Re: [6tisch] Adam Roach's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)

Adam Roach <adam@nostrum.com> Fri, 01 November 2019 22:40 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA8F9120A27; Fri, 1 Nov 2019 15:40:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.28
X-Spam-Level:
X-Spam-Status: No, score=-1.28 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.399, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7D63ryFZRzj; Fri, 1 Nov 2019 15:40:14 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E6EF120839; Fri, 1 Nov 2019 15:40:10 -0700 (PDT)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id xA1Me2Af031426 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 1 Nov 2019 17:40:04 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1572648005; bh=PG37qLC1hw+Cy970zBY91l1eoMsYcS1RdFUmEZH/O4Q=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=jiNpkGCdUzs2V85qIfPPS/NR42LcdB+Oa8rX2BzvEiXK6Ox0KzxCmu9C2/+kVCpCJ 0rJfLZN6WlyNL6u5VQOE/vZ/gm4FquW2x8wdmBlWHzX8Ni0YUc7u4e+inzYKcarXRV L68o1CI5kN4DeoSp1ul7pAEnM5uali7DJuJwWVXA=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: The IESG <iesg@ietf.org>, 6tisch-chairs@ietf.org, pthubert@cisco.com, draft-ietf-6tisch-minimal-security@ietf.org, 6tisch@ietf.org
References: <157247345518.32540.4810770824294109598.idtracker@ietfa.amsl.com> <20663.1572644631@localhost>
From: Adam Roach <adam@nostrum.com>
Message-ID: <de9bac15-3b44-1632-b483-73e340592718@nostrum.com>
Date: Fri, 1 Nov 2019 17:39:57 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20663.1572644631@localhost>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/mGZavcCqxTcEpITRENYTVEZucAw>
Subject: Re: [6tisch] Adam Roach's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 22:40:21 -0000

On 11/1/19 4:43 PM, Michael Richardson wrote:
> Adam Roach via Datatracker <noreply@ietf.org> wrote:
>      > §8.1.1:
>
>      >> o The Uri-Path option is set to "j".
>
>      > COAP URIs are generally subject to BCP 190 restrictions, which would
>      > require the path to either be provisioned, discovered, or under the
>      > ".well-known" tree. The use of a reserved domain name here may change
>      > the rationale; but for the sake of not establishing a precedent for
>
> Yes, we think that it does.
> The Host: is "6tisch.arpa", so we think that we are the owner of the URI, as
> per BCP190 section 1, paragraph 3:
>
>     }  Because the owner of the URI (as defined in [webarch]
>     }  Section 2.2.2.1) is choosing to use the server or the application,
>     }  this can be seen as reasonable delegation of authority.
>
> How/where should we reference this?


Wherever you prefer. If I were editing the document, I would put it as 
an indented note paragraph directly under the bulleted list in Section 
8.1.1; but I defer to your judgement if you think it works better 
somewhere else.


>      > path squatting in CoAP, this document needs to clearly explain the
>      > rationale of why BCP 190 should not apply in this case. Alternately,
>      > the implied URI can be changed to something like
>      > "coap://6tisch.arpa/.well-known/j"
>
> We feel that those 11 bytes are not needed. We already didn't like the
> 6tisch.arpa part....


Understood. Ben pointed out something interesting that I didn't catch -- 
the text in Section 8.2.1 doesn't indicate what the "Uri-Host" value 
should be for parameter update exchange, and I can't quite figure out 
the answer myself. If it's supposed to be "6tisch.arpa", please add a 
bullet saying as much. If it's not "6tisch.arpa," then the URI ownership 
rationale above doesn't apply, and the path handling will need to change.

/a