Hi Stefan
It is hard to have an exact number on how many "home" access points /
integrated all-layer-devices do or do not support 802.1X. In many cases,
support can be added to the APs with a software update if there is
demand. We believe that given the benefits of this solution and the
added security, the deployment of such NAS would increase in general.
/--Mohit
PS: Let's keep the future discussion for this draft on the SAAG mailing
list for now.
On 02/19/2016 09:31 AM, Stefan Winter wrote:
Hi,
Of course, the benefits of EAP-NOOB will be greater in organizations which
already use 802.1X authentication and which have larger numbers of IoT devices
than a single home.
Particularly because many "home" access points / integrated
all-layer-devices do not support 802.1X so do not qualify as a NAS.
Which is unfortunate and yes it would be great to have 802.1X NASes
everywhere. :-) But for your scenario, it's a significant limitation if
you exclude a large percentage of homes.
(I don't dare make up any real percentage numbers; I'm sure this varies
a lot per country and per operator)
Greetings,
Stefan Winter
Anything else that we need to address?
Tuomas
-----Original Message-----
From: Josh Howlett [mailto:josh.howl...@jisc.ac.uk]
Sent: Thursday, 18 February, 2016 19:28
To: Mohit Sethi <mohit.m.se...@ericsson.com>; s...@ietf.org; emu@ietf.org
Cc: Aura Tuomas <tuomas.a...@aalto.fi>
Subject: RE: [saag] Fwd: New Version Notification for draft-aura-eap-noob-00.txt
Hi Mohit,
This is an interesting draft, but I'm struggling to understand how this would
be deployed in the consumer settings that the document alludes to. For example,
who do you anticipate will be operating the NAS (the consumer?), AAA server
(the vendor?), and the AAA fabric between these actors?
Josh.
-----Original Message-----
From: saag [mailto:saag-boun...@ietf.org] On Behalf Of Mohit Sethi
Sent: 08 February 2016 15:34
To: s...@ietf.org; emu@ietf.org
Cc: tuomas.a...@aalto.fi
Subject: [saag] Fwd: New Version Notification for
draft-aura-eap-noob-00.txt
Dear all
We have just submitted a new IETF Draft titled “Nimble out-of-band
authentication for EAP (EAP-NOOB)”.
The draft defines an EAP method where the authentication is based on a
user-assisted out-of-band (OOB) channel between the server and peer.
It is intended as a generic bootstrapping solution for
Internet-of-Things devices which have no pre-configured authentication
credentials and which are not yet registered on the authentication
server. Consider devices you just bought or borrowed.
The EAP-NOOB method is more generic than most ad-hoc bootstrapping
solutions in that it supports many types of OOB channels. We specify
the exact in-band messages but only the OOB message contents and not
the OOB channel details. Also, EAP-NOOB supports ubicomp devices with
only output (e.g. display) or only input (e.g. camera). Moreover, it
makes combined use of both secrecy and integrity of the OOB channel
for more robust security than the ad-hoc solutions. We have put a lot
of effort into designing a robust security protocol.
For one application example, we have used an earlier version of the
protocol for bootstrapping security for ubiquitous displays: the user
can configure wireless network access, link the device to a cloud
service, and register ownership of the device for a specific cloud
user – all in one simple step of scanning a QR code with a smart
phone. There seemed to more potential to this idea than just using it
for our own system, and thus we decided to write a generic EAP method for
out-of-band authentication.
The draft is available here:
https://tools.ietf.org/html/draft-aura-eap-noob-00
Please see if you can make use of it. We look forward to your feedback
and comments.
Regards
/--Mohit
-------- Forwarded Message --------
Subject: New Version Notification for draft-aura-eap-noob-00.txt
Date: Mon, 08 Feb 2016 04:30:35 -0800
From: internet-dra...@ietf.org
To: Tuomas Aura <tuomas.a...@aalto.fi>, Mohit Sethi
<mo...@piuha.net>
A new version of I-D, draft-aura-eap-noob-00.txt has been successfully
submitted by Tuomas Aura and posted to the IETF repository.
Name: draft-aura-eap-noob
Revision: 00
Title: Nimble out-of-band authentication for EAP (EAP-NOOB)
Document date: 2016-02-08
Group: Individual Submission
Pages: 35
URL:https://www.ietf.org/internet-drafts/draft-aura-eap-noob-00.txt
Status:https://datatracker.ietf.org/doc/draft-aura-eap-noob/
Htmlized:https://tools.ietf.org/html/draft-aura-eap-noob-00
Abstract:
Extensible Authentication Protocol (EAP) [RFC3748] provides support
for multiple authentication methods. This document defines the EAP-
NOOB authentication method for nimble out-of-band (OOB)
authentication and key derivation. This EAP method is intended for
bootstrapping all kinds of Internet-of-Things (IoT) devices that have
a minimal user interface and no pre-configured authentication
credentials. The method makes use of a user-assisted one-directional
OOB channel between the peer device and authentication server.
Please note that it may take a couple of minutes from the time of
submission until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
saag mailing list
s...@ietf.org
https://www.ietf.org/mailman/listinfo/saag
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT No. GB
197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol,
BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited
by guarantee which is registered in England under company number 2881024, VAT
number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill,
Bristol BS2 0JA. T 0203 697 5800.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
