Re: [Iotops] [Anima] [Secdispatch] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF)
Eric Rescorla <ekr@rtfm.com> Sat, 05 March 2022 19:49 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE9863A0B11 for <iotops@ietfa.amsl.com>; Sat, 5 Mar 2022 11:49:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcGEVT79evUh for <iotops@ietfa.amsl.com>; Sat, 5 Mar 2022 11:49:12 -0800 (PST)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A1B03A0B0D for <iotops@ietf.org>; Sat, 5 Mar 2022 11:49:12 -0800 (PST)
Received: by mail-io1-xd2a.google.com with SMTP id c23so13082857ioi.4 for <iotops@ietf.org>; Sat, 05 Mar 2022 11:49:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IJfrC52m1u9nkBdZBayL/hU/5Umt8cjuxnhcX5Xv87w=; b=40NJY1W9ry+LtJ94GkPG1A91/9/4euASBqD93YBOKj+cBGUwfOsjAEEvgNfYa6LX5Y hqA4Lyg7Y7AVuD75Me38gMr4wAwWp/sov32My7yThqFl0LuS+pBVbjR1wnJohV7Zhuvw QMNK+qDk17Q6G1y1Fi4NHlv+THsXER8xcS1C57V4fgcTCl79Pfj9AEzRFk7V3bUBRLzg icWy3pC4lT4Vuxc5We3EIk1Njlk5eDJzp51/Lu5MmrG3S6w4uKrgI8cFPWH+XdagAkOH cFyE4XJFz5g5/tg+QXTfS9tUS9LCOH2/3VLvIp0EGhIGGm//fzFr7541QTrFg/Dl7B+4 ewdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IJfrC52m1u9nkBdZBayL/hU/5Umt8cjuxnhcX5Xv87w=; b=JDdJKjAoLYoCPiUnXP0S9mEA/PdX6nIoHu+BWxp8k3DRmWONOgnRAPVv0OfQHHgT7K 3IN+fMmmPGldzuRIGJJf9D4ls81YemrWx0cwlJchKGwoK5HhcBzyonWiwE5lruQnHE8h BlxYT8Y2MOq5f2g5FWp8s0Nrywl69tK6dmzBiW/sCPcFAWjJeU2zgyTrZ8mlP7pCvdWv HqaUyb8/twIL4FluWjcxAYHz6LHAR9GkKWTJ6/bxmyHQ4SAMBso/KsrAZ2Y1OE7TzFTM EJQJoxhzhwjo4k/CGZmGwrnxvBnn2T6saWYFgnIppkv1KVgejGzZhvR1F9MqcKeCG/YP r6nQ==
X-Gm-Message-State: AOAM53357VLDOMuHHg77XOnWTJIv0Gfb1vt8JYJNephFKSwoqF2FMBSB v6uvGQPcaodO61ln2NIqSPvsy/UOBgHWMt6+P6/1qw==
X-Google-Smtp-Source: ABdhPJxEVFsd03Rn/BaQvFblPyFHt3OXynNS+3Qo9TLWOaJ9/J0QEN8/Biwq0HRqAuxpSiTz8mMKar5ehd9L72reGmk=
X-Received: by 2002:a5e:d60d:0:b0:640:9e90:c1c4 with SMTP id w13-20020a5ed60d000000b006409e90c1c4mr3941293iom.0.1646509751178; Sat, 05 Mar 2022 11:49:11 -0800 (PST)
MIME-Version: 1.0
References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com> <1865.1644434146@localhost> <E1nHwaz-0000LM-I5@ocean1.commercebyte.com> <4026.1644516168@localhost> <685366A1-01F4-4788-B025-0F5F4CE7947F@commercebyte.com> <DBBPR08MB591577EC79C3D11114AA747CFA3C9@DBBPR08MB5915.eurprd08.prod.outlook.com> <FC43EB7C-5ABF-4061-89BA-1503F0B6340D@commercebyte.com> <DBBPR08MB59159BFB36A926DA8E851723FA3D9@DBBPR08MB5915.eurprd08.prod.outlook.com> <665685D3-B9AA-4A5E-B5B0-33D313A40716@commercebyte.com> <6296.1646509436@localhost>
In-Reply-To: <6296.1646509436@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 05 Mar 2022 11:48:35 -0800
Message-ID: <CABcZeBM9sUs2cZyf8564-501p0RUve_FBvEBAd45k2RhyRbFqg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "secdispatch@ietf.org" <secdispatch@ietf.org>, Jim Zubov <ietf-list@commercebyte.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "anima@ietf.org" <anima@ietf.org>, "iotops@ietf.org" <iotops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d6afef05d97dec49"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/nbAr-_P8VIjfhHtueg8QR8s_Y6Y>
Subject: Re: [Iotops] [Anima] [Secdispatch] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF)
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Mar 2022 19:49:18 -0000
On Sat, Mar 5, 2022 at 11:44 AM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > Jim Zubov <ietf-list@commercebyte.com> wrote: > > I just want to emphasize once again that the relay is end to end TLS. > > There are some IoT management solutions on the market, both open > source > > and proprietary, but as far as I can tell none of them fully follows > > the end to end paradigm. I believe it's worth having a universal > > cross-vendor solution that handles SNIF device onboarding, maintains > > the credentials in a local secure storage, and consolidates https > based > > management interface hosted by individual devices through SNIF. > > Even if SNIF winds up "just" being a standardized way to call-home, I think > that has value. I think that some text needs to be added contrasting > SNIF > to UPnP and RFC6887 (Port Control Protocol). > > What I haven't heard any comments in on the SECDISPATCH point of view about > what to do with this document. I provided some comments at the end of my review. Briefly, I have doubts that this is the best technical approach and so I think if we are to work on this problem we should start by working out the problem statement and requirements first. Have the SECDISPATCH chairs put it on the > agenda, I think putting it on the SECDISPATCH agenda would be appropriate > or is there any agreement that maybe IOTOPS should dispatch it? > I think that would be a bad idea. There's nothing really IoT-specific here. -Ekr > Hannes: what do you think? > > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima >
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Michael Richardson
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Jim Zubov
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Michael Richardson
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Jim Zubov
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Hannes Tschofenig
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Jim Zubov
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Hannes Tschofenig
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Jim Zubov
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Hannes Tschofenig
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Jim Zubov
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Hannes Tschofenig
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Michael Richardson
- Re: [Iotops] [Anima] [Secdispatch] I-D: Deploying… Eric Rescorla
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Michael Richardson
- Re: [Iotops] [Secdispatch] I-D: Deploying Publicl… Jim Zubov
- Re: [Iotops] [Anima] [Secdispatch] I-D: Deploying… Michael Richardson
- Re: [Iotops] [Anima] [Secdispatch] I-D: Deploying… Eric Rescorla
- Re: [Iotops] [Secdispatch] [Anima] I-D: Deploying… Jim Zubov
- Re: [Iotops] ***SPAM**** Re: [Secdispatch] [Anima… Stephen Farrell