| draft-ietf-ace-coap-est-04.txt | draft-ietf-ace-coap-est-05.txt | |||
|---|---|---|---|---|
| ACE P. van der Stok | ACE P. van der Stok | |||
| Internet-Draft Consultant | Internet-Draft Consultant | |||
| Intended status: Standards Track P. Kampanakis | Intended status: Standards Track P. Kampanakis | |||
| Expires: January 3, 2019 Cisco Systems | Expires: January 19, 2019 Cisco Systems | |||
| S. Kumar | S. Kumar | |||
| Philips Lighting Research | Philips Lighting Research | |||
| M. Richardson | M. Richardson | |||
| SSW | SSW | |||
| M. Furuhed | M. Furuhed | |||
| Nexus Group | Nexus Group | |||
| S. Raza | S. Raza | |||
| RISE SICS | RISE SICS | |||
| July 2, 2018 | July 18, 2018 | |||
| EST over secure CoAP (EST-coaps) | EST over secure CoAP (EST-coaps) | |||
| draft-ietf-ace-coap-est-04 | draft-ietf-ace-coap-est-05 | |||
| Abstract | Abstract | |||
| Enrollment over Secure Transport (EST) is used as a certificate | Enrollment over Secure Transport (EST) is used as a certificate | |||
| provisioning protocol over HTTPS. Low-resource devices often use the | provisioning protocol over HTTPS. Low-resource devices often use the | |||
| lightweight Constrained Application Protocol (CoAP) for message | lightweight Constrained Application Protocol (CoAP) for message | |||
| exchanges. This document defines how to transport EST payloads over | exchanges. This document defines how to transport EST payloads over | |||
| secure CoAP (EST-coaps), which allows low-resource constrained | secure CoAP (EST-coaps), which allows low-resource constrained | |||
| devices to use existing EST functionality for provisioning | devices to use existing EST functionality for provisioning | |||
| certificates. | certificates. | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 3, 2019. | This Internet-Draft will expire on January 19, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 48 ¶ | skipping to change at page 2, line 48 ¶ | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 9.1. Content-Format Registry . . . . . . . . . . . . . . . . . 17 | 9.1. Content-Format Registry . . . . . . . . . . . . . . . . . 17 | |||
| 9.2. Resource Type registry . . . . . . . . . . . . . . . . . 18 | 9.2. Resource Type registry . . . . . . . . . . . . . . . . . 18 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | |||
| 10.1. EST server considerations . . . . . . . . . . . . . . . 18 | 10.1. EST server considerations . . . . . . . . . . . . . . . 18 | |||
| 10.2. HTTPS-CoAPS Registrar considerations . . . . . . . . . . 19 | 10.2. HTTPS-CoAPS Registrar considerations . . . . . . . . . . 19 | |||
| 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 | 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 12. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 20 | 12. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 21 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 21 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 23 | 13.2. Informative References . . . . . . . . . . . . . . . . . 22 | |||
| Appendix A. EST messages to EST-coaps . . . . . . . . . . . . . 24 | Appendix A. EST messages to EST-coaps . . . . . . . . . . . . . 24 | |||
| A.1. cacerts . . . . . . . . . . . . . . . . . . . . . . . . . 25 | A.1. cacerts . . . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| A.2. csrattrs . . . . . . . . . . . . . . . . . . . . . . . . 29 | A.2. csrattrs . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| A.3. enroll / reenroll . . . . . . . . . . . . . . . . . . . . 29 | A.3. enroll / reenroll . . . . . . . . . . . . . . . . . . . . 29 | |||
| A.4. serverkeygen . . . . . . . . . . . . . . . . . . . . . . 32 | A.4. serverkeygen . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| Appendix B. EST-coaps Block message examples . . . . . . . . . . 34 | Appendix B. EST-coaps Block message examples . . . . . . . . . . 34 | |||
| B.1. cacerts block example . . . . . . . . . . . . . . . . . . 34 | B.1. cacerts block example . . . . . . . . . . . . . . . . . . 34 | |||
| B.2. enroll block example . . . . . . . . . . . . . . . . . . 37 | B.2. enroll block example . . . . . . . . . . . . . . . . . . 37 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 | |||
| skipping to change at page 18, line 5 ¶ | skipping to change at page 18, line 5 ¶ | |||
| 9. IANA Considerations | 9. IANA Considerations | |||
| 9.1. Content-Format Registry | 9.1. Content-Format Registry | |||
| Additions to the sub-registry "CoAP Content-Formats", within the | Additions to the sub-registry "CoAP Content-Formats", within the | |||
| "CoRE Parameters" registry are specified in Table 2. These can be | "CoRE Parameters" registry are specified in Table 2. These can be | |||
| registered either in the Expert Review range (0-255) or IETF Review | registered either in the Expert Review range (0-255) or IETF Review | |||
| range (256-9999). | range (256-9999). | |||
| +-------------------------+--------+-----+--------------------------+ | +-----------------------------------+----------+------+-------------+ | |||
| | Media type | Encodi | ID | Reference | | | Media type | Encoding | ID | Reference | | |||
| | | ng | | | | +-----------------------------------+----------+------+-------------+ | |||
| +-------------------------+--------+-----+--------------------------+ | | application/pkcs7-mime; smime- | - | TBD1 | [RFC5751] | | |||
| | application/pkcs7-mime; | - | TBD | [RFC5751] [RFC7030] | | | type=server-generated-key | | | [RFC7030] | | |||
| | smime-type=server- | | 1 | | | | application/pkcs7-mime; smime- | - | TBD2 | [RFC5751] | | |||
| | generated-key | | | | | | type=certs-only | | | | | |||
| | application/pkcs7-mime; | - | TBD | [RFC5751] | | | application/pkcs7-mime; smime- | - | TBD3 | [RFC5751] | | |||
| | smime-type=certs-only | | 2 | | | | type=CMC-request | | | [RFC5273] | | |||
| | application/pkcs7-mime; | - | TBD | [RFC5751] [RFC5273] | | | application/pkcs7-mime; smime- | - | TBD4 | [RFC5751] | | |||
| | smime-type=CMC-request | | 3 | | | | type=CMC-response | | | [RFC5273] | | |||
| | application/pkcs7-mime; | - | TBD | [RFC5751] [RFC5273] | | | application/pkcs8 | - | TBD5 | [RFC5751] | | |||
| | smime-type=CMC-response | | 4 | | | | | | | [RFC5958] | | |||
| | application/pkcs8 | - | TBD | [RFC5751] [RFC5958] | | | application/csrattrs | - | TBD6 | [RFC7030] | | |||
| | | | 5 | | | | | | | [RFC7231] | | |||
| | application/csrattrs | - | TBD | [RFC7030] [RFC7231] | | | application/pkcs10 | - | TBD7 | [RFC5751] | | |||
| | | | 6 | | | | | | | [RFC5967] | | |||
| | application/pkcs10 | - | TBD | [RFC5751] [RFC5967] | | +-----------------------------------+----------+------+-------------+ | |||
| | | | 7 | | | ||||
| | application/multipart- | - | TBD | [I-D.fossati-core-multip | | ||||
| | core | | 8 | art-ct] | | ||||
| +-------------------------+--------+-----+--------------------------+ | ||||
| Table 2: New CoAP Content-Formats | Table 2: New CoAP Content-Formats | |||
| 9.2. Resource Type registry | 9.2. Resource Type registry | |||
| Additions to the sub-registry "CoAP Resource Type", within the "CoRE | Additions to the sub-registry "CoAP Resource Type", within the "CoRE | |||
| Parameters" registry are needed for a new resource type. | Parameters" registry are needed for a new resource type. | |||
| o rt="ace.est" needs registration with IANA. | o rt="ace.est" needs registration with IANA. | |||
| skipping to change at page 20, line 38 ¶ | skipping to change at page 20, line 36 ¶ | |||
| Dijk and Michael Verschoor for the valuable discussions that helped | Dijk and Michael Verschoor for the valuable discussions that helped | |||
| in shaping the solution. They would also like to thank Peter | in shaping the solution. They would also like to thank Peter | |||
| Panburana for his feedback on technical details of the solution. | Panburana for his feedback on technical details of the solution. | |||
| Constructive comments were received from Benjamin Kaduk, Eliot Lear, | Constructive comments were received from Benjamin Kaduk, Eliot Lear, | |||
| Jim Schaad, Hannes Tschofenig, Julien Vermillard, and John Manuel. | Jim Schaad, Hannes Tschofenig, Julien Vermillard, and John Manuel. | |||
| 12. Change Log | 12. Change Log | |||
| -04: | -04: | |||
| Updated Delayed response section to reflect short and long delay | TBD8 removed from C-F registration, to be done CT draft | |||
| options. | ||||
| -03: | -03: | |||
| Removed observe and simplified long waits | Removed observe and simplified long waits | |||
| Repaired content-format specification | Repaired content-format specification | |||
| -02: | -02: | |||
| Added parameter discussion in section 8 | Added parameter discussion in section 8 | |||
| End of changes. 7 change blocks. | ||||
| 29 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||