Re: [T2TRG] RESTful Design & Security

[Hannes Tschofenig <hannes.tschofenig@gmx.net>]

Hi Matthias,

I know that this is a research group and everyone can create whatever
they want.

We briefly talked about security at the IoT directorate conference call
and I would be interesting to hear what works and what does not work for
others.

Ciao
Hannes


On 03/07/2017 07:45 PM, Kovatsch, Matthias wrote:
> On big propaganda tour? :P
> 
> Regards
> Matthias
> 
> 
> Sent from my phone, limitations might apply.
> 
> -----Original Message-----
> *From:* Hannes Tschofenig [hannes.tschofenig@gmx.net]
> *Received:* Tuesday, 07 Mar 2017, 19:39
> *To:* Michael Richardson [mcr+ietf@sandelman.ca]
> *CC:* t2trg@irtf.org [T2TRG@irtf.org]
> *Subject:* Re: [T2TRG] RESTful Design & Security
> 
> OSCOAP does not work when
> 
> * you mix protocols,
> * use a middlebox for some processing interactions (such as data
> aggregation), and
> * when one of the protocols is a non-RESTful protocol, such as BLE or MQTT.
> 
> Unfortunately, these the use cases we are facing in current IoT
> deployments. For similar reasons we cannot use RFC 8075 either.
> 
> Maybe you are seeing different deployment environments.
> 
> Ciao
> Hannes
> 
> On 03/07/2017 06:39 PM, Michael Richardson wrote:
>> 
>> Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>>     > Needless to say that these challenges have also been observed in other
>>     > protocols as well, such as HTTP and even SIP.
>> 
>>     > What is the story for providing application layer security?
>> 
>> OSCOAP seems to be end-to-end to me.
>> 
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>>  -= IPv6 IoT consulting =-
>> 
>> 
>> 
> 
> 
> 
> _______________________________________________
> T2TRG mailing list
> T2TRG@irtf.org
> https://www.irtf.org/mailman/listinfo/t2trg
>