headers
Carsten Bormann | 25 May 2013 00:47
Favicon
Gravatar

Outstanding tickets on core-coap-16

I think we have had a good discussion on #325, so we should be ready to close that ticket after the authors
generate a little more text.
I plan to include the list Robert provided as an implementation note.

#323, #324 have strawman text that we can use and that should be fine.

#326 has a reply that indicates a direction; the authors still have to generate some text for that, but that
should be easy.

#327 has strawman text that may not be great, but if we want to give advice on ICMP errors, it is likely the best
advice we can give.
I'd like to hear some opinions from implementers on the list before closing this.

I expect to cover a bit more of the extensive editorial feedback from the IESG, as well.

My plan is to have -17 submitted by the end of the weekend, so that we can work next week on clearing more of the
IESG DISCUSSes.

Shortcut to the bug tracker: http://i-e.tf/,,core/9

Grüße, Carsten
Permalink | Reply | 0 comments |
headers
Spencer Dawkins | 21 May 2013 08:16

Spencer Dawkins' Yes on draft-ietf-core-coap-16: (with COMMENT)

Spencer Dawkins has entered the following ballot position for
draft-ietf-core-coap-16: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

On 5/20/2013 3:35 PM, Carsten Bormann wrote:
> Spencer,
> 
> thank you for this attentive review.
> I have done some of the changes as simple editorial fixes, these are
> marked like [1373] below and can be reviewed in
> http://trac.tools.ietf.org/wg/core/trac/changeset/1373
> (Overview in http://trac.tools.ietf.org/wg/core/trac/timeline).

Hi, Carsten,

Thank you for the quick and careful response. 

We've discussed my DISCUSS, so I'm changing my ballot position to YES
(but please make Martin happy on his transport-ish DISCUSS :-).
(Continue reading)

Permalink | Reply | 2 comments |
headers
Andrew Mcgregor | 21 May 2013 02:28
Picon
Favicon

draft-shelby-core-interfaces: call for adoption

Consensus of the room in Orlando was to adopt draft-shelby-core-interfaces as a working group document.  This email is a call for confirmation of that consensus.  Please respond if you support the adoption of this document.

Since REST is not yet in wide use in the microcontroller community,
documenting some examples of good CoAP design will be beneficial.  In
particular, it is not widely understood how to map certain concepts
such as batching or binding to REST.  We don't have an explicit
charter item for documenting this, but it is natural to have
explanatory material with the base specification.  (LWIG is not the
right group for this as this is not about protocol implementation, but
about design of REST interfaces.)

• Dec 2013 Submission to IESG of "CoRE Interfaces" for Informational

(Again, the objective is to provide examples of good usage for
implementers, not to standardize or even give strong recommendations.)

Andrew McGregor | SRE | andrewmcgr <at> google.com | +61 4 8143 7128
<div><div dir="ltr">
<span>Consensus of the room in Orlando was to adopt&nbsp;</span><span>draft-shelby-core-interfaces</span><span>&nbsp;as a working group document. &nbsp;This email is a call for confirmation of that consensus. &nbsp;Please respond if you support the adoption of this document.</span><br clear="all"><div><br></div>
<div>
<span>Since REST is not yet in wide use in the microcontroller community,</span><br><span>documenting some examples of good CoAP design will be beneficial. &nbsp;In</span><br><span>particular, it is not widely understood how to map certain concepts</span><br><span>such as batching or binding to REST. &nbsp;We don't have an explicit</span><br><span>charter item for documenting this, but it is natural to have</span><br><span>explanatory material with the base specification. &nbsp;(LWIG is not the</span><br><span>right group for this as this is not about protocol implementation, but</span><br><span>about design of REST interfaces.)</span><br><br><span>&bull; Dec 2013 Submission to IESG of "CoRE Interfaces" for Informational</span><br><br><span>(Again, the objective is to provide examples of good usage for</span><br><span>implementers, not to standardize or even give strong recommendations.)</span><br>
</div>
<br><div dir="ltr">
<span>Andrew McGregor&nbsp;|</span><span>&nbsp;SRE&nbsp;|</span><span>&nbsp;<a href="mailto:andrewmcgr <at> google.com" target="_blank">andrewmcgr <at> google.com</a>&nbsp;|</span><span>&nbsp;+61 4 8143 7128</span><br>
</div>
</div></div>
Permalink | Reply | 7 comments |
headers
Andrew Mcgregor | 21 May 2013 02:27
Picon
Favicon

draft-bormann-core-links-json: call for adoption

Consensus of the room in Orlando was to adopt draft-bormann-core-links-json as a working group document.  This email is a call for confirmation of that consensus.  Please respond if you support the adoption of this document.
From the charter:

    5) A definition of how to use CoAP to advertise about or query for a
    Device's description. This description may include the device name and
    a list of its Resources, each with a URL, an interface description URI
    (pointing e.g. to a Web Application Description Language (WADL)
    document) and an optional name or identifier. The name taxonomy used
    for this description will be consistent with other IETF work,
    e.g. draft-cheshire-dnsext-dns-sd.

This is for making the resource discovery information available to backends.  On a technical level, this is a no-brainer.

• May 2013 Submission to IESG of "Representing CoRE Link Collections
  in JSON" for Proposed Standard

--
Andrew McGregor | SRE | andrewmcgr <at> google.com | +61 4 8143 7128
<div><div dir="ltr">
<span>Consensus of the room in Orlando was to adopt&nbsp;</span><span>draft-bormann-core-links-json</span><span>&nbsp;as a working group document. &nbsp;This email is a call for confirmation of that consensus. &nbsp;Please respond if you support the adoption of this document.</span><div>
<span><br></span>
</div>
<div>
<span>From the charter:</span><br><br><span>&nbsp; &nbsp; 5) A definition of how to use CoAP to advertise about or query for a</span><br><span>&nbsp; &nbsp; Device's description. This description may include the device name and</span><br><span>&nbsp; &nbsp; a list of its Resources, each with a URL, an interface description URI</span><br><span>&nbsp; &nbsp; (pointing e.g. to a Web Application Description Language (WADL)</span><br><span>&nbsp; &nbsp; document) and an optional name or identifier. The name taxonomy used</span><br><span>&nbsp; &nbsp; for this description will be consistent with other IETF work,</span><br><span>&nbsp; &nbsp; e.g. draft-cheshire-dnsext-dns-sd.</span><br><br><span>This is for making the resource discovery&nbsp;</span><span>information available to backends. &nbsp;On a technical level, this is a&nbsp;</span><span>no-brainer.</span><br><br><span>&bull; May 2013 Submission to IESG of "Representing CoRE Link Collections</span><br><span>&nbsp; in JSON" for Proposed Standard</span><br clear="all"><div><br></div>-- <br><div dir="ltr">
<span>Andrew McGregor&nbsp;|</span><span>&nbsp;SRE&nbsp;|</span><span>&nbsp;<a href="mailto:andrewmcgr <at> google.com" target="_blank">andrewmcgr <at> google.com</a>&nbsp;|</span><span>&nbsp;+61 4 8143 7128</span><br>
</div>
</div>
</div></div>
Permalink | Reply | 10 comments |
headers
Andrew Mcgregor | 21 May 2013 02:25
Picon
Favicon

draft-shelby-core-resource-directory: call for adoption

Consensus of the room in Orlando was to adopt draft-shelby-core-resource-directory as a working group document.  This email is a call for confirmation of that consensus.  Please respond if you support the adoption of this document.

From the charter:

    5) A definition of how to use CoAP to advertise about or query for a
    Device's description. This description may include the device name and
    a list of its Resources, each with a URL, an interface description URI
    (pointing e.g. to a Web Application Description Language (WADL)
    document) and an optional name or identifier. The name taxonomy used
    for this description will be consistent with other IETF work,
    e.g. draft-cheshire-dnsext-dns-sd.

RFC 6690 has some of this; the resource directory would add protocol
elements on top of CoAP that enhance the "advertise about or query
for" aspect.

• Feb 2014 Submission to IESG of "CoRE Resource Directory" for
  Proposed Standard
--
Andrew McGregor | SRE | andrewmcgr <at> google.com | +61 4 8143 7128
<div><div dir="ltr">
<span>Consensus of the room in Orlando was to adopt&nbsp;</span><span>draft-shelby-core-resource-≤/span><span>directory</span><span>&nbsp;as a working group document. &nbsp;This email is a call for confirmation of that consensus. &nbsp;Please respond if you support the adoption of this document.</span><div>
<div>
<br><span>From the charter:</span><br><br><span>&nbsp; &nbsp; 5) A definition of how to use CoAP to advertise about or query for a</span><br><span>&nbsp; &nbsp; Device's description. This description may include the device name and</span><br><span>&nbsp; &nbsp; a list of its Resources, each with a URL, an interface description URI</span><br><span>&nbsp; &nbsp; (pointing e.g. to a Web Application Description Language (WADL)</span><br><span>&nbsp; &nbsp; document) and an optional name or identifier. The name taxonomy used</span><br><span>&nbsp; &nbsp; for this description will be consistent with other IETF work,</span><br><span>&nbsp; &nbsp; e.g. draft-cheshire-dnsext-dns-sd.</span><br><br><span>RFC 6690 has some of this; the resource directory would add protocol</span><br><span>elements on top of CoAP that enhance the "advertise about or query</span><br><span>for" aspect.</span><br><br><span>&bull; Feb 2014 Submission to IESG of "CoRE Resource Directory" for</span><br><span>&nbsp; Proposed Standard</span><br>
</div>-- <br><div dir="ltr">
<span>Andrew McGregor&nbsp;|</span><span>&nbsp;SRE&nbsp;|</span><span>&nbsp;<a href="mailto:andrewmcgr <at> google.com" target="_blank">andrewmcgr <at> google.com</a>&nbsp;|</span><span>&nbsp;+61 4 8143 7128</span><br>
</div>
</div>
</div></div>
Permalink | Reply | 5 comments |
headers
Andrew Mcgregor | 21 May 2013 02:24
Picon
Favicon

draft-castellani-core-http-mapping: call for adoption

Consensus of the room in Orlando was to adopt draft-castellani-core-http-mapping as a working group document.  This email is a call for confirmation of that consensus.  Please respond if you support the adoption of this document.

The charter says "The WG will define a mapping from CoAP to
an HTTP REST API; this mapping will not depend on a specific
application."  We have the normative parts covered in core-coap, but
additional elucidation for implementers seems worthwhile.

• Sep 2013 Submission to IESG of "Best Practices for HTTP-CoAP Mapping
  Implementation" for Informational

(We can discuss if a non-BCP should have "Best Practices" in the
title, but the objective is to provide examples of good usage for
implementers, not to give strong recommendations.)

--
Andrew McGregor | SRE | andrewmcgr <at> google.com | +61 4 8143 7128
<div><div dir="ltr">Consensus of the room in Orlando was to adopt&nbsp;<span>draft-castellani-core-http-≤/span><span>mapping as a working group document. &nbsp;This email is a call for confirmation of that consensus. &nbsp;Please respond if you support the adoption of this document.</span><div>
<br>
</div>
<div>
<span>The charter says "The WG will define a mapping from CoAP to</span><br><span>an HTTP REST API; this mapping will not depend on a specific</span><br><span>application." &nbsp;We have the normative parts covered in core-coap, but</span><br><span>additional elucidation for implementers seems worthwhile.</span><br><br><span>&bull; Sep 2013 Submission to IESG of "Best Practices for HTTP-CoAP Mapping</span><br><span>&nbsp; Implementation" for Informational</span><br><br><span>(We can discuss if a non-BCP should have "Best Practices" in the</span><br><span>title, but the objective is to provide examples of good usage for</span><br><span>implementers, not to give strong recommendations.)</span><br clear="all"><div><br></div>-- <br><div dir="ltr">
<span>Andrew McGregor&nbsp;|</span><span>&nbsp;SRE&nbsp;|</span><span>&nbsp;<a href="mailto:andrewmcgr <at> google.com" target="_blank">andrewmcgr <at> google.com</a>&nbsp;|</span><span>&nbsp;+61 4 8143 7128</span><br>
</div>
</div>
</div></div>
Permalink | Reply | 3 comments |
headers
IETF Secretariat | 21 May 2013 01:41
Picon
Favicon

Milestones changed for core WG

Changed milestone "CoAP protocol specification with mapping to HTTP
Rest API submitted to IESG as PS", set due date to December 2012 from
December 2012, resolved as "Done", added draft-ietf-core-coap to
milestone.

Changed milestone "Blockwise transfers in CoAP submitted to IESG", set
due date to February 2013 from February 2013.

Changed milestone "Observing Resources in CoAP submitted to IESG", set
due date to February 2013 from February 2013.

Changed milestone "Group Communication for CoAP submitted to IESG",
set due date to April 2013 from April 2013.

Changed milestone "HOLD (date TBD) Constrained security bootstrapping
specification submitted to IESG", set due date to December 2099 from
December 2099.

URL: http://datatracker.ietf.org/wg/core/charter/
Permalink | Reply | 3 comments |
headers
core issue tracker | 20 May 2013 22:10
Picon

#327: Discuss processing of ICMP errors

#327: Discuss processing of ICMP errors

 Martin Stiemerling notes (msg04431):

 Section 4.2

 5) Reaction to network errors that are signalled

 I wonder why the draft is not discussing any reaction to network failures
 signalled through ICMP messages. This relates also to my DISCUSS issue no
 4.

 [Carsten:]

 We didn't find much guidance in existing UDP-based protocols on handling
 ICMP messages.  RFC5405 section 3.7 is on a level of "can utilize", and
 the practical problems of robustness and validation of messages (including
 against attacks) make handling ICMP messages in constrained
 implementations difficult.  In any case, even advanced forms of ICMP
 handling are unlikely to impact CoAP protocol processing beyond improved
 local error handling, so we believe the subject is best left to a point in
 time when more operational experience is available.

 [Martin:]

 I agree to your points and also the difficulties in using, or even
 receiving, ICMP error messages, but a recommendation to take them into
 account when handling network errors would be beneficial for the protocol.
 This part looks underspecified, especially since the a larger than 1280
 byte MTU can also cause issues in IPv6 networks. Not documenting it all
 looks rather incomplete.

 An incomplete text proposal: "COAP implementations should take ICMP error
 messages into account when handling error conditions in the transmission
 of COAP messages."

 I'm not sure where this would fit best in the draft.

 Carsten says:

 This would probably fit into section 4.2.

 [msg04442:]

 We probably need to think about ICMP processing (beyond packet too big)
 some more. We certainly want to heed the lessons learned from TCP, e.g. as
 documented in RFC 5927. (We also have to account for the abysmal platform
 support for ICMP errors in UDP implementations; I remember having had to
 fork the platform for my own CoAP implementation to handle those
 properly).

 (E.g., of RFC 1035, RFC 2865, RFC 3530, none mention ICMP at all. It is
 easy, but maybe not very useful, to add something like section 18.4 of RFC
 3261.)

 [RFC 3261 section 18.4:]

 If the transport user asks for a message to be sent over an unreliable
 transport, and the result is an ICMP error, the behavior depends on the
 type of ICMP error.  Host, network, port or protocol unreachable errors,
 or parameter problem errors SHOULD cause the transport layer to inform the
 transport user of a failure in sending. Source quench and TTL exceeded
 ICMP errors SHOULD be ignored.

 Draft proposed text:

 (add at the end of 4.2:)

 Another reason for giving up retransmission MAY be the receipt of ICMP
 errors.  If it is desired to take account of ICMP errors, to mitigate
 potential spoofing attacks, implementations SHOULD take care to check the
 information about the original datagram in the ICMP message, including
 port numbers and CoAP header information such as message type and code,
 Message ID, and Token; if this is not possible due to limitations of the
 UDP service API, ICMP errors SHOULD be ignored. Packet Too Big errors
 [RFC4443] ("fragmentation needed and DF set" for IPv4 [RFC0792]) cannot
 properly occur and SHOULD be ignored if the implementation note in section
 4.6 is followed; otherwise, they SHOULD feed into a path MTU discovery
 algorithm [RFC4821].  Source Quench and Time Exceeded ICMP messages SHOULD
 be ignored.  Host, network, port or protocol unreachable errors, or
 parameter problem errors MAY, after appropriate vetting, be used to inform
 the application of a failure in sending.

 Carsten says:

 I'm not yet entirely happy with the ratio of useful guidance to word count
 here.  Significant analysis of UDP APIs may be required to make this work
 in any practical sense.  I'm not aware of anyone having done this yet.

--

-- 
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  draft-ietf-core-coap <at> tools.ietf.org
  cabo <at> tzi.org           |     Status:  new
     Type:  other        |  Milestone:  post-WGLC-1
  technical              |    Version:  coap-16
 Priority:  minor        |   Keywords:
Component:  coap         |
 Severity:  In WG Last   |
  Call                   |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/core/trac/ticket/327>
core <http://tools.ietf.org/core/>
Permalink | Reply | 0 comments |
headers
core issue tracker | 20 May 2013 21:43
Picon

#326: Who defines the application profile for PSK identity hints?

#326: Who defines the application profile for PSK identity hints?

 Sean Turner notes (msg04433d2):

 Section 9.1.3.1

 6) s9.1.3.1: Did you consider whether there should be an application
 profile for the psk_identity_hint (see Section 5 [RFC4279]) - i.e., is
 there a standard format for CoAP that should be defined?

 Carsten says:

 I don't think the WG has discussed if there can be a single RFC 4279
 application profile for all DTLS PSK usage in CoAP or whether these would
 be specific to particular commissioning models.

--

-- 
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  draft-ietf-core-coap <at> tools.ietf.org
  cabo <at> tzi.org           |     Status:  new
     Type:  other        |  Milestone:  post-IESG-1
  technical              |    Version:  coap-16
 Priority:  minor        |   Keywords:
Component:  coap         |
 Severity:  Submitted    |
  WG Document            |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/core/trac/ticket/326>
core <http://tools.ietf.org/core/>
Permalink | Reply | 2 comments |
headers
core issue tracker | 20 May 2013 21:40
Picon

#325: Define curve for keys and certs

#325: Define curve for keys and certs

 Sean Turner notes (msg04433d2):

 Section 9.1.3.2.1

 2) s9.1.3.2: Another TLS-related issue:

 When referring to TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 please include the
 MTI curve(s).  Ever so glad that conservative curves are being used.  In
 the following, I assumed you'd want the one must and the two mays but I
 can understand if you don't.  I'd argue you do have algorithm agility with
 DTLS so you could get away with just the MUST ad not the MAYs.

 Unrelated to you, but I thought I'd let you know about: the curve
 requirements will almost certainly be removed from the mcgrew draft at my
 direction because no other D/TLS EC cipher suite specifies an MTI curve.
 There's support for conservative curves, but not enough interest in
 starting to add MTI curves instead of the application picking them.  Note
 the Zigbee folks also point to the mcgrew draft but it seems their drafts
 already include the curves so we ought to be good to go on both fronts.

 I think we need to be clear that choosing this particular cipher suite
 that it means an implementation needs to support the extensions defined in
 RFC 4492 - or if it doesn't.  I'm assuming you want it to so I'm going to
 propose some tweaking:

 OLD:

 Implementations in RawPublicKey mode MUST support the mandatory to
 implement cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 as specified in
 [I-D.mcgrew-tls-aes-ccm-ecc], [RFC5246], [RFC4492].

 NEW:

 Implementations in RawPublicKey mode MUST support the mandatory to
 implement cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 as specified in
 [I-D.mcgrew-tls-aes-ccm-ecc].   The key used MUST be ECDSA-capable; the
 curve secp256r1 MUST be supported, and the curves secp384r1 and secp521r1
 MAY be supported [RFC4492]; these curves are equivalent to the NIST P-256,
 P-384, and P-521 curves. Implementations MUST use/support (?) the
 Supported Elliptic Curves Extension and Supported Point Format extensions
 [RFC4492]; the uncompressed point format MUST be supported; [RFC6090] can
 be used as an implementation method.

 The mcgrew draft had the following instead of the last sentence so I'm
 open to whichever but I think something about the folllowing needs to be
 added:

 o The uncompressed point format MUST be supported.  Other point formats
 MAY be used. o The client SHOULD offer the elliptic_curves extension and
 the server SHOULD expect to receive it. o The client MAY offer the
 ec_point_formats extension, but the server need not expect to receive it.
 o [RFC6090] MAY be used as an implementation method.

 And then, I think we need to specify how the MTI would look: namely by
 adding the following on to the end of the paragraph.

 When the mandatory to implement DTLS cipher suite and curve and used the
 SubjectPublicKeyInfo indicates an algorithm of id-ecPublicKey with the
 namedCurves object identifier set to secp256r1 [RFC5480].   If secp384r1
 or secp521r1 are used the those object identifiers [RFC5480] are included
 instead.

 That way everybody knows what values go in the SPKI of the oob-pubkey
 draft.  Note they tried to change that field recently and I had to remind
 them not to.

 Carsten says:

 draft-mcgrew-tls-aes-ccm-ecc-06 says:

 » The curves and hash algorithms that must be supported are as follows:

 An implementation that includes either TLS_ECDHE_ECDSA_WITH_AES_128_CCM or
 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MUST support secp256r1 and SHA- 256. An
 implementation that includes either TLS_ECDHE_ECDSA_WITH_AES_256_CCM or
 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MUST support secp384r1 and SHA- 384,
 and MAY support secp521r1 and SHA-512.

 Implementations that use other curves and hash functions SHOULD select
 them so that AES-128 is used with a curve and a hash function supporting a
 128-bit security level, and AES-256 is used with a curve and a hash
 function supporting a 192-bit or 256-bit security level. «

 Exceptions for the "SHOULD" are not given, but it seems to me that leads
 us to stick with secp256r1 for AES-128. This means the MUST, but not the
 MAYs (which would then be used with, say,
 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8).

 We also had some interoperability problems where it wasn't quite clear
 which hash function should be used for ECDHE; it is probably worth nailing
 this down here as well.

 Strawman text:

 »Implementations in RawPublicKey mode MUST support the mandatory to
 implement cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 as specified in
 [I-D.mcgrew-tls-aes-ccm-ecc].  The key used MUST be ECDSA-capable.  The
 curve secp256r1 MUST be supported [RFC4492]; this curve is equivalent to
 the NIST P-256 curve.  The hash function used is SHA-256. Implementations
 MUST support (?) the Supported Elliptic Curves Extension and Supported
 Point Format extensions [RFC4492]; the uncompressed point format MUST be
 supported; [RFC6090] can be used as an implementation method.«

 In comment 4, Sean Turner also says:

 4) s9.1.3.3: The 1st paragraph is about certificates but it only
 indicates the TLS cipher suite needed to be supported.  It should say
 what values go in the certificate to support the cipher suite.
 Basically, need to point to RFC 5480 and say include values X.  I'd
 suggest:

 OLD:

 Implementations in Certificate Mode MUST support the mandatory to
 implement cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 as
 specified in [RFC5246].

 NEW (adding some more stuff + references):

 Implementations in Certificate Mode MUST support the mandatory to
 implement cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 as
 specified in [RFC5246].  Namely, the certificate includes a
 SubjectPublicKeyInfo that indicates an algorithm of id-ecPublicKey
 with namedCurves secp256r1, secp384r1, or secp521r1 [RFC5480];
 the public key format is uncompressed [RFC5480]; if included
 the key usage extension indicates digitalSignature.

 Carsten says:

 Strawman text under the previous considerations:

 »Implementations in Certificate Mode MUST support the mandatory
 to implement cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
 as specified in [I-D.mcgrew-tls-aes-ccm-ecc].  Namely, the certificate
 includes a
 SubjectPublicKeyInfo that indicates an algorithm of
 id-ecPublicKey with namedCurves secp256r1 [RFC5480]; the
 public key format is uncompressed [RFC5480]; the hash
 algorithm is SHA-256; if included the key usage extension
 indicates digitalSignature.«

-- 
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  draft-ietf-core-coap <at> tools.ietf.org
  cabo <at> tzi.org           |     Status:  new
     Type:  other        |  Milestone:  post-IESG-1
  technical              |    Version:  coap-16
 Priority:  major        |   Keywords:
Component:  coap         |
 Severity:  Submitted    |
  WG Document            |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/core/trac/ticket/325>
core <http://tools.ietf.org/core/>

_______________________________________________
core mailing list
core <at> ietf.org
https://www.ietf.org/mailman/listinfo/core
Permalink | Reply | 9 comments |
headers
core issue tracker | 20 May 2013 21:17
Picon

#324: Discuss key pair generation for RPK

#324: Discuss key pair generation for RPK

 Sean Turner notes (msg04433d1ai):

 Section 9.1.3.2.1

 i) s9.1.3.2.1: For machines it's perfect appropriate to generate the key
 and install it because we doubt it'll be able to do that well enough right
 (i.e., crummy entropy sources)?  I want to make it clear that that's been
 done by the manufacturer.

 In this mode the device has an asymmetric key pair but without an X.509
 certificate (called a raw public key).

 to:

 In this mode the device has an asymmetric key pair but without an X.509
 certificate (called a raw public key); the asymmetric key paid is
 generated by the manufacturer and installed on the device.

 Carsten says:

 Well, it is probably more appropriate to suggest this than to state it as
 a fact.  (It is certainly not a requirement, as there are other ways to do
 provisioning.)  See also the new section 11.6 (#323).

 Strawman text:

 ...; e.g., the asymmetric key pair is generated by the manufacturer and
 installed on the device (see also Section 11.6).

--

-- 
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  draft-ietf-core-coap <at> tools.ietf.org
  cabo <at> tzi.org           |     Status:  new
     Type:  other        |  Milestone:  post-IESG-1
  technical              |    Version:  coap-16
 Priority:  minor        |   Keywords:
Component:  coap         |
 Severity:  Submitted    |
  WG Document            |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/core/trac/ticket/324>
core <http://tools.ietf.org/core/>
Permalink | Reply | 1 comment |

Gmane