[TLS] Regarding the identity bidding issue when using raw public key with TLS

Wang Haiguang <wang.haiguang.shieldlab@huawei.com> Thu, 12 July 2018 09:30 UTC

Return-Path: <wang.haiguang.shieldlab@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22D071310A0 for <tls@ietfa.amsl.com>; Thu, 12 Jul 2018 02:30:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ifkUDVsuYZnE for <tls@ietfa.amsl.com>; Thu, 12 Jul 2018 02:30:47 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3711913109F for <tls@ietf.org>; Thu, 12 Jul 2018 02:30:47 -0700 (PDT)
Received: from lhreml707-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 71BE597FAC5B5 for <tls@ietf.org>; Thu, 12 Jul 2018 10:30:42 +0100 (IST)
Received: from SINEML703-CAH.china.huawei.com (10.223.161.53) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 12 Jul 2018 10:30:43 +0100
Received: from SINEML521-MBX.china.huawei.com ([169.254.1.226]) by SINEML703-CAH.china.huawei.com ([10.223.161.53]) with mapi id 14.03.0382.000; Thu, 12 Jul 2018 17:30:41 +0800
From: Wang Haiguang <wang.haiguang.shieldlab@huawei.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Regarding the identity bidding issue when using raw public key with TLS
Thread-Index: AdQZwdlVj/TBP8f2Sb2VA3i7V7Sehw==
Date: Thu, 12 Jul 2018 09:30:40 +0000
Message-ID: <0AE05CBFB1A6A0468C8581DAE58A31309E0B122F@SINEML521-MBX.china.huawei.com>
Accept-Language: en-SG, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.215.22.72]
Content-Type: multipart/alternative; boundary="_000_0AE05CBFB1A6A0468C8581DAE58A31309E0B122FSINEML521MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9wPiK6XkhVGv7gc-HvIPdtCHid4>
X-Mailman-Approved-At: Thu, 12 Jul 2018 04:43:02 -0700
Subject: [TLS] Regarding the identity bidding issue when using raw public key with TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 10:06:48 -0000

Hello, everyone,

To solve the complex issue caused by the certification, in RFC 7250, it is recommended to use raw public for authentication.
However, when using RAW public directly for authentication, identity and public key binding is required. That is, server need to maintain a large table to map the public key and identity.
For networks with huge amount of IoT devices, the maintenance of such a huge database might be a challenge issue.

Currently we are thinking to use identity-base public key to solve the issue.  Is there any better solution to solve the identity binding issue?

Can anyone give us some comments regarding using IBC as raw public key for TLS for massive IoT authentication?

Best regards.

Haiguang