Dear ilari, Thanks very much for the reply :-). Please see my comments inline below.
-----Original Message----- From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] Sent: Thursday, July 12, 2018 8:17 PM To: Wang Haiguang <wang.haiguang.shield...@huawei.com> Cc: <tls@ietf.org> <tls@ietf.org> Subject: Re: [TLS] Regarding the identity bidding issue when using raw public key with TLS On Thu, Jul 12, 2018 at 09:30:40AM +0000, Wang Haiguang wrote: > Hello, everyone, > > To solve the complex issue caused by the certification, in RFC 7250, > it is recommended to use raw public for authentication. > However, when using RAW public directly for authentication, identity > and public key binding is required. That is, server need to maintain a > large table to map the public key and identity. > For networks with huge amount of IoT devices, the maintenance of such > a huge database might be a challenge issue. It seems to me that getting the information to provisioning to the database is the biggest issue. Any semi-decent database program should not even be breaking sweat with million row table on quite low-end server hardware (if the indexing is even remotely sane). [HG-1] Yes. Getting the information and provisioning to the database for massive IoT is a big issue. Using IBC as raw public key, then we might be able to get ride of this issue, especially for network operators. They may just care about the number of devices connected to network instead of knowing the details of each device. > Currently we are thinking to use identity-base public key to solve the > issue. Is there any better solution to solve the identity binding > issue? If you do not want to use server-side database, create an internal CA and issue as compact certificates as possible. The overhead should be in low two hundred bytes. But this does not save you from having to figure out what those IoT devices actually are! [HG-1] Internal CA and compact certificate can help in some scenarios, but it will limit the authentication to a local domain. With IBC, we can keep the certificate compact, at same time, it can be used cross domain. > Can anyone give us some comments regarding using IBC as raw public key > for TLS for massive IoT authentication? I do not think there is any way currently to do that. The only defined signature algorithms are ([*] means removed from TLS 1.3): - RSA PKCS#1 v1.5[*] - DSA[*] - ECDSA - EdDSA2 (Ed25519 and Ed448) These are also the only algorithms that can be used with raw public key authentication. None of these is IBC algorithm.. Also, the way the raw public keys work is the same in both TLS 1.2 and 1.3 (the precise messages are different, but it still works the same). [HG-1] Yes. With TLS-1.3, IBC algorithm is not supported at the moment. So we hope that we can develop a separate RFC based on 1.3 and support IBC for massive IoT usage scenarios only? RFC 6507 specifies an IBC signature method based on ECC, it is similar to ECDSA. We can start with that first. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
