Göran Selander wrote:
> We have been working on lightweight procedures for an IoT device to
> join a network. The join process may include a number of components
> such as authentication, remote attestation, authorization, enrolment of
> locally significant certificate, etc. Much of current standards are
> based on doing things in sequence, one thing at a time. This may be a
> good idea but it introduces some redundancies. One way to reduce
> overhead is to reuse elements from the authentication protocol in the
> authorization or certificate enrolment processes. So, instead of
> passing public keys and signatures multiple times between the same
> endpoints over constrained links during different phases of the joining
> procedure, we try to make more use of the authentication protocol while
> ensuring that the security properties are as expected.
...
> The link: Generic Animation of BRSKI - Bootstrapping Remote Secure
> Key Infrastructure (ODP) (screencast) (enterprise/IoT screencast)
> points to: https://www.youtube.com/watch?v=Mtbh_GN0Ce4 which is only 5
> minutes long.
> I should redo this for ACE-AKE-AUTHZ, aka Ultra-Constrained
> enrollment.
Thinking a day later, I think that presenting a well animated view of
ACE-AKE-AUTHZ at an ACE virtual interim and listening to feedback about what
fits into ACE and what does not, would help out small design team
clarify/debug our message, should we go to secdispatch, or whatever.
[Jim: does that answer your question better?]
I mean, we could also just hold our own virtual meeting too :-)
I am personally more interested in writing code than wrangling documents from
WG to WG in the next ~4 months. I think that some other things in the IETF
will sort themselves out in that timeframe, and a path forward will become
clear.
In the meantime, explaining things to others helps me get it right.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
