Re: [6tisch] Review of draft-ietf-6tisch-minimal-security-06
Mališa Vučinić <malisa.vucinic@inria.fr> Wed, 18 July 2018 15:11 UTC
Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584A8131190 for <6tisch@ietfa.amsl.com>; Wed, 18 Jul 2018 08:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.919
X-Spam-Level:
X-Spam-Status: No, score=-5.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePQU6bB2vaHe for <6tisch@ietfa.amsl.com>; Wed, 18 Jul 2018 08:11:45 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F33A130FCE for <6tisch@ietf.org>; Wed, 18 Jul 2018 08:11:43 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.51,370,1526335200"; d="scan'208,217";a="339419044"
Received: from mail-qk0-f182.google.com ([209.85.220.182]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 18 Jul 2018 17:11:39 +0200
Received: by mail-qk0-f182.google.com with SMTP id o2-v6so2540441qkc.13 for <6tisch@ietf.org>; Wed, 18 Jul 2018 08:11:39 -0700 (PDT)
X-Gm-Message-State: AOUpUlG17bne9e/QVYOvFmVy1jbGZ5SGfkd0j26/G7gwg+ZTJvWGx3Wv UINe0i+mkrwKO3onapshm0bgLQuktWqcc1uq114=
X-Google-Smtp-Source: AAOMgpfLsYUCwZuN+kCmkwBGNXvyVtk95OTKXXOnoUwMOywEIFm17eCsv1xiqVoCOe1pm8YoXdwVfbSPGYEMTFK8FfA=
X-Received: by 2002:a37:2042:: with SMTP id g63-v6mr5493084qkg.49.1531926698421; Wed, 18 Jul 2018 08:11:38 -0700 (PDT)
MIME-Version: 1.0
References: <8eb987dbb8f748f4af09b6cdecc6f31f@ericsson.com>
In-Reply-To: <8eb987dbb8f748f4af09b6cdecc6f31f@ericsson.com>
From: Mališa Vučinić <malisa.vucinic@inria.fr>
Date: Wed, 18 Jul 2018 17:11:26 +0200
X-Gmail-Original-Message-ID: <CANDGjyeZgxMeDOs4Pz+W6+FeKm1DNOJvPUrbbmHjJ9f2GeE6eg@mail.gmail.com>
Message-ID: <CANDGjyeZgxMeDOs4Pz+W6+FeKm1DNOJvPUrbbmHjJ9f2GeE6eg@mail.gmail.com>
To: Klaus Hartke <klaus.hartke@ericsson.com>
Cc: "6tisch@ietf.org" <6tisch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ae8bec0571477a08"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/xpwMJGPG7I2T7JZEriyW6C90vao>
Subject: Re: [6tisch] Review of draft-ietf-6tisch-minimal-security-06
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 15:11:50 -0000
Hi Klaus, Your email somehow ended up being classified as Spam by Google's filter and I found it only after explicitly searching for it in the Spam folder. As discussed offline, we are happy in 6tisch to make this functionality useful for the general-purpose CoAP in collaboration with CoRE. Let's discuss further during 6TiSCH today and in the next days. Mališa On Fri, Jun 29, 2018 at 10:21 PM Klaus Hartke <klaus.hartke@ericsson.com> wrote: > I've reviewed draft-ietf-6tisch-minimal-security-06, focusing on the parts > that involve CoAP. > > The Stateless-Proxy option is interesting. When a CoAP client (or proxy in > the role of a client) makes a request, it usually has some state > information at that point in time and requires that information to continue > where it left off when receiving the response. CoAP facilitates this by the > Token: an opaque value that is sent along the request and echoed back > verbatim in the response. > > When the Token was designed in the CoRE working group, we had a discussion > if the token value should just serve as an identifier for the state > information stored at the client, or if the client should be enabled to > encode information directly in the token, protected by an authentication > tag, which would allow the client to continue where it left off without > keeping any state information in the meantime. Since we didn't have a > specific use case at that time, the (non-reversible) decision was made to > not allow it and to limit the token value to a maximum size of 8 bytes. > > The Stateless-Proxy option overturns that decision. While I think that the > original decision was not the best, this is really unfortunate. Not only > are there are now two tokens in a message, which doesn't help with keeping > the protocol simple and easy to understand; the new token is also not even > always echoed back. > > I don't see why a protocol extension is needed in the first place. It > seems the current functionality could be achieved equally as well by > passing the state information in the payload [1]. > > Seeing that Tero also has some comments on statelessness, I think that > this part needs more work. > > The other parts involving CoAP look good to me. (The prescribed URI path > "j" is a bit suspicious since it conflicts with BCP 190, but might be fine > because of the "6tisch.arpa" authority.) > > Klaus > > [1] E.g.: JP receives request from pledge, wraps that request and state > information in a new payload, makes request with that payload to JRC, > receives a response from JRC, unwraps response to pledge and state > information from response from JRC, sends response to pledge. > > _______________________________________________ > 6tisch mailing list > 6tisch@ietf.org > https://www.ietf.org/mailman/listinfo/6tisch >
- [6tisch] Review of draft-ietf-6tisch-minimal-secu… Klaus Hartke
- Re: [6tisch] Review of draft-ietf-6tisch-minimal-… Mališa Vučinić