-Result: A0AiAAA5DWNglxbLJq1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBghCDIVYBJxIxhEGJBIhLA5RAiB8EBwEBAQoDAQEdAQwKBAEBhAxEAoF6JjgTAgMBAQEDAgMBAQEBAQUBAQECAQYEFAEBAQEBAQEBhjYNhkQBAQEBAgEBARYLSwsFCwkCDgoqAgInMAYKCRQHglUBgmYhD48imwt3gTKEU0FEhF8KBoE5gVOFKgGGTEKCC4ESJxyCWT6CYAEBAgGEcTWCKwSDKgRDEFs/SUMFSZ0vix2RXYMRgzqBRIRdjFkIhioDH5QZkDigZ5IdLGMBg34CBAYFAhaBayGBWzMaCBsVOyoBgj4+EhkNjjiFVYMVhUc/Ay8CATUCBgEJAQEDCYkfAQE
IronPort-HdrOrdr: A9a23:jygBDK9WiB1LquNzHgBuk+BaI+orLtY04lQ7vn1ZYxY9SL36q+ mFmvMH2RjozAsAQX1Io7y9EYSJXH+0z/9IyKYLO7PKZmPbkUuuaLpv9I7zhwDnchefysd42b 17e6ZzTP38ZGIWse/f4A21V+kt28OG9qfAv4jj5kxgRw1rdK1shj0RYm2mO3Z7SwVcCZ0yGI D03LsjmxObZX8VYs6nb0NqY8H/obTw5fDbSC9DIxYm7QWU5AnYjILSIly/wgoUVS9JzPME92 XI+jaJgJmLgrWc1gLW0XPV4tBtvObZjvFHBMCKl6EuW1LRtjo=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,290,1610409600"; d="asc'?scan'208,217";a="34614623"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Mar 2021 11:39:03 +0000
Received: from [10.61.144.98] ([10.61.144.98]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 12UBd1CF028760 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 30 Mar 2021 11:39:02 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <7DA8C071-8BE1-4CF5-A712-508DA7EA445B@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_6F91C181-B9E7-476F-8228-70CA5B1C0320"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Date: Tue, 30 Mar 2021 13:39:01 +0200
In-Reply-To: <58405701-32CD-42E1-8E84-6BC6A875537E@tzi.org>
Cc: Ari Keränen <ari.keranen=40ericsson.com@dmarc.ietf.org>, "iotops@ietf.org" <iotops@ietf.org>, "draft-sarikaya-t2trg-sbootstrapping@ietf.org" <draft-sarikaya-t2trg-sbootstrapping@ietf.org>, Susan F Symington <susan@mitre.org>
To: Carsten Bormann <cabo@tzi.org>
References: <HE1PR07MB322618CA30FA751216790E6285849@HE1PR07MB3226.eurprd07.prod.outlook.com> <55009522-4B31-4248-B07F-5905B8BFB8CF@cisco.com> <58405701-32CD-42E1-8E84-6BC6A875537E@tzi.org>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-Outbound-SMTP-Client: 10.61.144.98, [10.61.144.98]
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/KsAebBTuCX3vlJM0de56qL5RsFA>
Subject: Re: [Iotops] Secure IoT Bootstrapping: A Survey
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 11:39:11 -0000
Carsten, It would be good if the draft incorporated the comparison chart that we developed in our side meetings. For one thing, there are several key distinctions for comparison: Network versus Application onboarding Many of the mechanisms assume network access prior to onboarding. That’s not good over any wireless method. Zero-touch versus one-touch deployment Ownership transfer versus proof of knowledge First use versus subsequent uses There are other aspects. Also, NIST has done a lot of work in this space as of late. Have a look at this: https://www.nccoe.nist.gov/projects/building-blocks/iot-network-layer-onboarding <https://www.nccoe.nist.gov/projects/building-blocks/iot-network-layer-onboarding> Susan Symington (CC’d) is the primary author and has done great work in this space. It may make sense to use that taxonomy and apply it to the various solutions. Eliot > On 30 Mar 2021, at 13:13, Carsten Bormann <cabo@tzi.org> wrote: > > On 2021-02-19, at 16:38, Eliot Lear <lear@cisco.com> wrote: >> >> Very well timed. I look forward to discussing this. > > Thanks! > > Now would be a good time to get some initial feedback — we plan to adopt it as an RG document on April 6th. > > Grüße, Carsten > >> >> Eliot >> >>> On 19 Feb 2021, at 16:24, Ari Keränen <ari.keranen=40ericsson.com@dmarc.ietf.org> wrote: >>> >>> Hi IoTOPS folks, >>> >>> At T2TRG the "Secure IoT Bootstrapping: A Survey" draft has been updated: >>> https://datatracker.ietf.org/doc/draft-sarikaya-t2trg-sbootstrapping/ >>> >>> The draft has been discussed and developed quite some time in the T2TRG and we chairs think it's now getting close to ready for adoption. We would like to hear views on this from the IoT operational community. In particular we'd like to hear if the technologies considered important for security setup and bootstrapping by this group are covered in the document. >>> >>> >>> Thanks, >>> Ari & Carsten >>> >>> -- >>> Iotops mailing list >>> Iotops@ietf.org >>> https://www.ietf.org/mailman/listinfo/iotops >
- [Iotops] Secure IoT Bootstrapping: A Survey Ari Keränen
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Eliot Lear
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Carsten Bormann
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Wouter van der Beek
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Eliot Lear
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Behcet Sarikaya
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Wouter van der Beek
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Michael Richardson
- Re: [Iotops] [T2TRG] Secure IoT Bootstrapping: A … Mohit Sethi M
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Carsten Bormann
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Mohit Sethi M
- Re: [Iotops] Secure IoT Bootstrapping: A Survey Warren Kumari