Re: [Ace] [Anima] Certification Authority renewal/rollover and intra-device communication
On 06-Oct-21 05:24, Michael Richardson wrote: > > Brian E Carpenter wrote: > > I *really* don't understand this stuff, but how long could the rollover > > take, for a reasonably large IoT network (presumably thousands of > > devices)? Are we talking about a few seconds when no new sessions could > > start, or what? > > For sleepy IoT devices that wake up once a day, and run on a slow network? > Could be a few weeks, easily. > > But, on such networks, the devices mostly don't talk to each other at all. What, no networks of cooperating sensors ("I've detected smoke, did you detect smoke too?") > Industrial situations like factories aren't doing a lot of device2device > communication (i.e. without involving the control system), but if they did, > then they'd want to schedule the certificate renewal/rollover at a specific > time. Agreed, that would be normal procedure in control systems of all kinds. It's less clear in what are euphemistically called tactical networks; a certificate rollover on a battlefield could be a big deal. > I think that we could do this by issuing new certificates with a notBefore > date in the future, but to date, I don't think we have a clear specification > that says this. Ack. Brian ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] Fwd: Second Call for Nominations
Hi, Please consider helping the nomcom! Yours, Daniel -- Forwarded message - From: NomCom Chair 2021 Date: Tue, Oct 5, 2021 at 1:51 PM Subject: Second Call for Nominations To: IETF Announcement List Cc: Hello IETF Community! Only one week to go and we need everyone's HELP with nominations. If you go to https://datatracker.ietf.org/nomcom/2021/nominate/ you will notice that: -INT, TSV, OPS, and ART have only ONE accepted nomination so far -Other positions are not that much better: 2 or 3 accepted nominations is not a lot (TRUST, LLC, Routing, Security) -Neither are 10 accepted nominations for 6 open IAB positions Oh, and nominations close in one week: Monday October 11. Please take some 10 minutes today (or make it a fun weekend assignment) to think about someone who would be a good candidate and nominate them using the above link. Of course, self-nominations are encouraged! For full information, please refer to the previous Call for Nominations here: https://datatracker.ietf.org/nomcom/ann/350147/ Thanks, Gabriel Montenegro IETF NomCom Chair 2021-22 nomcom-chair-2021 at ietf dot org ___ IETF-Announce mailing list ietf-annou...@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce -- Daniel Migault Ericsson ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] [Anima] Certification Authority renewal/rollover and intra-device communication
Brian E Carpenter wrote: > I *really* don't understand this stuff, but how long could the rollover > take, for a reasonably large IoT network (presumably thousands of > devices)? Are we talking about a few seconds when no new sessions could > start, or what? For sleepy IoT devices that wake up once a day, and run on a slow network? Could be a few weeks, easily. But, on such networks, the devices mostly don't talk to each other at all. Industrial situations like factories aren't doing a lot of device2device communication (i.e. without involving the control system), but if they did, then they'd want to schedule the certificate renewal/rollover at a specific time. I think that we could do this by issuing new certificates with a notBefore date in the future, but to date, I don't think we have a clear specification that says this. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace