Let's be clear about the Anima context for "bootstrapping". You don't have to look beyond the document abstract:
" This document specifies automated bootstrapping of a remote secure key infrastructure (BRSKI) using vendor installed IEEE 802.1AR manufacturing installed certificates, in combination with a vendor based service on the Internet." Obviously it's assumed that there is some kind of *insecure* connectivity first. Which obviously implies a preceding insecure bootstrap of some kind, but that is not the topic. And, repeating myself I think, Anima is primarily aimed at nodes that manage devices, not at the devices themselves. However, we'd like BRSKI to be available to all devices, hence Max wrote draft-pritikin-coap-bootstrap. Again, please read the abstract: " This document provides an initial discussion of Bootstrapping of Remote Secure key infrastructures (BRSKI) when the device being bootstrapped speaks CoAP." Regards Brian On 16/08/2016 11:58, Rafa Marin Lopez wrote: > Hi Behcet: > >> El 15 ago 2016, a las 18:18, Behcet Sarikaya <sarikaya2...@gmail.com> >> escribió: >> >> Hi Rafa, >> >> On Sun, Aug 14, 2016 at 7:05 AM, Rafa Marin Lopez <r...@um.es> wrote: >>> Dear all: >>> >>> Related with the usage of CoAP for bootstrapping in constrained devices >>> (using EAP and AAA infrastructures) we wrote this I-D: >>> >>> https://tools.ietf.org/html/draft-marin-ace-wg-coap-eap-03 >>> >>> and wrote this paper that may be of your interest: >>> >>> http://www.mdpi.com/1424-8220/16/3/358 >>> >> >> >> Thanks for your work. > > [Rafa] Thanks for your comments. >> >> One thing I would like to clarify: >> IoT bootstrapping should be done before the device gets an IP address. > > [Rafa] As you may know IPv6 link-local address may be used. I may agree with > your statement in a “global” or “routable" IP address. But, I guess, it will > depend on the scenario. In any case, I think we should first agree in what > IoT bootstrapping means and what are the requirements (MAY, MUST, SHOULD, …) > >> I think that CoAP works over IP, i.e.e the device already has been >> assigned an IP address. > > [Rafa] CoAP is being considered to be transported over the link-layer > directly (e.g. draft-bormann-6lo-coap-802-15-ie-00 or > draft-wang-6tisch-6top-coapie-01). Another example in LP-WAN > (draft-pelov-core-cosol-01) > > Btw there are also other protocols working on top of UDP (as CoAP) considered > to be transported directly over the link-layer (e.g. IKEv2) as you may know. > >> >> So whatever you do can not be called bootstrapping maybe something >> else which is security related, maybe some application layer key >> establishment. > > [Rafa] For the reasons mentioned above, I still call it bootstrapping > > Best Regards. > >> >> Regards, >> >> Behcet >>> Comments are welcome. >>> >>> Best Regards. >>> >>>> El 3 ago 2016, a las 15:55, Eliot Lear <l...@cisco.com> escribió: >>>> >>>> Dear authors of draft-ietf-anima-bootstrapping-keyinfra and WG, >>>> >>>> The Fairhair alliance focuses on lighting and building automation. Our >>>> security team has been reviewing your draft, and we appreciate the >>>> effort that you are devoting in this direction. We would just like to >>>> highlight at this junction that there is a preference for device >>>> communications from the autonomic device to the registrar to be via COAP >>>> over DTLS rather than HTTP over TLS, primarily because the devices that >>>> we are working with will already have a CoAP implementation. As such, >>>> there is some interest in draft-pritikin-coap-bootstrap-03.txt. We look >>>> forward to seeing that work further developed. >>>> >>>> On behalf of the Fairhair security subgroup, >>>> >>>> Eliot >>>> >>>> ps: as usual, I will encourage fairhair members to directly chime in >>>> with their own views on this matter. >>>> >>>> >>>> >>>> _______________________________________________ >>>> Anima mailing list >>>> Anima@ietf.org >>>> https://www.ietf.org/mailman/listinfo/anima >>> >>> ------------------------------------------------------- >>> Rafael Marin Lopez, PhD >>> Dept. Information and Communications Engineering (DIIC) >>> Faculty of Computer Science-University of Murcia >>> 30100 Murcia - Spain >>> Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es >>> ------------------------------------------------------- >>> >>> >>> >>> >>> _______________________________________________ >>> Anima mailing list >>> Anima@ietf.org >>> https://www.ietf.org/mailman/listinfo/anima >> >> _______________________________________________ >> Anima mailing list >> Anima@ietf.org >> https://www.ietf.org/mailman/listinfo/anima > > ------------------------------------------------------- > Rafael Marin Lopez, PhD > Dept. Information and Communications Engineering (DIIC) > Faculty of Computer Science-University of Murcia > 30100 Murcia - Spain > Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es > ------------------------------------------------------- > > > > > _______________________________________________ > Anima mailing list > Anima@ietf.org > https://www.ietf.org/mailman/listinfo/anima > _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
