I have read:
draft-pritikin-coap-bootstrap
and draft-vanderstock-core-coap-est
and over in the 6tisch security design team we have been trying to adapt
the ANIMA WG draft-ietf-anima-bootstrapping-keyinfra for use in the 6tisch
environment as a zero-touch enrollment process.
(Yes, I am an author involved in both WGs)
Peter (one of the authors of draft-vanderstock-core-coap-est) and
Max (author of draft-pritikin-coap-bootstrap) are involved.
Both documents have good content, and we could combine them easily and wind
up with a relatively straight forward description of how to run EST over
COAPS.
But I don't think that this really solves the problems that we have.
However, the movement in
draft-vucinic-6tisch-minimal-security (as phase 2, and one-touch)
and draft-richardson-6tisch-dtsecurity-secure-join (as phase 1, zero-touch)
[both of which are being considered for adoption]
is to move away from DTLS and towards OSCOAP and EDHOC.
As such, what we would really like is an EST-like mechanism which runs
over OSCOAP with EDHOC keying. Ideally, it would also permit the process
to be managed/initiated from the new device (the pledge), or from the JCE
(Registrar, which might also be the AS in ACE terminology).
We want to initiate from the JCE so that we can:
a) simplify the constrained device.
b) manage the order and priority of join activities to avoid
network congestion in constrained (mesh) networks.
On the other hand, some want a really simple system that can be used with
PSKs as authentication, with the new nodes initiating.
I wrote this email last week to explain some of what I have in mind.
https://www.ietf.org/mail-archive/web/6tisch/current/msg05020.html
I don't know if the EST work fits into ACE's charter, but given that ACE is
where OSCOAP and EDHOC seem to be, I'm happy to work on a document here.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
