Randy,
Thanks. We have irregular calls, but I will poll for one in the 3rd week of
August to discuss your use case.
In an OPC UA environment, might one expect that the join registrar and the
certificate manager be co-resident? This would be where EST/SCEP would happen
(BRSKI can be viewed
HI Eliot,
Yes, the Operator needs to ensure that only Devices they authorize can connect
and the zero touch provisioning is a feature we desire.
Regards,
Randy
From: Eliot Lear
Sent: August 7, 2019 1:50 AM
To: Randy Armstrong (OPC)
Cc: Toerless Eckert ; iot-onboard...@ietf.org;
Hi Eliot,
1) In an OPC UA environment, might one expect that the join registrar and the
certificate manager be co-resident?
Yes that is the expectation.
2) My bigger question is whether you want to use all of this for network
authentication to avoid unauthorized devices joining the network in
Hi Randy,
Thanks again for your comments. Please see below.
> On 7 Aug 2019, at 10:32, Randy Armstrong (OPC)
> wrote:
>
> Hi Eliot,
>
> 1) In an OPC UA environment, might one expect that the join registrar and the
> certificate manager be co-resident?
>
> Yes that is the expectation.
>
>
Randy,
Thanks. I will be away on holiday for the next week. However, before I go I
will kick off a doodle for the week of the 19th for on onboarding meeting to
discuss this. Please everyone indicate your interest in participating by
answering the doodle poll.
Eliot
> On 7 Aug 2019, at
Hi everyone,
Please if you could, respond to the doodle poll below by the 12th. While I
will be on holiday next week, I’ll be sure to send along the meeting details
for the meeting once the poll has closed.
Proposed Agenda:
OPC use case
BRSKI IESG review status
Other draft status
Brian E Carpenter wrote:
> On 07-Aug-19 05:24, Michael Richardson wrote:
>>
>> I read draft-ietf-anima-grasp-api from the expired drafts list.
> Right, the -03 draft expired while we were in Montreal. Our plan is to
> make the next update after the two promised reviews
On Wed, Aug 07, 2019 at 10:59:17AM -0400, Michael Richardson wrote:
> > How does OPC handle such devices? I think this is also coming up
> > elsewhere. One question is whether TLS is required. Without TLS one
> > does lose confidentiality, but so long as the client can sign the
>
Kent Watsen wrote:
> True, but it seems that getting a domain certificate and getting an
> initial configuration are at least two distinct steps in ANIMA, whereas
> they're rolled into one step with SZTP.
I'm missing where SZTP gets a domain certificate in a standard way.
I totally
Randy Armstrong (OPC) wrote:
> Counterfeit devices are huge issue in industrial automation. We need
> this infrastructure so the Operators can assure themselves that the
> Devices they plug into their network are genuine.
So, just to inject some existential angst:
If the MASA
Kent Watsen wrote:
> Skimming quickly, I see now the direction to go to a cloud registrar to
> be redirected to a local registrar. I feel compelled to point out that
> this is exactly what SZTP (RFC 8572) does, or at least, supports.
> Actually, as a more general statement, it
> On Aug 7, 2019, at 4:50 AM, Eliot Lear wrote:
>
> The purpose, as I see it, of the voucher, is simply to provide zero-touch
> network provisioning. I was asking a slightly different question: for
> purposes of network connectivity will operators want to know that only
> devices they
Randy Armstrong (OPC) wrote:
> It would be easy to drop in a OPC UA aware registrar and implement all
> of the BRKSI flows back to the MASA. The only nuisance factor is the
> 'prior-signed-voucher-request'. If MASA's are willing allow this field
> to be omitted and to trust the
> If the MASA goes away or is compromised, then all the devices
> from that manufacturer can not be proved to not be counterfeit.
If each Device has a manufacturer issued Certificate with the private key in
secure storage like a TPM then the verification of a Device can happen as long
as the
Toerless,
> Thats what i referred to in my prior email: We would need to understand how
> to most easily duplicate the mutual authentication with certificates during
> TLS connection setup with OPC TCP UA messages.:
OPC UA CP requires mutual authentication with Certificates bound to the
BEGIN:VCALENDAR
METHOD:REQUEST
PRODID:Microsoft Exchange Server 2010
VERSION:2.0
BEGIN:VTIMEZONE
TZID:W. Europe Standard Time
BEGIN:STANDARD
DTSTART:16010101T03
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=-1SU;BYMONTH=10
END:STANDARD
BEGIN:DAYLIGHT
16 matches
Mail list logo
