Hi, > Of course, the benefits of EAP-NOOB will be greater in organizations which > already use 802.1X authentication and which have larger numbers of IoT > devices than a single home.
Particularly because many "home" access points / integrated all-layer-devices do not support 802.1X so do not qualify as a NAS. Which is unfortunate and yes it would be great to have 802.1X NASes everywhere. :-) But for your scenario, it's a significant limitation if you exclude a large percentage of homes. (I don't dare make up any real percentage numbers; I'm sure this varies a lot per country and per operator) Greetings, Stefan Winter > > Anything else that we need to address? > > Tuomas > > > > -----Original Message----- > From: Josh Howlett [mailto:josh.howl...@jisc.ac.uk] > Sent: Thursday, 18 February, 2016 19:28 > To: Mohit Sethi <mohit.m.se...@ericsson.com>; s...@ietf.org; emu@ietf.org > Cc: Aura Tuomas <tuomas.a...@aalto.fi> > Subject: RE: [saag] Fwd: New Version Notification for > draft-aura-eap-noob-00.txt > > Hi Mohit, > > This is an interesting draft, but I'm struggling to understand how this would > be deployed in the consumer settings that the document alludes to. For > example, who do you anticipate will be operating the NAS (the consumer?), AAA > server (the vendor?), and the AAA fabric between these actors? > > Josh. > >> -----Original Message----- >> From: saag [mailto:saag-boun...@ietf.org] On Behalf Of Mohit Sethi >> Sent: 08 February 2016 15:34 >> To: s...@ietf.org; emu@ietf.org >> Cc: tuomas.a...@aalto.fi >> Subject: [saag] Fwd: New Version Notification for >> draft-aura-eap-noob-00.txt >> >> Dear all >> >> We have just submitted a new IETF Draft titled “Nimble out-of-band >> authentication for EAP (EAP-NOOB)”. >> >> The draft defines an EAP method where the authentication is based on a >> user-assisted out-of-band (OOB) channel between the server and peer. >> It is intended as a generic bootstrapping solution for >> Internet-of-Things devices which have no pre-configured authentication >> credentials and which are not yet registered on the authentication >> server. Consider devices you just bought or borrowed. >> >> The EAP-NOOB method is more generic than most ad-hoc bootstrapping >> solutions in that it supports many types of OOB channels. We specify >> the exact in-band messages but only the OOB message contents and not >> the OOB channel details. Also, EAP-NOOB supports ubicomp devices with >> only output (e.g. display) or only input (e.g. camera). Moreover, it >> makes combined use of both secrecy and integrity of the OOB channel >> for more robust security than the ad-hoc solutions. We have put a lot >> of effort into designing a robust security protocol. >> >> For one application example, we have used an earlier version of the >> protocol for bootstrapping security for ubiquitous displays: the user >> can configure wireless network access, link the device to a cloud >> service, and register ownership of the device for a specific cloud >> user – all in one simple step of scanning a QR code with a smart >> phone. There seemed to more potential to this idea than just using it >> for our own system, and thus we decided to write a generic EAP method for >> out-of-band authentication. >> >> The draft is available here: >> https://tools.ietf.org/html/draft-aura-eap-noob-00 >> >> Please see if you can make use of it. We look forward to your feedback >> and comments. >> >> Regards >> /--Mohit >> >> >> -------- Forwarded Message -------- >> Subject: New Version Notification for draft-aura-eap-noob-00.txt >> Date: Mon, 08 Feb 2016 04:30:35 -0800 >> From: internet-dra...@ietf.org >> To: Tuomas Aura <tuomas.a...@aalto.fi>, Mohit Sethi >> <mo...@piuha.net> >> >> >> >> A new version of I-D, draft-aura-eap-noob-00.txt has been successfully >> submitted by Tuomas Aura and posted to the IETF repository. >> >> Name: draft-aura-eap-noob >> Revision: 00 >> Title: Nimble out-of-band authentication for EAP (EAP-NOOB) >> Document date: 2016-02-08 >> Group: Individual Submission >> Pages: 35 >> URL:https://www.ietf.org/internet-drafts/draft-aura-eap-noob-00.txt >> Status:https://datatracker.ietf.org/doc/draft-aura-eap-noob/ >> Htmlized:https://tools.ietf.org/html/draft-aura-eap-noob-00 >> >> >> Abstract: >> Extensible Authentication Protocol (EAP) [RFC3748] provides support >> for multiple authentication methods. This document defines the EAP- >> NOOB authentication method for nimble out-of-band (OOB) >> authentication and key derivation. This EAP method is intended for >> bootstrapping all kinds of Internet-of-Things (IoT) devices that have >> a minimal user interface and no pre-configured authentication >> credentials. The method makes use of a user-assisted one-directional >> OOB channel between the peer device and authentication server. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission until the htmlized version and diff are available at >> tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> saag mailing list >> s...@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > > Jisc is a registered charity (number 1149740) and a company limited by > guarantee which is registered in England under Company No. 5747339, VAT No. > GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, > Bristol, BS2 0JA. T 0203 697 5800. > > Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited > by guarantee which is registered in England under company number 2881024, VAT > number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, > Bristol BS2 0JA. T 0203 697 5800. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
0x8A39DC66.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
