IETF Logo Mail Archive

[Ace] draft-ietf-ace-mqtt-tls-profile - Validating a subscription is in scope

Jim Schaad <ietf@augustcellars.com> Mon, 13 January 2020 01:38 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92D7112001E; Sun, 12 Jan 2020 17:38:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.793
X-Spam-Level:
X-Spam-Status: No, score=-0.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZHS8tA1ASW9; Sun, 12 Jan 2020 17:38:38 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74A40120071; Sun, 12 Jan 2020 17:38:38 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sun, 12 Jan 2020 17:38:14 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-ace-mqtt-tls-profile@ietf.org
CC: ace@ietf.org
Date: Sun, 12 Jan 2020 17:38:12 -0800
Message-ID: <003f01d5c9b2$1fe439b0$5facad10$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdXJrx9q+1Bfi7elThW0vWlpUZPgzg==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/2h2V3B-CikLiIfn174ljInnX158>
Subject: [Ace] draft-ietf-ace-mqtt-tls-profile - Validating a subscription is in scope
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 01:38:39 -0000

I have run across an interesting question for doing validation of
subscriptions that I would like to get an opinion on.

When doing a publish, there is not an issue.  One simply takes the set of
values in the scope field as topic filters and checks the publication topic
against the set of permissible publication topic filters in the scope.

When doing a subscribe, there are four distinct cases that can arise:
1.  The subscription is for a single topic and either is or is not
successfully matched against the scope topic filter.
2.  The subscription is for a topic filter and it is identical to the scope
topic filter.
3.  Both are topic filters and are not the same.  Is one supposed to do some
type of subset matching on the two filters or does one always say that this
is not a match.  This is not addressed in the MQTT document and I am not
sure where it would be addressed.   As an example:

Scope value is subscribe_sport/#
Subscription topic is sport/tennis/#

The second is clearly a subset of the first and thus it would seem logical
to include it, but it gets more complicated if one instead asks for

Subscription topic is sport/+

In this case the two wild cards are not the same value.

Jim

v2.23.0 | Report a Bug | By Email