IETF Logo Mail Archive

Re: [Ace] Comments on draft-tiloca-ace-oscoap-joining

Francesca Palombini <francesca.palombini@ericsson.com> Fri, 20 October 2017 13:20 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2DE132396; Fri, 20 Oct 2017 06:20:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdb92_H22WZT; Fri, 20 Oct 2017 06:20:41 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AC411320D8; Fri, 20 Oct 2017 06:20:40 -0700 (PDT)
X-AuditID: c1b4fb30-ef1ff70000001b7f-5b-59e9f826ba0a
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 48.C9.07039.628F9E95; Fri, 20 Oct 2017 15:20:38 +0200 (CEST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.69) with Microsoft SMTP Server (TLS) id 14.3.352.0; Fri, 20 Oct 2017 15:20:38 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZYWydHoXhTq7O578qJBJx4nv39O21dTuI51fVENbVA0=; b=RCjy+ugnp8L8Xb4z84/CUaAjaUYXYjCFzqfrFEmp3x/fFUoMp9TtgauDGAXfSBeh79FZlA2GVmVodcen+ip4uxmBa5VsmeURQmGwvtTajsq5Bk817bdJmWr5nyDiFhcOYmD119GN01TLbXuzM1GHY2LmGAkDrQg6sPO1jSD5S0E=
Received: from HE1PR07MB1529.eurprd07.prod.outlook.com (10.169.122.151) by HE1PR07MB1532.eurprd07.prod.outlook.com (10.169.122.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 13:20:36 +0000
Received: from HE1PR07MB1529.eurprd07.prod.outlook.com ([fe80::11af:c0a0:4d0d:d5f1]) by HE1PR07MB1529.eurprd07.prod.outlook.com ([fe80::11af:c0a0:4d0d:d5f1%13]) with mapi id 15.20.0077.019; Fri, 20 Oct 2017 13:20:36 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>, "draft-tiloca-ace-oscoap-joining@ietf.org" <draft-tiloca-ace-oscoap-joining@ietf.org>, "draft-palombini-ace-coap-pubsub-profile@ietf.org" <draft-palombini-ace-coap-pubsub-profile@ietf.org>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Comments on draft-tiloca-ace-oscoap-joining
Thread-Index: AdNJYqwwO1HMfVQtQ2OYNKV2BI41ZQAQZfUg
Date: Fri, 20 Oct 2017 13:20:35 +0000
Message-ID: <HE1PR07MB15299B23E446FE9EAE7661D798430@HE1PR07MB1529.eurprd07.prod.outlook.com>
References: <00d401d34966$1c9d0260$55d70720$@augustcellars.com>
In-Reply-To: <00d401d34966$1c9d0260$55d70720$@augustcellars.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB1532; 6:YCtbr0iXt4u03THox6Jo5Sa4x4h3Hk7a8INnTHi3z3kD0ODJAiiyTkcPkkaFqbqu8d/KWrqNgU1S1OXg1OOKYtDMNj71qJFcXCTwr9zAONA0a8ABY4n5+9UHXvWYPJACs4Jscr2D/JhEq4QA+rqUGSiZ53v89EYDROxxg/nt/MdnmMala3b4gmKL8ScP07BpDC8w4Ibnh+R7wGkedpVu2HWS8aDiqoeuZQLELp82RuMDkqowjUsZGFd56yI2qLHXlqu2aBoYfWSX83EHI/1QYlhsrmWWapYpF/94RmVUrDtzUaxFOA0xqA/1zda5RMJQX89CMfEwAq4bPAM290OIgg==; 5:fxwIIQTej0LagRuvlq/fuZaxkds+X3xJMI0GdarMccarWOVbsU/OO30BMJzBtCkiA9BJCtLDdEA//IKS8//j4YLR3Kx3+kJFwEPPdiPrHoJwy4yjGRCqt6amEkYkPwAvoiJ1saLXrV87dP0BkRQeaw==; 24:OIZtsW5EVL1EFEjEMnyxNn1NNZNnbvJpUUkCg4BFTw+/yea29Tj4zw6RzHG2bUDLDpMXQR8rFtTPWMU+2lw4vKb2aER2MgyWoMT5DJTg4zE=; 7:j9mjnjOu4Ltl1lXurgz1xKfTnMJbmyw+mIT7hPRKBaFlDHR6HMcOdMbMVi6c4ZfO7p4PlWaqKd7RH1qmkfgWNsx6H93/szB8xw+atzGKQpxYpUl5EZax6/7s+CEN20UNDpRSruHs/ECDCgVdQ0TXBFnRdXUrcAneKpfBBfYssHPaNwNZ+tkCbyxTAIhFG2ao4YAel+YDNwcWODPFMMNFnXXTmw90d3H3s8kSCox1uek=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 0c757129-e5a6-47a7-a2cc-08d517bd597f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603229); SRVR:HE1PR07MB1532;
x-ms-traffictypediagnostic: HE1PR07MB1532:
x-exchange-antispam-report-test: UriScan:(192374486261705)(131327999870524);
x-microsoft-antispam-prvs: <HE1PR07MB1532DE8A6133E39E5CE6F0AF98430@HE1PR07MB1532.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(93006095)(93001095)(10201501046)(3002001)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:HE1PR07MB1532; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HE1PR07MB1532;
x-forefront-prvs: 0466CA5A45
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(39860400002)(346002)(189002)(13464003)(199003)(478600001)(229853002)(6506006)(25786009)(66066001)(3846002)(7736002)(68736007)(316002)(4326008)(110136005)(6436002)(102836003)(6116002)(53546010)(2501003)(74316002)(4743002)(6246003)(2201001)(230783001)(5660300001)(86362001)(8936002)(97736004)(106356001)(7696004)(305945005)(105586002)(55016002)(99286003)(101416001)(5250100002)(14454004)(9686003)(8676002)(81166006)(189998001)(3660700001)(54356999)(2950100002)(76176999)(53936002)(33656002)(2900100001)(3280700002)(50986999)(81156014)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB1532; H:HE1PR07MB1529.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 0c757129-e5a6-47a7-a2cc-08d517bd597f
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2017 13:20:35.9494 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB1532
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTURzHOffebdfp6DSn/vBBNdBA84nEEjFHVCJFURSuhJp50+F8cO8U DaEFMUtLDAIfLR9k4SPygWKmJb5Ks8w0lCJXPlCWrES0KeLK613Qf5/f7/s9v+/vHA5NyktE 3rQuw8CwGVq9UiylyhM6jgYHrFs1YdXvA1T233dI1dO2BkJ1e2SPqrHULo6l4lrMpeK42toN 4jRxQRqdzOh1OQwbGnNZmvqgZoXM+uqVO9lWh4xoTV6IXGjAkdBlHqAKkZSW4wEEVZbPzmII QU9R/05B4bskNE9YCEEpI6BudNFZzCH4bv0o5oeJcTSMzfwS8YIC2xDYC9coXiDxPnhmLiZ4 dseHwFI2iHhW4CjYqqkkBI6A3k2HhGcK+8Ps6KyIZxlOhM6K5u0AejvtMNS/28W3XXAsDExv 7lgQ9oPVG42kEOUFX+arCOFyGGq7P5ACe4B1ziESeC/8KDKKBfaD8aoixO8M2CSBkZYepykE 2u/ZkMAnYaGgmBBM5QiaHEvOhECwL004J52Aom82SuA0qBxaFAsHPolgY/2mRBB8YeLltHOq VQTt1rwSFFLx3+YCH4DqrhWxwEHwpGaJrNh5jN0wXD5PVSOqAXlwDJeUnhIREcKwuiscl5kR ksEYWtH2P+lt2wx7jqyL6j6EaaR0k/lYrRq5SJvD5aX3IaBJpUJWuLLdkiVr864xbOYlNlvP cH3Ih6aUXjL1q7EEOU7RGpg0hsli2H8qQbt4G5GENknOqM1tZ00dTPdgwbDDFzumDFOdUQ0T TdcV7kci9cuhufKli+OSU1Kz5+zqw2JVljFSF5x4yz9cE6oJUnrO9s68Rq356sn9C12Aj7H2 Gle3mPj48y9M4/71j5cP2t5Yku7PXeVMb1PzHYaGflfF8Wz2p36r7pzlj/SRkuJSteGBJMtp /wIrTq9ZIwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/AjScHAFjMxuULXDkULtOPXXt7NI>
Subject: Re: [Ace] Comments on draft-tiloca-ace-oscoap-joining
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 13:20:42 -0000

Hi Jim,

I don't think that your statement is correct: as far as I understood the oscoap-joining document, the RS is the group manager, while in the pubsub document (even generalizing it and making a group communication profile as Carsten was suggesting) the entity that does group management is the AS2.

I consider these differences a reason to have separate documents, yes, they could be described in the same draft, but I don't see how that simplifies the specifications.

One more comment inline.

Thanks,
Francesca

> -----Original Message-----
> From: Jim Schaad [mailto:ietf@augustcellars.com]
> Sent: den 20 oktober 2017 07:42
> To: draft-tiloca-ace-oscoap-joining@ietf.org; draft-palombini-ace-coap-
> pubsub-profile@ietf.org
> Cc: ace@ietf.org
> Subject: Comments on draft-tiloca-ace-oscoap-joining
> 
> After the interim meeting, I read this document through in order to produce
> a review.  Instead you are going to get a meta-review.
> 
> I am having a hard to seeing why this document exists in its current form and
> it is not some type of simple profile of the pub-sub security draft.
> While I am not sure that this document is a sub-set of that document, it
> appears to be about 90-99% a sub set of that document.  Consider the
> following:
> 
> You have both the publisher and subscriber roles as in the pub-sub draft.
> 
> You have an entity which is doing key distribution in the system.  For the pub-
> sub draft this is AS2 for you it is the RS, but they are performing the exact
> same set of tasks.
> 

Yes, they are performing the same set of tasks on a high level, but they are using the ACE framework differently in practice. For example the publisher and subscriber acquire the keys without using the token.

> The pub-sub draft as and endpoint which holds the encrypted messages, in
> its place you are using the multi-cast UDP channel.  In both cases they are
> basically unprotected-untrusted entities to distribute the content message.
> The only difference is that in the pub-sub model the RS will also provide
> restricted access to publishing which is not enforceable here.
> 
> Both of these documents are missing what I would consider to be core
> pieces.
> The pub-sub document does initial key distribution, while this document
> does not.  Neither document does any discussion of how subsequent key
> distribution is done to deal with forward and backward security of messages.
>
> 
> This document probably needs to define a new relationship, which might be
> more generally used, to say - this URL is where you get the security
> information for this URL which is published in the directory - esp in the case
> of multi-cast address URLs in the resource directory.  You might also find that
> the correct answer is not to use a separate resource for each channel, but to
> allow for the use of URI path elements to define the security for a resource.
> 
> Jim
>

v2.23.0 | Report a Bug | By Email