Re: [Emu] [core] [Ace] Proposed charter for ACE (EAP over CoAP?)

Fri, 11 Dec 2020 09:42:43 -0800 

Hi Mališa,
My intention was not to turn this conversation into a criticism of your work. “deficiencies” was not the most appropriate word. 


What we had in mind was a way of providing authentication  to the 
variety of IoT devices with different capabilities, limitations or 
different types of supported credentials. A way of doing that is to 
provide different authentication methods. Since in IoT there are 
different technologies we looked for a link-layer independent solution. 
Additionally, since some technologies are very constrained, we needed a 
very constrained protocol to carry out the process.



EAP provides flexible authentication, and it has EAP Key Management 
Framework which is well specified and working for many years, from which 
you can generate generate a fresh pre-shared key (MSK) dynamically. This 
is even possible if you do not want to interact with AAA infrastructures 
running EAP in standalone mode. Having said this, another thing that we 
looked into was to give support to large scale deployments. We can ease 
this process with EAP and its interaction with a AAA infrastructure, 
which gains relevance in Industrial IoT and 5G.



All these characteristics can be provided by the use of EAP, if we of 
course have a lightweight EAP lower layer to transport EAP from the IoT 
device. Then we considered the usage of CoAP as EAP lower-layer.



In this sense, we saw minimal security did not fit our view (no 
potential interaction with AAA , flexible authentication, fresh 
generation of PSK).  In fact,  the provisioning of the PSK was out of 
scope.



At some level, we could even consider the work complementary. EAP over 
CoAP could be a way of providing the PSK for the work of minimal security.



Best Regards,
Dan.

El 10/12/2020 a las 18:43, Mališa Vučinić escribió:


Hi Dan,


Could you be more specific on the point below, what deficiencies do 
you have in mind?


Mališa


*From: *core <core-boun...@ietf.org> on behalf of Dan Garcia 
<garcia...@uniovi.es>

*Date: *Thursday 10 December 2020 at 10:06

*To: *Michael Richardson <mcr+i...@sandelman.ca>, EMU WG 
<emu@ietf.org>, "c...@ietf.org WG (c...@ietf.org)" <c...@ietf.org>, 
"a...@ietf.org" <a...@ietf.org>

*Subject: *Re: [core] [Ace] Proposed charter for ACE (EAP over CoAP?)


As you comment , draft-ietf-6tisch-minimal-security - offers minimal 
security and has several deficiencies that can be solved by using EAP 
and AAA infrastructures.



_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu























					Reply via email to