Re: [T2TRG] Report from breakout on using application credentials to enable network access
Dan García Carrillo <dan.garcia@um.es> Sat, 15 April 2017 11:30 UTC
Return-Path: <dan.garcia@um.es>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A102128D40 for <t2trg@ietfa.amsl.com>; Sat, 15 Apr 2017 04:30:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yqf1ScF5QmZQ for <t2trg@ietfa.amsl.com>; Sat, 15 Apr 2017 04:30:03 -0700 (PDT)
Received: from xenon21.um.es (xenon21.um.es [155.54.212.161]) by ietfa.amsl.com (Postfix) with ESMTP id C9352128B93 for <t2trg@irtf.org>; Sat, 15 Apr 2017 04:30:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by xenon21.um.es (Postfix) with ESMTP id 5DEA43FA98; Sat, 15 Apr 2017 13:29:58 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon21.um.es
Received: from xenon21.um.es ([127.0.0.1]) by localhost (xenon21.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HQwbE7NilW3S; Sat, 15 Apr 2017 13:29:58 +0200 (CEST)
Received: from [192.168.1.206] (unknown [89.33.191.228]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dan.garcia@um.es) by xenon21.um.es (Postfix) with ESMTPSA id 469D43F805; Sat, 15 Apr 2017 13:29:55 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dan García Carrillo <dan.garcia@um.es>
In-Reply-To: <21025.1492191075@obiwan.sandelman.ca>
Date: Sat, 15 Apr 2017 13:29:55 +0200
Cc: Dan García Carrillo <dan.garcia@um.es>, t2trg@irtf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <FADE3141-A0D0-4FE6-B750-F3B38B04E7F2@um.es>
References: <3e12961e-0ba7-f580-2837-1971e47e0840@ericsson.com> <E2FA0FF2-57F4-489C-AC7A-5B9763DF655E@um.es> <CBF2A279-A163-4B0C-9F53-6EDD21511A7B@um.es> <21025.1492191075@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/2f8qiXapHd4VqHcufpLklGQp7eE>
Subject: Re: [T2TRG] Report from breakout on using application credentials to enable network access
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Apr 2017 11:30:05 -0000
Hi, > El 14 abr 2017, a las 19:31, Michael Richardson <mcr+ietf@sandelman.ca> escribió: > > > Dan García Carrillo <dan.garcia@um.es> wrote: >> Regarding the topic of network access for IoT devices. We are >> currently working on that, using RADIUS and EAP. Concretely, we are >> using CoAP to transport EAP messages. The proposal is in >> draft-marin-ace-wg-coap-eap. > >> We have a functional prototype of the protocol for Contiki O.S. and we >> have performed some tests comparing the performance to PANATIKI's >> implementation of the PANA protocol for Contiki O.S shown in this >> article. http://www.mdpi.com/1424-8220/16/3/358 > > What node provides the authenticator function? > Do you have that part in Contiki? Your document says you run that on a Linux > system using hostapd. > In the prototype implementation the Authenticator currently is outside the 6LowPAN. We connect to it with the border router in Contiki. > How do you establish the radius shared secret for node A or B, > so that it can help enroll some future node E. Or must it always go through > pre-established controller C? > > If that's an intended limitation, then it can't work for enrolling nodes > in a route-over mesh, only for single-hop networks. > Are you asking if we support the joining through an intermediary? If that is the case, we are currently working on that with a CoAP relay and CoAP proxy. The authentication is always with the Controller, through the intermediary (that is previously authenticated and shares key material with the Controller), and it would be no problem in a multi-hop network. > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > Regards, Dan > > _______________________________________________ > T2TRG mailing list > T2TRG@irtf.org > https://www.irtf.org/mailman/listinfo/t2trg
- Re: [T2TRG] Report from breakout on using applica… Hannes Tschofenig
- Re: [T2TRG] Report from breakout on using applica… Michael Richardson
- Re: [T2TRG] Report from breakout on using applica… Dan García Carrillo
- Re: [T2TRG] Report from breakout on using applica… Dan García Carrillo
- Re: [T2TRG] Report from breakout on using applica… Dan García Carrillo
- [T2TRG] Report from breakout on using application… Mohit Sethi