Re: [Ace] [Anima] Certification Authority renewal/rollover and intra-device communication
On 06-Oct-21 05:24, Michael Richardson wrote:
>
> Brian E Carpenter wrote:
> > I *really* don't understand this stuff, but how long could the rollover
> > take, for a reasonably large IoT network (presumably thousands of
> > devices)? Are we talking about a few seconds when no new sessions could
> > start, or what?
>
> For sleepy IoT devices that wake up once a day, and run on a slow network?
> Could be a few weeks, easily.
>
> But, on such networks, the devices mostly don't talk to each other at all.
What, no networks of cooperating sensors ("I've detected smoke, did you
detect smoke too?")
> Industrial situations like factories aren't doing a lot of device2device
> communication (i.e. without involving the control system), but if they did,
> then they'd want to schedule the certificate renewal/rollover at a specific
> time.
Agreed, that would be normal procedure in control systems of all kinds.
It's less clear in what are euphemistically called tactical networks; a
certificate rollover on a battlefield could be a big deal.
> I think that we could do this by issuing new certificates with a notBefore
> date in the future, but to date, I don't think we have a clear specification
> that says this.
Ack.
Brian
___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
[Ace] Fwd: Second Call for Nominations
Hi, Please consider helping the nomcom! Yours, Daniel -- Forwarded message - From: NomCom Chair 2021 Date: Tue, Oct 5, 2021 at 1:51 PM Subject: Second Call for Nominations To: IETF Announcement List Cc: Hello IETF Community! Only one week to go and we need everyone's HELP with nominations. If you go to https://datatracker.ietf.org/nomcom/2021/nominate/ you will notice that: -INT, TSV, OPS, and ART have only ONE accepted nomination so far -Other positions are not that much better: 2 or 3 accepted nominations is not a lot (TRUST, LLC, Routing, Security) -Neither are 10 accepted nominations for 6 open IAB positions Oh, and nominations close in one week: Monday October 11. Please take some 10 minutes today (or make it a fun weekend assignment) to think about someone who would be a good candidate and nominate them using the above link. Of course, self-nominations are encouraged! For full information, please refer to the previous Call for Nominations here: https://datatracker.ietf.org/nomcom/ann/350147/ Thanks, Gabriel Montenegro IETF NomCom Chair 2021-22 nomcom-chair-2021 at ietf dot org ___ IETF-Announce mailing list ietf-annou...@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce -- Daniel Migault Ericsson ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] [Anima] Certification Authority renewal/rollover and intra-device communication
Brian E Carpenter wrote: > I *really* don't understand this stuff, but how long could the rollover > take, for a reasonably large IoT network (presumably thousands of > devices)? Are we talking about a few seconds when no new sessions could > start, or what? For sleepy IoT devices that wake up once a day, and run on a slow network? Could be a few weeks, easily. But, on such networks, the devices mostly don't talk to each other at all. Industrial situations like factories aren't doing a lot of device2device communication (i.e. without involving the control system), but if they did, then they'd want to schedule the certificate renewal/rollover at a specific time. I think that we could do this by issuing new certificates with a notBefore date in the future, but to date, I don't think we have a clear specification that says this. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
