[Ace] Pub Sub and multicast

Francesca Palombini <francesca.palombini@ericsson.com> Thu, 21 March 2019 15:31 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13CF21312D8 for <ace@ietfa.amsl.com>; Thu, 21 Mar 2019 08:31:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=dP8PHfH8; dkim=pass (1024-bit key) header.d=ericsson.com header.b=M8rj7g3V
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Re2AjjMgN5fl for <ace@ietfa.amsl.com>; Thu, 21 Mar 2019 08:31:36 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62B361312D3 for <ace@ietf.org>; Thu, 21 Mar 2019 08:31:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1553182293; x=1555774293; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=3xFAZeJq+YO/zw+tAQIbDIDt5ERhOwQP2aL2V6nS1+w=; b=dP8PHfH8wCcSoaMMiI1113lA+eAz/Evw1edlAQ6MUuVk2b8CpAEutgvQdBJXbbX6 5mbN9uocfalZBKCnuB/8vc5ss9K70jNcXOGIYamaJPsyWF4TJlBN11l9A43bED1W +s78dHhuree9LwpVM1M6uOUIBFY8Q3U3ZTl2jYHbOE4=;
X-AuditID: c1b4fb3a-491169e000001645-dc-5c93ae55f6f8
Received: from ESESSMB504.ericsson.se (Unknown_Domain [153.88.183.122]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 3C.B8.05701.55EA39C5; Thu, 21 Mar 2019 16:31:33 +0100 (CET)
Received: from ESESBMR506.ericsson.se (153.88.183.202) by ESESSMB504.ericsson.se (153.88.183.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 21 Mar 2019 16:31:21 +0100
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESBMR506.ericsson.se (153.88.183.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 21 Mar 2019 16:31:21 +0100
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Thu, 21 Mar 2019 16:31:21 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3xFAZeJq+YO/zw+tAQIbDIDt5ERhOwQP2aL2V6nS1+w=; b=M8rj7g3VKLV/S4fem0KaglJ2828GNrQXRb2DMonis1U9q04wptx+eCcLW4/IT4VUevzGnMWFwzduTESrCW47r64aYm7jWDyfmMoQrakY4E3I/N5HWMlPJRGitEwA7C4IUoKu3weSx7n2fKMZsdrFtJkPG+fCgULNb+yu4hyAVnE=
Received: from HE1PR0701MB2746.eurprd07.prod.outlook.com (10.168.185.17) by HE1PR0701MB2826.eurprd07.prod.outlook.com (10.168.92.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.13; Thu, 21 Mar 2019 15:31:20 +0000
Received: from HE1PR0701MB2746.eurprd07.prod.outlook.com ([fe80::2489:87b6:bfd8:727d]) by HE1PR0701MB2746.eurprd07.prod.outlook.com ([fe80::2489:87b6:bfd8:727d%6]) with mapi id 15.20.1730.013; Thu, 21 Mar 2019 15:31:20 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
CC: Ace Wg <ace@ietf.org>
Thread-Topic: Pub Sub and multicast
Thread-Index: AQHU3/siSpHHSsIZz0arCk9g1aR/4g==
Date: Thu, 21 Mar 2019 15:31:20 +0000
Message-ID: <1CA68BFD-B585-4CB0-9303-7E2A6FC2B005@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 78921f4a-0157-4c89-6af3-08d6ae1244ac
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR0701MB2826;
x-ms-traffictypediagnostic: HE1PR0701MB2826:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <HE1PR0701MB2826D6254CEF2B45700FD66C98420@HE1PR0701MB2826.eurprd07.prod.outlook.com>
x-forefront-prvs: 0983EAD6B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(396003)(136003)(366004)(346002)(199004)(189003)(53754006)(236005)(6306002)(33656002)(4326008)(606006)(450100002)(966005)(53936002)(97736004)(54896002)(6512007)(5640700003)(316002)(36756003)(478600001)(66066001)(5660300002)(2351001)(7736002)(105586002)(106356001)(14454004)(68736007)(1730700003)(486006)(2501003)(8936002)(25786009)(6436002)(99286004)(86362001)(186003)(26005)(83716004)(6486002)(81166006)(82746002)(14444005)(6346003)(81156014)(8676002)(256004)(71190400001)(2616005)(3480700005)(476003)(102836004)(6506007)(6116002)(6916009)(3846002)(71200400001)(2906002)(44832011); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2826; H:HE1PR0701MB2746.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: v15X7Ku8bUE53TYyBLhB0fKqp2KRwDtoyXOGsN1niARYVazP1k4Fay6psrpkUllIlOcxCjziJBqi6E9uYP15ka4iyxlgTESNfNRGiVA08VfXvcnGQgUubN7XS6cSlkdUW7Y4Ya6ORSgzWuz6u1BjkJ3eYpW7/OAT5N4fokbi36pauEDZqmIJWkkgmTRc0yFdD26V0o0hx99SGrzNNocj//omDejxH7sH0bUWBTiJooH4dCzKz44va52hA+sXmjypsZ9w0e+uaFmVZ2KXFwBG+i/ZN+NT7s7XEXRIh9x7gDz9LrefAXGbNi7pj7Rtk08fXTaJu8uN7KGhApK1TYNgopPwXjqGXx3xBwdkOmCmP4QxuXPomKWtFfOYCjX70GBrtqiQagDGHtzrrS6oMC2bQpHL1OI0WvK6vaXEsjwXlt4=
Content-Type: multipart/alternative; boundary="_000_1CA68BFDB5854CB093037E2A6FC2B005ericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 78921f4a-0157-4c89-6af3-08d6ae1244ac
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2019 15:31:20.2927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2826
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTYRTA+Xbvtut0dZ2KJ22ik6RaTRsFIpYFEiuzggisxnLoxUdzyq6K j4SZSjC1RENzOKZlWmo+SliKJA4hNMEsNWyhLaXIFCF84CNr26fgf79zzu8czvn4KELUxvWj UrSZjE6r1kh4ArI2zpJ3/Hp7lTKsf9szfG21jAh/u9hBnOUoGhvXOVfRTUFkIqNJyWZ0oWfi BcnW7k5uhvVyTtdkJV+PWi8ZkBsF9El4aBngG5CAEtGDCJpHZvnOgoheRbBgy8YFBz/d6uLh oJEDTd9NHGdA0hUELM4YuLilmgPFzyKw9QNB20o3x1ng0ZHwwb7kkrzpYHg98hs5maAPQF/T DOlkLzoAql60ol1nvNNEYJaBvrbIxSR9CNrLB10spKNgvqXDxYgWw3JhK4Fn+sKXOTMHH0dD Y98ogdkHfs1uczEHwnypnodZDB/NpQhzLFiGC12XAW1DMNbX45AoR3AM2sYKsOMHDaPLfJxO h+JmOU4fhI6pJzutj3lw32TeeUcGml+WILxnAozbHvBxQwC0lNvJCiQ17lnb6BhLODTbeLTR daUnDNXOkTh9BDp6Q7EdBI9K7XzMh6GkzsTHigIqLRf2KvWIakE+LMOyaUlyuYzRpSSwbLpW pmUyXyHHHxro3ox4gwZ+nrMimkISD+GV6iqliKvOZnPTrAgoQuIt7L3lSAkT1bl5jC79ti5L w7BW5E+REl/hlshTKaKT1JnMHYbJYHS7VQ7l5qdHJYLKlayiYff8XlWFSrkUFyUN/DalUHF1 a/IJUPYY3W2EtaxeuuoR804aErsR8rwlemyK3JxSmIfWE+6ubJxXuBuD/HnXZMLUsIWIhslP f+o0qV7/xAao+XqxYP82Vxn3OS/m3nTXe/8b8TlissY+ka/ST6YH/y0/dXq6f5+EZJPVJ44S Olb9HxeIqds/AwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/B2iUh5Cg-oRUT1V5jYXWo4y8VqM>
Subject: [Ace] Pub Sub and multicast
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 15:31:38 -0000

Hi all,

TL;DR: Pub/sub and multicast hallway discussion happening at IETF104 (possibly during the hackathon?). Slides here:
https://github.com/EricssonResearch/coap-pubsub-profile/blob/master/Pubsub-multicast.pdf  Contact me if interested.
As mentioned during the CoRE interim, I have started to think on how to progress the security for pub/sub work. For the people not following, there is currently one draft in Ace that describes a profile of Ace for authorization and key distribution + communication protection for CoAP pubsub [1]: https://tools.ietf.org/html/draft-palombini-ace-coap-pubsub-profile-03.

While looking at how to move forward that draft, some things came up: first of all, it would be nice to use multicast to broadcast notifications from broker to subscribers, for performance reasons. Secondly, the ace-coap-pubsub document miss a way to protect unaware nodes to get unwillingly subscribed by attackers spoofing their IP address. In fact, ace-coap-pubsub does protect the publication, but does not set up the “authorization for subscribers” mechanism, or any other DoS protection mechanism.

These two points might seem parallel and independent, but one influence the others: depending on how multicast notifications are set up, we might reuse existing mechanisms that might protect against unauthorized nodes being sent notifications from the broker.

I put up some ideas in slides and was hoping to get some discussion started during the hackathon (if possible):
https://github.com/EricssonResearch/coap-pubsub-profile/blob/master/Pubsub-multicast.pdf and/or in the mailing list. As you can see, I try to explain the problem and come up with possible solutions based on the existing drafts. These are of course just very high level draft solutions, and require more discussion.

Any feedback welcome!

Francesca

[1] https://tools.ietf.org/html/draft-ietf-core-coap-pubsub-08