Hi Benjamin,
Thank you for your suggestion. Your comment is relevant.
In fact, we wrote some time ago an article regarding our initial design,
and we perform a comparison with other network layer based EAP
lower-layer (https://www.mdpi.com/1424-8220/16/3/358)
We compared focusing EAP lower-layer (alone) and taking into account
EAP. On the one hand, at EAP lower-layer level, the usage of CoAP gives
us an important benefits. On the other hand, when taking into account
the EAP method overload, this reduction is less but still significant if
the EAP method is lightweight (we used EAP-PSK as a representative
example of a lightweight EAP method). As you suggest, if the EAP method
is very taxing (as the case you mentioned) the improvement carried out
in the EAP lower-layer is less significant. This leads to the conclusion
that possible next steps in this field could be also improving or
designing new EAP methods that can be better adapted to the requirements
of constrained devices and networks. However, we cannot ignore the
impact of the EAP lower-layer itself and try to propose something light
as we do proposing CoAP.
We consider that may be others EAP methods such as EAP-AKA or new
lightweight EAP methods such as EAP-EDHOC
(https://tools.ietf.org/html/draft-ingles-eap-edhoc-01) that can benefit
from a CoAP-based EAP lower-layer, as well as new ones that may be
proposed in the future with IoT constraints in mind.
Best Regards,
Dan.
El 12/1/21 a las 20:05, Benjamin Kaduk escribió:
Hi Dan,
Sorry to reply to such an old message...
On Sat, Dec 12, 2020 at 06:36:53PM +0100, Dan Garcia Carrillo wrote:
Hi Mališa,
El 11/12/2020 a las 19:45, Mališa Vučinić escribió:
Hi Dan,
Thanks for the clarification regarding minimal-security. The points
that you mention below, e.g. flexible authentication or the fresh
generation of the PSK, were never in the design scope of our work.
While I fail to understand what exactly do you plan on using
EAP-over-CoAP for, I do not object on this work being done in ACE if
you are willing to spend cycles on it. I do have reservations on the
lightweight aspect of this, however, considering that the sequence
diagram that you depict in Fig. 2 in draft-marin-ace-wg-coap-eap-06
spans 3 pages and consumes 2 round trips just to get things started!
Surely, we can do better?
Yes, we will submit an updated version of the draft.
When you do, I suggest putting in some discussion of the relative
size/overhead for CoAP as EAP lower-layer vs the EAP payloads themselves.
I note that the IESG recently approved draft-ietf-emu-eaptlscert that
discusses some pathological cases with TLS-based EAP methods and very large
certificate chains. While I assume that you're not planning to do
EAP-over-CoAP with such long TLS certificate chains, giving reviewers a
sense for how big of an improvement this mechanism can be will presumably
be helpful.
Thanks,
Ben
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace