-----Original Message-----
From: Ace <ace-boun...@ietf.org> On Behalf Of Michael Richardson
Sent: Wednesday, September 9, 2020 8:32 AM
To: ace@ietf.org
Subject: Re: [Ace] bringing draft-selander-ace-ake-authz to ACE?
Göran Selander wrote:
> We have been working on lightweight procedures for an IoT device to
> join a network. The join process may include a number of components
> such as authentication, remote attestation, authorization, enrolment of
> locally significant certificate, etc. Much of current standards are
> based on doing things in sequence, one thing at a time. This may be a
> good idea but it introduces some redundancies. One way to reduce
> overhead is to reuse elements from the authentication protocol in the
> authorization or certificate enrolment processes. So, instead of
> passing public keys and signatures multiple times between the same
> endpoints over constrained links during different phases of the joining
> procedure, we try to make more use of the authentication protocol while
> ensuring that the security properties are as expected.
...
> The link: Generic Animation of BRSKI - Bootstrapping Remote Secure
> Key Infrastructure (ODP) (screencast) (enterprise/IoT screencast)
> points to: https://www.youtube.com/watch?v=Mtbh_GN0Ce4 which is only 5
> minutes long.
> I should redo this for ACE-AKE-AUTHZ, aka Ultra-Constrained
> enrollment.
Thinking a day later, I think that presenting a well animated view of
ACE-AKE-AUTHZ at an ACE virtual interim and listening to feedback about what
fits into ACE and what does not, would help out small design team clarify/debug
our message, should we go to secdispatch, or whatever.
[Jim: does that answer your question better?] I mean, we could also just hold
our own virtual meeting too :-)
[JLS] Yes this does a much better job of telling me what you are trying
accomplishment. Having an idea of what the document is trying to do and what
the problem that you are trying to solve makes it easier to slot in time for
this. I am more than willing to have ACE sponsor a different time slot if you
want to have a known amount of time up front for the presentation. I am
willing to schedule it into the next meeting. But you never know how much time
is going to get consumed dealing with adopted documents.
[JLS] I still need to do a deep read on this document.
Jim
I am personally more interested in writing code than wrangling documents from
WG to WG in the next ~4 months. I think that some other things in the IETF
will sort themselves out in that timeframe, and a path forward will become
clear.
In the meantime, explaining things to others helps me get it right.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
