Re: [Ace] bringing draft-selander-ace-ake-authz to ACE?

Wed, 09 Sep 2020 08:32:32 -0700 

Göran Selander wrote:
    > We have been working on lightweight procedures for an IoT device to
    > join a network. The join process may include a number of components
    > such as authentication, remote attestation, authorization, enrolment of
    > locally significant certificate, etc. Much of current standards are
    > based on doing things in sequence, one thing at a time. This may be a
    > good idea but it introduces some redundancies. One way to reduce
    > overhead is to reuse elements from the authentication protocol in the
    > authorization or certificate enrolment processes. So, instead of
    > passing public keys and signatures multiple times between the same
    > endpoints over constrained links during different phases of the joining
    > procedure, we try to make more use of the authentication protocol while
    > ensuring that the security properties are as expected.

...

    >     The link: Generic Animation of BRSKI - Bootstrapping Remote Secure
    > Key Infrastructure (ODP) (screencast) (enterprise/IoT screencast)
    > points to: https://www.youtube.com/watch?v=Mtbh_GN0Ce4 which is only 5
    > minutes long.

    >     I should redo this for ACE-AKE-AUTHZ, aka Ultra-Constrained
    > enrollment.

Thinking a day later, I think that presenting a well animated view of
ACE-AKE-AUTHZ at an ACE virtual interim and listening to feedback about what
fits into ACE and what does not, would help out small design team
clarify/debug our message, should we go to secdispatch, or whatever.
[Jim: does that answer your question better?]
I mean, we could also just hold our own virtual meeting too :-)

I am personally more interested in writing code than wrangling documents from
WG to WG in the next ~4 months.  I think that some other things in the IETF
will sort themselves out in that timeframe, and a path forward will become
clear.
In the meantime, explaining things to others helps me get it right.

--
Michael Richardson <mcr+i...@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to