Hi Toerless: > El 16 ago 2016, a las 7:26, Toerless Eckert <eck...@cisco.com> escribió: > > Thanks, Rafa > > The combination of CoAP and EAP is certainly interesting.
[Rafa] Thank you. > Let me > quickly summarize how in ANIMA we got to not consider EAP when we > looked at it without CoAP in the picture: > > 1. We did earlier in Anima investigate if/how we could/should use > EAP to perform ANIMA bootstrap. It turned out that transporting > all the desired key-infrastructure bootstrap messages across EAP > would have been quite cumbersome. It would have been necesssary to > use eg: EAP-TTLS which seems not to have seen wider use, and which would > have required to much around with the client side TLS stack (those > where the salient points if memory serves me right on this discussion). [Rafa] EAP can be used for authentication and because its well established key management framework (RFC 5247). However, the transport of additional information could be performed also by using the EAP lower-layer (e.g. CoAP), which makes the solution EAP method independent (e.g. EAP—TTLS is an EAP method). Having said this, I remember this was deeply discussed long time ago in the context of MIPv6 bootstrapping (RFC 4640): that is, 1) distributing bootstrapping information inside the EAP method, as you mention in EAP-TTLS (in general, a tunneled EAP method), or using another protocol after EAP authentication. In any case, in that time, the usage of AAA infrastructures for bootstrapping was considered. > > 2. Likewise, it seemed more appropriate for us to rely simply on IPv6 > link-local addressing to first exist on clients than to figure out how to > make sure L2-only solutions like EAPoL exist everywhere and would > work across all L2 media - and having to tie ANIMA code into > such L2 code. I can see how different industry groups that > specifically work only with one particular L2 technology are happy to > base more design on direct L2 layered protocols, but for ANIMA trying > to be easily applicable across any L2 technology, IPv6-LL seemed like > the best first approach. If specific L2 technologies have reasons > not to use it, i think we could add-on optimizations for those link > technologies. [Rafa] I agree with this. > > Cheers > Toerless > > On Sun, Aug 14, 2016 at 02:05:14PM +0200, Rafa Marin Lopez wrote: >> Dear all: >> >> Related with the usage of CoAP for bootstrapping in constrained devices >> (using EAP and AAA infrastructures) we wrote this I-D: >> >> https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-03 >> >> and wrote this paper that may be of your interest: >> >> http://www.mdpi.com/1424-8220/16/3/358 >> >> Comments are welcome. >> >> Best Regards. >> >>> El 3 ago 2016, a las 15:55, Eliot Lear <l...@cisco.com> escribió: >>> >>> Dear authors of draft-ietf-anima-bootstrapping-keyinfra and WG, >>> >>> The Fairhair alliance focuses on lighting and building automation. Our >>> security team has been reviewing your draft, and we appreciate the >>> effort that you are devoting in this direction. We would just like to >>> highlight at this junction that there is a preference for device >>> communications from the autonomic device to the registrar to be via COAP >>> over DTLS rather than HTTP over TLS, primarily because the devices that >>> we are working with will already have a CoAP implementation. As such, >>> there is some interest in draft-pritikin-coap-bootstrap-03.txt. We look >>> forward to seeing that work further developed. >>> >>> On behalf of the Fairhair security subgroup, >>> >>> Eliot >>> >>> ps: as usual, I will encourage fairhair members to directly chime in >>> with their own views on this matter. >>> >>> >>> >>> _______________________________________________ >>> Anima mailing list >>> Anima@ietf.org >>> https://www.ietf.org/mailman/listinfo/anima >> >> ------------------------------------------------------- >> Rafael Marin Lopez, PhD >> Dept. Information and Communications Engineering (DIIC) >> Faculty of Computer Science-University of Murcia >> 30100 Murcia - Spain >> Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es >> ------------------------------------------------------- >> >> >> >> >> _______________________________________________ >> Anima mailing list >> Anima@ietf.org >> https://www.ietf.org/mailman/listinfo/anima > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es ------------------------------------------------------- _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
