Re: [TLS] bootstrapping of constrained devices (was: Re: Should TLS 1.3 use an augmented PAKE by default?)
Michael Sweet <msweet@apple.com> Fri, 21 March 2014 14:57 UTC
Return-Path: <msweet@apple.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 388651A09AF for <tls@ietfa.amsl.com>; Fri, 21 Mar 2014 07:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.149
X-Spam-Level:
X-Spam-Status: No, score=-4.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IHTCmnQC-BLk for <tls@ietfa.amsl.com>; Fri, 21 Mar 2014 07:57:56 -0700 (PDT)
Received: from mail-out.apple.com (mail-out.apple.com [17.151.62.49]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE581A099C for <tls@ietf.org>; Fri, 21 Mar 2014 07:57:56 -0700 (PDT)
MIME-version: 1.0
Received: from relay4.apple.com ([17.128.113.87]) by mail-out.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTP id <0N2S0066PK8AF161@mail-out.apple.com> for tls@ietf.org; Fri, 21 Mar 2014 07:57:47 -0700 (PDT)
X-AuditID: 11807157-f79aa6d0000017b2-46-532c536a0bf2
Received: from orrisroot.apple.com (orrisroot.apple.com [17.128.115.106]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay4.apple.com (Apple SCV relay) with SMTP id 84.08.06066.A635C235; Fri, 21 Mar 2014 07:57:47 -0700 (PDT)
Received: from [17.153.37.122] (unknown [17.153.37.122]) by orrisroot.apple.com (Oracle Communications Messaging Server 7u4-24.01 (7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTPSA id <0N2S002UHK884X40@orrisroot.apple.com> for tls@ietf.org; Fri, 21 Mar 2014 07:57:46 -0700 (PDT)
Content-type: multipart/signed; boundary="Apple-Mail=_0F8C088D-B42A-4DC5-BE13-0F1E91849537"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Michael Sweet <msweet@apple.com>
X-Priority: 3
In-reply-to: <045401cf4514$1c0e5ec0$4001a8c0@gateway.2wire.net>
Date: Fri, 21 Mar 2014 10:57:43 -0400
Message-id: <CD2F837D-C9D1-4EDD-BFE9-8BE620A277BD@apple.com>
References: <53288C43.9010205@mit.edu> <5328B6DF.8070703@fifthhorseman.net> <5328C0C8.9060403@mit.edu> <6b79e0820d349720f12b14d4706a8a5d.squirrel@webmail.dreamhost.com> <CALCETrUz8zCBHiq42GTnkkSaBcpA5pjSvk6kwwPjzn+MtBKMgA@mail.gmail.com> <e38419e3ada3233dbb3f860048703347.squirrel@webmail.dreamhost.com> <CALCETrVgJxfdCxZqc9ttHHNKHm-hdtGbqzHvsQ-6yd5BK=9PDw@mail.gmail.com> <67BAC033-2E23-4F03-A4D9-47875350E6B5@gmail.com> <532B0EAA.5040104@fifthhorseman.net> <8D8698DF-5C06-4F2A-8994-E0A36A987D6D@vpnc.org> <532B1739.80907@fifthhorseman.net> <CADrU+d+GkGU1Da3W6xGuOq4qvd40DdT6+sO6WEZeEag7Q1OiVQ@mail.gmail.com> <532B9B65.4030708@gmail.com> <8FD78E18-C3C7-4085-9E3F-8B60B20F2CB5@apple.com> <045401cf4514$1c0e5ec0$4001a8c0@gateway.2wire.net>
To: "t.petch" <ietfc@btconnect.com>
X-Mailer: Apple Mail (2.1874)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrILMWRmVeSWpSXmKPExsUi2FCcpZsdrBNscPYHs8Wn812MDoweS5b8 ZApgjOKySUnNySxLLdK3S+DK+HpgOXvBp4iKruPBDYynAroYOTkkBEwkHnfNYYewxSQu3FvP 1sXIxSEkMIVJYv3SHjaQhJDAAiaJQ1OSQWxhgVKJP6tus4LYvAJ6EmfO/mIHaWAWmMIoMa/p G9gkNgE1id+T+lghpvJKzGh/ygJicwrYS6xv/g9Uw87BIqAq8UQGJMosYCrx6NsMFoiRNhKT 3j1jh7jhN6vEsQtHwW4QEVCW+LfvJRPESFmJRx+aWCYwCsxCcsYsZGfMAhusLbFs4WtmCFtP 4mXTO6i4qcSTt9vZIGxriZ9zHjFC2IoSU7ofsi9gZF/FKFCUmpNYaaKXWFCQk6qXnJ+7iREc 2IXhOxj/LbM6xCjAwajEw1vJqR0sxJpYVlyZe4hRBWjEow2rLzBKseTl56UqifB+9tEJFuJN SaysSi3Kjy8qzUktPsQozcGiJM771AioUyA9sSQ1OzW1ILUIJsvEwSnVwDjDW8v3W86kVT/D /2zi5rgmPZvD+rxK1DH+WEXH6EYNyb0HK3cq/bDc+nue6c+2QKYphZzKVnNmLY0V2aYdUXVk 0qn2mUZBh1Z1penPPTl5mbjEro2HjidaMnjMyzMq72b/I6HxdENaQiP/SuajrIbBrZu/c+Y/ n9w/IWamr/h1V5PtO8Om8CmxFGckGmoxFxUnAgBsRjyudAIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/mfYD0p6GGc_BNNyy95DwybeJtcg
Cc: tls@ietf.org
Subject: Re: [TLS] bootstrapping of constrained devices (was: Re: Should TLS 1.3 use an augmented PAKE by default?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 14:57:58 -0000
Tom, Yes, self-signed device certificates are the common implementation choice and are often generated on the first use/setup of the device (simpler than doing it in the factory...) On Mar 21, 2014, at 10:44 AM, t.petch <ietfc@btconnect.com> wrote: > ----- Original Message ----- > From: "Michael Sweet" <msweet@apple.com> > To: "Rene Struik" <rstruik.ext@gmail.com> > Cc: <tls@ietf.org> > Sent: Friday, March 21, 2014 12:26 PM > > Rene, > > Installing device certificates during manufacturing is not a simple > process - the factory would need to act as a CA or would need to have a > supply of certificates that matches whatever identifiers are used by the > devices. Not to mention how you'd manage revocation if the root was > compromised... > > <tp> > > Michael > > In the context of syslog security, some years ago now, the question of > device certificates arose and it was said there that they were quite > common. They would be self-signed, which gives much of the needed > security, while avoiding issues of CA and root compromise. > > Tom Petch > > On Mar 20, 2014, at 9:52 PM, Rene Struik <rstruik.ext@gmail.com> wrote: > >> Hi Robert: >> >> Wouldn't it be much easier to embed device certificates with > constrained devices at manufacturing? This may do away with need > to store info that is not public on servers. >> >> If you could provide some links to discussions in "IoT community > groups" interested in this, that would help. >> >> Best regards, Rene >> >> == >> There is a lot of interest in the IoT community in using some form of > PAKE in conjunction with DTLS (or TLS with EAP) for authenticating > commissioning/bootstrapping of IoT devices onto IoT networks >> >> On 3/20/2014 1:21 PM, Robert Cragie wrote: >>> It should be remembered that TLS is used in places other than web > browsers - the existence of the DICE WG is testament to this. There is a > lot of interest in the IoT community in using some form of PAKE in > conjunction with DTLS (or TLS with EAP) for authenticating > commissioning/bootstrapping of IoT devices onto IoT networks. I realise > this is different to the original proposition in this thread but wanted > to draw this to the attention of the WG nevertheless. >>> >>> Robert >>> >>> On 20 Mar 2014 12:28, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net> > wrote: >>> On 03/20/2014 12:18 PM, Paul Hoffman wrote: >>>> As an important note, you did not define "we" above. A few possible > expansions would be: >>>> >>>> - The TLS WG, where this thread currently lives, does not get to > define Web UI without a charter change. >>>> >>>> - The HTTPbis WG has not asked the TLS WG to take over this work, > nor has it embraced anything like it. >>>> >>>> - The IETF doesn't do this kind of work as a whole body. >>>> >>>> - The IAB (of which none of us are part of the "we") might take the > topic on and suggest ways which the IETF might do the work. >>> >>> yep, thanks for the clarification. I actually meant "we" in the > broad >>> sense of "the community of people who care about making > communications >>> on the web more secure", which includes groups you didn't even > mention >>> above, like web site designers, systems administrators, etc. >>> >>> It's still on-topic here (despite the broad scope implied above) > because >>> the TLS WG does have a role to play, by considering the merits of >>> proposals like http://tools.ietf.org/html/draft-thomson-tls-care, as >>> well as considering alternatives that deal with this particular use > case. >>> >>>>> option (A) is seriously hard, maybe impossible given the state of > the >>>>> web. option (B) is terrible. >>>> >>>> Exactly right, for any value of "we". >>> >>> :( >>> >>> --dkg >>> >>>> -- >> email: rstruik.ext@gmail.com | Skype: rstruik >> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 > > _________________________________________________________ > Michael Sweet, Senior Printing System Engineer, PWG Chair > _________________________________________________________ Michael Sweet, Senior Printing System Engineer, PWG Chair
- [TLS] Should TLS 1.3 use an augmented PAKE by def… Andy Lutomirski
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Daniel Kahn Gillmor
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Andy Lutomirski
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Ryan Sleevi
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Andy Lutomirski
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Andy Lutomirski
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Ryan Sleevi
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Anders Rundgren
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Ryan Sleevi
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Peter Sylvester
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Andy Lutomirski
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Andy Lutomirski
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Yoav Nir
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Daniel Kahn Gillmor
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Paul Hoffman
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Yoav Nir
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Daniel Kahn Gillmor
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Robert Cragie
- [TLS] bootstrapping of constrained devices (was: … Rene Struik
- Re: [TLS] bootstrapping of constrained devices Anders Rundgren
- Re: [TLS] bootstrapping of constrained devices (w… Michael Sweet
- Re: [TLS] bootstrapping of constrained devices (w… t.petch
- Re: [TLS] bootstrapping of constrained devices (w… Michael Sweet
- Re: [TLS] bootstrapping of constrained devices Anders Rundgren
- Re: [TLS] bootstrapping of constrained devices (w… Max Pritikin (pritikin)
- Re: [TLS] bootstrapping of constrained devices (w… Don Sturek
- Re: [TLS] bootstrapping of constrained devices Robert Cragie
- Re: [TLS] bootstrapping of constrained devices Watson Ladd
- Re: [TLS] bootstrapping of constrained devices Paterson, Kenny
- Re: [TLS] bootstrapping of constrained devices Feng Hao
- Re: [TLS] bootstrapping of constrained devices Paterson, Kenny
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Yaron Sheffer
- Re: [TLS] Should TLS 1.3 use an augmented PAKE by… Yaron Sheffer
- Re: [TLS] bootstrapping of constrained devices Feng Hao
- Re: [TLS] bootstrapping of constrained devices Dan Harkins