Hi Tuomas, This is an interesting work.
We have been investigating how to send EAP over the CoAP protocol specifically thinking of IoT devices (https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-06 <https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-06>). Being an EAP lower layer, CoAP-EAP is agnostic to any EAP method. From what I see, EAP-NOOB seems to be an interesting proposal for authentication of IoT devices, since there is no pre-provisioning or credentials or identities. Because EAP-NOOB does not require large messages, causing fragmentation, it could be integrated in a real scenario using CoAP-EAP as EAP lower layer. Best Regards, Dan. that goes hand-in-hand with an EAP Lower Layer that we have proposed in > El 24 oct 2018, a las 19:47, Aura Tuomas <tuomas.a...@aalto.fi> escribió: > > Dear all, > > We have submitted a new version of our draft titled “Nimble out-of-band > authentication for EAP (EAP-NOOB)”: > > https://tools.ietf.org/html/draft-aura-eap-noob-04 > <https://tools.ietf.org/html/draft-aura-eap-noob-04> > > The draft defines an EAP method where the authentication is based on a > user-assisted out-of-band (OOB) channel between the server and peer. It is > intended as a generic bootstrapping solution for Internet-of-Things devices > which have no pre-configured authentication credentials and which are not yet > registered on the authentication server. > > What is new in version -04? Since the previous version, we have done > extensive modeling and verification of the protocol and worked to resolve > some discovered issues. We especially looked for denial-of-service conditions > that may arise from dropped messages and other protocol failures, which both > could be caused a network attacker. Based on this analysis, we have rethought > the recovery from dropped final messages. The error handling still needs some > attention. In any case, the specification is a pretty good shape and ready > for anyone to review. > > The open-source implementation and the mCRL2 formal model are still based on > the previous version but work is ongoing to update them: > https://github.com/tuomaura/eap-noob <https://github.com/tuomaura/eap-noob> > > Emu is the working group that closest matches our spec. Thus, we look forward > to your feedback and comments here or in the wg meeting in a couple of weeks. > > Regards, > Tuomas > > > > -----Original Message----- > From: internet-dra...@ietf.org <mailto:internet-dra...@ietf.org> > <internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>> > Sent: Monday, 22 October, 2018 20:50 > To: Mohit Sethi <mo...@piuha.net <mailto:mo...@piuha.net>>; Aura Tuomas > <tuomas.a...@aalto.fi <mailto:tuomas.a...@aalto.fi>> > Subject: New Version Notification for draft-aura-eap-noob-04.txt > > > A new version of I-D, draft-aura-eap-noob-04.txt has been successfully > submitted by Tuomas Aura and posted to the IETF repository. > > Name: draft-aura-eap-noob > Revision: 04 > Title: Nimble out-of-band authentication for EAP (EAP-NOOB) > Document date: 2018-10-22 > Group: Individual Submission > Pages: 58 > URL: > https://www.ietf.org/internet-drafts/draft-aura-eap-noob-04.txt > <https://www.ietf.org/internet-drafts/draft-aura-eap-noob-04.txt> > Status: https://datatracker.ietf.org/doc/draft-aura-eap-noob/ > <https://datatracker.ietf.org/doc/draft-aura-eap-noob/> > Htmlized: https://tools.ietf.org/html/draft-aura-eap-noob-04 > <https://tools.ietf..org/html/draft-aura-eap-noob-04> > Htmlized: https://datatracker.ietf.org/doc/html/draft-aura-eap-noob > <https://datatracker.ietf.org/doc/html/draft-aura-eap-noob> > Diff: https://www.ietf.org/rfcdiff?url2=draft-aura-eap-noob-04 > <https://www.ietf.org/rfcdiff?url2=draft-aura-eap-noob-04> > > Abstract: > Extensible Authentication Protocol (EAP) provides support for > multiple authentication methods. This document defines the EAP-NOOB > authentication method for nimble out-of-band (OOB) authentication and > key derivation. This EAP method is intended for bootstrapping all > kinds of Internet-of-Things (IoT) devices that have a minimal user > interface and no pre-configured authentication credentials. The > method makes use of a user-assisted one-directional OOB channel > between the peer device and authentication server. > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org > <http://tools.ietf.org/>. > > The IETF Secretariat > > _______________________________________________ > Emu mailing list > Emu@ietf.org <mailto:Emu@ietf.org> > https://www.ietf.org/mailman/listinfo/emu > <https://www.ietf.org/mailman/listinfo/emu>
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu