> On Jun 20, 2016, at 1:41 AM, Hannes Tschofenig <[email protected]> > wrote: > > Michael, > > it depends what "bootstrapping" means. > > We have a key distribution mechanism in the OAuth-ACE document (which is > relevant to this specific discussion thread). > > Ciao > Hannes
Hannes, are referencing this statement? https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-02 This framework supports a wide variety of communication security mechanisms between the ACE entities, such as client, AS, and RS. We assume that the client has been registered (also called enrolled or onboarded) to an AS using a mechanism defined outside the scope of this document. In practice, various techniques for onboarding have been used, such as factory-based provisioning or the use of commissioning tools. Regardless of the onboarding technique, this registration procedure implies that the client and the AS share credentials, and configuration parameters. These credentials are used to mutually authenticate each other and to protect messages exchanged between the client and the AS. My working definition of bootstrapping is exactly the things that are declared out-of-scope in the ace-oauth-authz doc. If you meant a different doc could you provide a more specific reference? Thanks, - max > > On 06/06/2016 08:31 PM, Michael Richardson wrote: >> >> Samuel Erdtman <[email protected]> wrote: >>> The company I previously worked for where looking into adopting EST for >>> this purpose, the benefit of EST compared to cmp or scep was that it >>> defined the process for server side generated keys, which could be >>> beneficial if key generation would be to cumbersome for the device or >>> if you don't trust the >>> device to generate a "good" key. >> >> Hi, these are definitely important considerations. >> I would invite you to read the ANIMA bootstrap keying documents, and >> possibly join the design team. >> At this point I believe the bootstrap is out of scope for ACE. >> >> We are considering whether to use OSCOAP for 6tisch though. >> >> -- >> Michael Richardson <[email protected]>, Sandelman Software Works >> -= IPv6 IoT consulting =- >> >> >> >> >> >> _______________________________________________ >> Anima mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/anima >> > > _______________________________________________ > Anima-bootstrap mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/anima-bootstrap _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
