Re: [6tisch] Adam Roach's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 01 November 2019 21:43 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C76AA120AC0; Fri, 1 Nov 2019 14:43:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FZkYHKBkT0Q0; Fri, 1 Nov 2019 14:43:52 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 658441208F0; Fri, 1 Nov 2019 14:43:52 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3F3A43818F; Fri, 1 Nov 2019 17:41:03 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 599C2612; Fri, 1 Nov 2019 17:43:51 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Adam Roach <adam@nostrum.com>
cc: "The IESG" <iesg@ietf.org>, 6tisch-chairs@ietf.org, pthubert@cisco.com, draft-ietf-6tisch-minimal-security@ietf.org, 6tisch@ietf.org
In-Reply-To: <157247345518.32540.4810770824294109598.idtracker@ietfa.amsl.com>
References: <157247345518.32540.4810770824294109598.idtracker@ietfa.amsl.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Fri, 01 Nov 2019 17:43:51 -0400
Message-ID: <20663.1572644631@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/RnhHAUiYQjTC3JQJXoAmvS6zUEM>
Subject: Re: [6tisch] Adam Roach's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 21:43:59 -0000

Adam Roach via Datatracker <noreply@ietf.org> wrote:
    > §8.1.1:

    >> o The Uri-Path option is set to "j".

    > COAP URIs are generally subject to BCP 190 restrictions, which would
    > require the path to either be provisioned, discovered, or under the
    > ".well-known" tree. The use of a reserved domain name here may change
    > the rationale; but for the sake of not establishing a precedent for

Yes, we think that it does.
The Host: is "6tisch.arpa", so we think that we are the owner of the URI, as
per BCP190 section 1, paragraph 3:

   }  Because the owner of the URI (as defined in [webarch]
   }  Section 2.2.2.1) is choosing to use the server or the application,
   }  this can be seen as reasonable delegation of authority.

How/where should we reference this?

    > path squatting in CoAP, this document needs to clearly explain the
    > rationale of why BCP 190 should not apply in this case. Alternately,
    > the implied URI can be changed to something like
    > "coap://6tisch.arpa/.well-known/j"

We feel that those 11 bytes are not needed. We already didn't like the
6tisch.arpa part....

    > ----------------------------------------------------------------------
    > COMMENT:
    > ----------------------------------------------------------------------

    >> This document allocates a well-known name under the .arpa name space
    >> according to the rules given in [RFC3172].  The name "6tisch.arpa" is
    >> requested.  No subdomains are expected.  No A, AAAA or PTR record is
    >> requested.

    > Although "No subdomains are expected" is useful text, I don't think
    > it's sufficient to satisfy RFC 3172's requirements of specifying "the
    > rules for how the subdomain is administered." I would suggest something
    > like:

    > "No subdomains are expected, and addition of any such subdomains
    > requires the publication of an IETF standards-track RFC."

I used your text.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-