[ipwave] Root CA for automobiles
Alexandre Petrescu <alexandre.petrescu@gmail.com> Fri, 05 June 2020 13:51 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CAB43A08BE for <its@ietfa.amsl.com>; Fri, 5 Jun 2020 06:51:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.669
X-Spam-Level:
X-Spam-Status: No, score=0.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwg3UAmGxfWK for <its@ietfa.amsl.com>; Fri, 5 Jun 2020 06:51:52 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CA533A08AF for <its@ietf.org>; Fri, 5 Jun 2020 06:51:52 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 055DpoQX047311 for <its@ietf.org>; Fri, 5 Jun 2020 15:51:50 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 4ACE6200FB0 for <its@ietf.org>; Fri, 5 Jun 2020 15:51:50 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 41AC4200FAF for <its@ietf.org>; Fri, 5 Jun 2020 15:51:50 +0200 (CEST)
Received: from [10.11.241.174] ([10.11.241.174]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 055DpnBt024756 for <its@ietf.org>; Fri, 5 Jun 2020 15:51:49 +0200
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
To: IPWAVE WG <its@ietf.org>
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com>
Message-ID: <f46f4642-0302-fea4-7f06-041891b2809e@gmail.com>
Date: Fri, 05 Jun 2020 15:51:49 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/8XneBgXO63eUzWkEIn1Nc7RS8kI>
Subject: [ipwave] Root CA for automobiles
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 13:51:54 -0000
Hi, IPWAVErs, There was some discussion about security for vehicular networks, here in the IPWAVE WG. Security for vehicular networks relies on many things. One of the basis is a CA: a Certificate Authority. I wish I could formulate a few requirements for a CA and PKI for vehicular networks like this: - it should be easy to obtain certificates to use in automobiles. It should be as easy to obtain a certificate for automobile as it is easy to obtain certificates for emails, for servers, for code. Ideally, these certificates should be for free, or very low cost. - a root CA for vehicular networks should be integrated with all the other CAs in the Internet, CAs that I can find pre-instaled in a free web browser, e.g. firefox. - people should trust the CAs for vehicular networks. - I'd add: the root CA for vehicular networks should work fine with IPv6, be reachable on IPv6 in the Internet, accept IPv6 addresses in its formats, use the I-D about TLS, something like draft-serhrouchni-tls-certieee1609, draft-tls-certieee1609-02.txt, draft-msahli-ipwave-extension-ieee1609-03.txt For information, in Europe there was much work and discussion in recent years about dedicated CAs and PKIs for vehicular networks. Pdf documents were issued by expert groups; technical demos were performed. A webinar is now proposed by Atos with a JRC (a Joint Research Center of EC): "C-ITS EU Root CA Webinar June 18th 1pm – 2pm CEST" https://ecwacs.webex.com/meet/gmenzel In France, the company Idnomic proposed such certificates at a point in time. In Netherlands, a company is based, that is named GloablSign, which is a CA, which authenticates the "EU Login" which is "one account, many EU services". In my project we used openssl open source software to make and install a CA and certify a few self-driving automobiles, RSUs and traffic lights controllers through it, on a virtual private network. It's easy to do. What is difficult is to scale it to the size of the Internet and to numerous automobiles. Alex
- [ipwave] Root CA for automobiles Alexandre Petrescu