-----Original Message----- From: Ace <ace-boun...@ietf.org> On Behalf Of Michael Richardson Sent: Wednesday, September 9, 2020 8:32 AM To: ace@ietf.org Subject: Re: [Ace] bringing draft-selander-ace-ake-authz to ACE?
Göran Selander wrote: > We have been working on lightweight procedures for an IoT device to > join a network. The join process may include a number of components > such as authentication, remote attestation, authorization, enrolment of > locally significant certificate, etc. Much of current standards are > based on doing things in sequence, one thing at a time. This may be a > good idea but it introduces some redundancies. One way to reduce > overhead is to reuse elements from the authentication protocol in the > authorization or certificate enrolment processes. So, instead of > passing public keys and signatures multiple times between the same > endpoints over constrained links during different phases of the joining > procedure, we try to make more use of the authentication protocol while > ensuring that the security properties are as expected. ... > The link: Generic Animation of BRSKI - Bootstrapping Remote Secure > Key Infrastructure (ODP) (screencast) (enterprise/IoT screencast) > points to: https://www.youtube.com/watch?v=Mtbh_GN0Ce4 which is only 5 > minutes long. > I should redo this for ACE-AKE-AUTHZ, aka Ultra-Constrained > enrollment. Thinking a day later, I think that presenting a well animated view of ACE-AKE-AUTHZ at an ACE virtual interim and listening to feedback about what fits into ACE and what does not, would help out small design team clarify/debug our message, should we go to secdispatch, or whatever. [Jim: does that answer your question better?] I mean, we could also just hold our own virtual meeting too :-) [JLS] Yes this does a much better job of telling me what you are trying accomplishment. Having an idea of what the document is trying to do and what the problem that you are trying to solve makes it easier to slot in time for this. I am more than willing to have ACE sponsor a different time slot if you want to have a known amount of time up front for the presentation. I am willing to schedule it into the next meeting. But you never know how much time is going to get consumed dealing with adopted documents. [JLS] I still need to do a deep read on this document. Jim I am personally more interested in writing code than wrangling documents from WG to WG in the next ~4 months. I think that some other things in the IETF will sort themselves out in that timeframe, and a path forward will become clear. In the meantime, explaining things to others helps me get it right. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace