Stefan, Did you file some bugs related to this? We triaged a couple of bugs that you filed in the Core meeting today, and one of you fellow MSFT employees has taken those on.
From: [email protected] [mailto:[email protected]] On Behalf Of McDonald, Cameron Sent: Wednesday, January 06, 2016 10:00 PM To: Stefan Thom Cc: [email protected] Subject: Re: [Allseen-core] Using AUTH_SUITE_ECDHE_ECDSA without certificates? Sorry to get your hopes up.. I’m not involved in the project anymore, I was just giving my thoughts. No idea what’s planned for the future. On 7 Jan 2016, at 1:02 pm, Stefan Thom <[email protected]<mailto:[email protected]>> wrote: Hello Cameron That would have been very beneficial! My problem is that on my really lightweight MCU platform that is running ACTCL the KEYX_ECDHE_ECDSA authentication succeeds just fine, but the authorization step then makes my heap run over and the device goes belly up. Could I be carefully optimistic from your comment that there is a glimmer of hope that you guys in fact may bring raw ECC key usage back? My immediate need is addressed addressed by KEYX_ECDHE_PSK with a derived secret from the device attestation, however I would rather deal with asymmetric keys than a symmetric secret. Thank you S. From: McDonald, Cameron [mailto:[email protected]] Sent: Wednesday, January 6, 2016 14:51 To: Stefan Thom <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [Allseen-core] Using AUTH_SUITE_ECDHE_ECDSA without certificates? Hi Stefan, The original (now deprecated) ECDSA authentication allowed this. Now, the mechanism is not just purely authentication, it requires manifest (+digest) etc. for authorisation. So the certificates are mandatory to capture those bindings. You could have a new mechanism that is just authentication and leave the authorisation to local access control. In hindsight, we probably should have left the original ECDSA authentication like that and created a different name for the current one with manifest etc. Cameron. On 7 Jan 2016, at 8:29 am, Stefan Thom <[email protected]<mailto:[email protected]>> wrote: Is it possible to use bare ECC key pairs with AUTH_SUITE_ECDHE_ECDSA without the use of certificates? I’m looking at SampleClientECDHE.cc<http://sampleclientecdhe.cc/> and SampleServiceECDHE.cc<http://sampleserviceecdhe.cc/> in alljoyn\alljoyn_core\samples\secure\ and am wondering if the usage of certificates is mandatory? I would like to import a trusted set of pub keys into the device and then authenticate against this key store rather than certificate chain building. If yes, how would the sample have to get changed to accomplish that? Thank you S. _______________________________________________ Allseen-core mailing list [email protected]<mailto:[email protected]> https://lists.allseenalliance.org/mailman/listinfo/allseen-core
_______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
