IETF Logo Mail Archive

Re: [TLS] bootstrapping of constrained devices

Anders Rundgren <anders.rundgren.net@gmail.com> Fri, 21 March 2014 03:56 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63F211A0919 for <tls@ietfa.amsl.com>; Thu, 20 Mar 2014 20:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level:
X-Spam-Status: No, score=-1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XrXXYvOpo4xx for <tls@ietfa.amsl.com>; Thu, 20 Mar 2014 20:56:08 -0700 (PDT)
Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) by ietfa.amsl.com (Postfix) with ESMTP id 835121A0918 for <tls@ietf.org>; Thu, 20 Mar 2014 20:56:08 -0700 (PDT)
Received: by mail-wi0-f169.google.com with SMTP id hm4so174974wib.2 for <tls@ietf.org>; Thu, 20 Mar 2014 20:55:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=hESjoREWXKH6fQzetp6M3lsCdCzJqmlaH2UrpTpWHEg=; b=E1VAuw3NDnJIHp/hwcHL9Sr12jcicoSJTujhcsSP7zt6hlKKi9/CkQR02dzlFCpWRy StMgJD+YSnVoq6A4dJKxrRsD/wXQVkXsbi6wUFv7eAmJw5CyGALHbWqUsXbDuOJtoJQP LY/R3SJQ9n3KqwHl0BCQy/FuPlnd3Q4oAMqiHHNuRs94RDH0362fZIFJh44XytC+1jjH P1gnuccN2RPqRJ/UEKqqkEDSpMDaDpxVBtmXEJaOyO/FBRyQbLwR5uuP7CBZa1aYoUg2 aHj7sN6POR+LYWSBnv+V0yjS1z/qG+tbh107l0eOHV9c9l0NTEFdYiNnBd3LjOZIk8DD JH3Q==
X-Received: by 10.180.98.165 with SMTP id ej5mr345581wib.33.1395374158794; Thu, 20 Mar 2014 20:55:58 -0700 (PDT)
Received: from [192.168.1.99] (188.110.176.95.rev.sfr.net. [95.176.110.188]) by mx.google.com with ESMTPSA id fs4sm1128433wib.11.2014.03.20.20.55.57 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 20 Mar 2014 20:55:58 -0700 (PDT)
Message-ID: <532BB846.2030300@gmail.com>
Date: Fri, 21 Mar 2014 04:55:50 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Rene Struik <rstruik.ext@gmail.com>, robert.cragie@gridmerge.com, "'tls@ietf.org'" <tls@ietf.org>
References: <53288C43.9010205@mit.edu> <5328B6DF.8070703@fifthhorseman.net> <5328C0C8.9060403@mit.edu> <6b79e0820d349720f12b14d4706a8a5d.squirrel@webmail.dreamhost.com> <CALCETrUz8zCBHiq42GTnkkSaBcpA5pjSvk6kwwPjzn+MtBKMgA@mail.gmail.com> <e38419e3ada3233dbb3f860048703347.squirrel@webmail.dreamhost.com> <CALCETrVgJxfdCxZqc9ttHHNKHm-hdtGbqzHvsQ-6yd5BK=9PDw@mail.gmail.com> <67BAC033-2E23-4F03-A4D9-47875350E6B5@gmail.com> <532B0EAA.5040104@fifthhorseman.net> <8D8698DF-5C06-4F2A-8994-E0A36A987D6D@vpnc.org> <532B1739.80907@fifthhorseman.net> <CADrU+d+GkGU1Da3W6xGuOq4qvd40DdT6+sO6WEZeEag7Q1OiVQ@mail.gmail.com> <532B9B65.4030708@gmail.com>
In-Reply-To: <532B9B65.4030708@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/477x2ZnB3jNtrRq62xm9xBhkin8
Subject: Re: [TLS] bootstrapping of constrained devices
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 03:56:10 -0000

On 2014-03-21 02:52, Rene Struik wrote:
> Hi Robert:
> 
> Wouldn't it be much easier to embed device certificates with constrained devices at manufacturing? This may do away with need to store info that is not public on servers.

+1

way to go
> 
> If you could provide some links to discussions in "IoT community groups" interested in this, that would help.
> 
> Best regards, Rene
> 
> ==
> There is a lot of interest in the IoT community in using some form of PAKE in conjunction with DTLS (or TLS with EAP) for authenticating commissioning/bootstrapping of IoT devices onto IoT networks
> 
> On 3/20/2014 1:21 PM, Robert Cragie wrote:
>>
>> It should be remembered that TLS is used in places other than web browsers - the existence of the DICE WG is testament to this. There is a lot of interest in the IoT community in using some form of PAKE in conjunction with DTLS (or TLS with EAP) for authenticating commissioning/bootstrapping of IoT devices onto IoT networks. I realise this is different to the original proposition in this thread but wanted to draw this to the attention of the WG nevertheless.
>>
>> Robert
>>
>> On 20 Mar 2014 12:28, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net <mailto:dkg@fifthhorseman.net>> wrote:
>>
>>     On 03/20/2014 12:18 PM, Paul Hoffman wrote:
>>     > As an important note, you did not define "we" above. A few possible expansions would be:
>>     >
>>     > - The TLS WG, where this thread currently lives, does not get to define Web UI without a charter change.
>>     >
>>     > - The HTTPbis WG has not asked the TLS WG to take over this work, nor has it embraced anything like it.
>>     >
>>     > - The IETF doesn't do this kind of work as a whole body.
>>     >
>>     > - The IAB (of which none of us are part of the "we") might take the topic on and suggest ways which the IETF might do the work.
>>
>>     yep, thanks for the clarification.  I actually meant "we" in the broad
>>     sense of "the community of people who care about making communications
>>     on the web more secure", which includes groups you didn't even mention
>>     above, like web site designers, systems administrators, etc.
>>
>>     It's still on-topic here (despite the broad scope implied above) because
>>     the TLS WG does have a role to play, by considering the merits of
>>     proposals like http://tools.ietf.org/html/draft-thomson-tls-care, as
>>     well as considering alternatives that deal with this particular use case.
>>
>>     >> option (A) is seriously hard, maybe impossible given the state of the
>>     >> web.  option (B) is terrible.
>>     >
>>     > Exactly right, for any value of "we".
>>
>>     :(
>>
>>             --dkg
>>
>>
>>     _______________________________________________
>>     TLS mailing list
>>     TLS@ietf.org <mailto:TLS@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/tls
>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 
> 
> -- 
> email: rstruik.ext@gmail.com | Skype: rstruik
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
> 
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email