In discussions Thursday at the BRSKI design team meeting the following concerns arose. In the various deployment scenarios describe by draft-ietf-anima-constrained-voucher, section 10 (_Deployment-specific Discovery Considerations_) are we providing a complete (batteries included) solution, or is anima-constrained-voucher just a piece in a toolkit?
This is in some ways the topic of draft-richardson-enrollment-roadmap. In section 10, we mention 6TISCH. A better reference to RFC9031 will be added. That would at present, provide for a one-touch PSK deployment that provides the network PSK via CoJP. It has been envisioned that the same channel could provide for onboarding using EDHOC to key OSCORE, and then CoJP to get the network PSK. (see draft-selander-ace-ake-authz ). But that's not ready yet. 10.2 is about GRASP. That could work fine for an ACP situation, but in the case of 802.15.4 (of any flavour), or 802.1x, how does the device get onto the network? One good answer is that it uses the certificate with EAP-TLS. Another answer is that it uses the resulting certificate with one of the 802.15.9 methods to establish per-node-pair keying. 10.3 is about mDNS. Same consideration as above. 10.4 Thread/MLE. Thread has its own commissioning protocol for network keys, so BRSKI is actually used for application onboarding. The answer is pretty good. 10.5 Non-mesh/CoAP If there is a network key, unclear how the device gets it. About half of the review comments on constrained-join-proxy are really confusion about where/how the join proxy is deployed and the rest of this context. The question to the ANIMA WG is whether we should be trying to solve all these situations, some of them, or none of the them. Maybe not a great question to have during WGLC, but better now than later. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
