Re: [saag] IoT Authentication
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 15 September 2021 20:49 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4887D3A110E for <saag@ietfa.amsl.com>; Wed, 15 Sep 2021 13:49:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mI10RfeUXuMr for <saag@ietfa.amsl.com>; Wed, 15 Sep 2021 13:49:13 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0010F3A110B for <saag@ietf.org>; Wed, 15 Sep 2021 13:49:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 5306C39F56; Wed, 15 Sep 2021 16:56:00 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id vafUN4mx4rZz; Wed, 15 Sep 2021 16:55:54 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8D2F539F54; Wed, 15 Sep 2021 16:55:54 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 3D3FF553; Wed, 15 Sep 2021 16:49:03 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: sarikaya@ieee.org
cc: IETF SAAG <saag@ietf.org>, "<Dirk.von-Hugo@telekom.de>" <Dirk.von-Hugo@telekom.de>
In-Reply-To: <CAC8QAccvc=HTNdnoN2gYRhLHR3g_PNSsJo16a0tT8DG3MRM6sA@mail.gmail.com>
References: <CAC8QAccvc=HTNdnoN2gYRhLHR3g_PNSsJo16a0tT8DG3MRM6sA@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 15 Sep 2021 16:49:03 -0400
Message-ID: <5301.1631738943@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/GtcgXM3XJjpzYEhLFEzPowtRet0>
Subject: Re: [saag] IoT Authentication
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Sep 2021 20:49:20 -0000
Behcet Sarikaya <sarikaya2012@gmail.com> wrote: > Can anyone point to a recent survey draft/RFC on IoT authentication > techniques developed/being developed in various WGs so far? What exactly are you talking about? You write *authentication*, but do you mean authorization? I know that you know the difference, so I wonder exactly what you mean. ACE has done lots of interesting work, but it about authorization, not authentication. RFC8995 (BRSKI) deals with authentication of devices, including sending authorizations to the device as to what network they should join, and how to authenticate that network. I have a few documents that started in ANIMA: 1) draft-richardson-anima-masa-considerations (*) Mostly about IDevID and other related trust anchors such that devices can later be authenticated. 2) draft-richardson-t2trg-idevid-considerations Forked off above, dealing with how the PKI used for above can be evaluated. 3) draft-richardson-anima-registrar-considerations (*) about how an operator builds and manages the infrastructure to authenticate devices. (*) sorry, expired, but documents will get refreshed this month. In addition. t2trg has: https://datatracker.ietf.org/doc/draft-irtf-t2trg-secure-bootstrapping/ it refers to many things, including https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ which is on the verge of RFC. Today, most vertically integrated systems deploy static keys to the devices to authenticate the "cloud" service to the IoT device. Whether or not the, they authenticate the device at all is often unknown without an NDA.
-- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [saag] IoT Authentication Behcet Sarikaya
- Re: [saag] IoT Authentication Kathleen Moriarty
- Re: [saag] IoT Authentication Michael Richardson
- Re: [saag] IoT Authentication Dirk.von-Hugo