Re: [6tisch] Adam Roach's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)

Adam Roach <> Fri, 01 November 2019 22:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BA8F9120A27; Fri, 1 Nov 2019 15:40:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.28
X-Spam-Status: No, score=-1.28 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.399, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id V7D63ryFZRzj; Fri, 1 Nov 2019 15:40:14 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1E6EF120839; Fri, 1 Nov 2019 15:40:10 -0700 (PDT)
Received: from Svantevit.local ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id xA1Me2Af031426 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 1 Nov 2019 17:40:04 -0500 (CDT) (envelope-from
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1572648005; bh=PG37qLC1hw+Cy970zBY91l1eoMsYcS1RdFUmEZH/O4Q=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=jiNpkGCdUzs2V85qIfPPS/NR42LcdB+Oa8rX2BzvEiXK6Ox0KzxCmu9C2/+kVCpCJ 0rJfLZN6WlyNL6u5VQOE/vZ/gm4FquW2x8wdmBlWHzX8Ni0YUc7u4e+inzYKcarXRV L68o1CI5kN4DeoSp1ul7pAEnM5uali7DJuJwWVXA=
X-Authentication-Warning: Host [] claimed to be Svantevit.local
To: Michael Richardson <>
Cc: The IESG <>,,,,
References: <> <20663.1572644631@localhost>
From: Adam Roach <>
Message-ID: <>
Date: Fri, 1 Nov 2019 17:39:57 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20663.1572644631@localhost>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [6tisch] Adam Roach's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Nov 2019 22:40:21 -0000

On 11/1/19 4:43 PM, Michael Richardson wrote:
> Adam Roach via Datatracker <> wrote:
>      > §8.1.1:
>      >> o The Uri-Path option is set to "j".
>      > COAP URIs are generally subject to BCP 190 restrictions, which would
>      > require the path to either be provisioned, discovered, or under the
>      > ".well-known" tree. The use of a reserved domain name here may change
>      > the rationale; but for the sake of not establishing a precedent for
> Yes, we think that it does.
> The Host: is "", so we think that we are the owner of the URI, as
> per BCP190 section 1, paragraph 3:
>     }  Because the owner of the URI (as defined in [webarch]
>     }  Section is choosing to use the server or the application,
>     }  this can be seen as reasonable delegation of authority.
> How/where should we reference this?

Wherever you prefer. If I were editing the document, I would put it as 
an indented note paragraph directly under the bulleted list in Section 
8.1.1; but I defer to your judgement if you think it works better 
somewhere else.

>      > path squatting in CoAP, this document needs to clearly explain the
>      > rationale of why BCP 190 should not apply in this case. Alternately,
>      > the implied URI can be changed to something like
>      > "coap://"
> We feel that those 11 bytes are not needed. We already didn't like the
> part....

Understood. Ben pointed out something interesting that I didn't catch -- 
the text in Section 8.2.1 doesn't indicate what the "Uri-Host" value 
should be for parameter update exchange, and I can't quite figure out 
the answer myself. If it's supposed to be "", please add a 
bullet saying as much. If it's not "," then the URI ownership 
rationale above doesn't apply, and the path handling will need to change.