Thanks, Rafa
The combination of CoAP and EAP is certainly interesting. Let me
quickly summarize how in ANIMA we got to not consider EAP when we
looked at it without CoAP in the picture:
1. We did earlier in Anima investigate if/how we could/should use
EAP to perform ANIMA bootstrap. It turned out that transporting
all the desired key-infrastructure bootstrap messages across EAP
would have been quite cumbersome. It would have been necesssary to
use eg: EAP-TTLS which seems not to have seen wider use, and which would
have required to much around with the client side TLS stack (those
where the salient points if memory serves me right on this discussion).
2. Likewise, it seemed more appropriate for us to rely simply on IPv6
link-local addressing to first exist on clients than to figure out how to
make sure L2-only solutions like EAPoL exist everywhere and would
work across all L2 media - and having to tie ANIMA code into
such L2 code. I can see how different industry groups that
specifically work only with one particular L2 technology are happy to
base more design on direct L2 layered protocols, but for ANIMA trying
to be easily applicable across any L2 technology, IPv6-LL seemed like
the best first approach. If specific L2 technologies have reasons
not to use it, i think we could add-on optimizations for those link
technologies.
Cheers
Toerless
On Sun, Aug 14, 2016 at 02:05:14PM +0200, Rafa Marin Lopez wrote:
> Dear all:
>
> Related with the usage of CoAP for bootstrapping in constrained devices
> (using EAP and AAA infrastructures) we wrote this I-D:
>
> https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-03
>
> and wrote this paper that may be of your interest:
>
> http://www.mdpi.com/1424-8220/16/3/358
>
> Comments are welcome.
>
> Best Regards.
>
> > El 3 ago 2016, a las 15:55, Eliot Lear <l...@cisco.com> escribió:
> >
> > Dear authors of draft-ietf-anima-bootstrapping-keyinfra and WG,
> >
> > The Fairhair alliance focuses on lighting and building automation. Our
> > security team has been reviewing your draft, and we appreciate the
> > effort that you are devoting in this direction. We would just like to
> > highlight at this junction that there is a preference for device
> > communications from the autonomic device to the registrar to be via COAP
> > over DTLS rather than HTTP over TLS, primarily because the devices that
> > we are working with will already have a CoAP implementation. As such,
> > there is some interest in draft-pritikin-coap-bootstrap-03.txt. We look
> > forward to seeing that work further developed.
> >
> > On behalf of the Fairhair security subgroup,
> >
> > Eliot
> >
> > ps: as usual, I will encourage fairhair members to directly chime in
> > with their own views on this matter.
> >
> >
> >
> > _______________________________________________
> > Anima mailing list
> > Anima@ietf.org
> > https://www.ietf.org/mailman/listinfo/anima
>
> -------------------------------------------------------
> Rafael Marin Lopez, PhD
> Dept. Information and Communications Engineering (DIIC)
> Faculty of Computer Science-University of Murcia
> 30100 Murcia - Spain
> Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es
> -------------------------------------------------------
>
>
>
>
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
