Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt

Göran Selander <goran.selander@ericsson.com> Wed, 12 October 2016 12:31 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F3F129447 for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 05:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPCwlUr8hcNW for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 05:31:54 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AE851293F4 for <Ace@ietf.org>; Wed, 12 Oct 2016 05:31:53 -0700 (PDT)
X-AuditID: c1b4fb3a-aa3ff7000000099a-0a-57fe2d366d52
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.183.66]) by (Symantec Mail Security) with SMTP id 51.17.02458.63D2EF75; Wed, 12 Oct 2016 14:31:51 +0200 (CEST)
Received: from ESESSMB303.ericsson.se ([169.254.3.183]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.03.0319.002; Wed, 12 Oct 2016 14:31:49 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
Thread-Index: AQHSJGBb3IlreYskZUK0h4lx2n498qCkXjyAgABRfAD//+O0gIAAC3CA
Date: Wed, 12 Oct 2016 12:31:48 +0000
Message-ID: <0DA0C0F0-BDE4-47FA-868F-849019929B31@ericsson.com>
References: <CABFpCtAqw53V9VfReuF+w3yQU+d+rhG9Ga_e4BX3KsEjGAjXzQ@mail.gmail.com> <2c0f8002-966e-0e40-cc85-0a6ba3e58916@gmx.net> <D423EAA1.6AC63%goran.selander@ericsson.com> <060bdcd2-5edb-d324-05d8-38ce63b5afcf@gmx.net>
In-Reply-To: <060bdcd2-5edb-d324-05d8-38ce63b5afcf@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; boundary="Apple-Mail-1FA6460A-72A4-4F04-8A65-6AF92BD791A3"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrDIsWRmVeSWpSXmKPExsUyM2K7k6657r9wg1nLjCy+f+thtli68x6r xZy1e9kcmD0Wb9rP5rFkyU8mj95jv9kCmKO4bFJSczLLUov07RK4MhY8Ws9asCG+4tKEY4wN jPdiuhg5OSQETCT2T/rN3MXIxSEksJ5RYs+2sywgCSGBJYwSWzvyQGw2AReJBw2PmEBsEQFD ieszp7OC2MwC9hIn5kxmBrGFBdIlzrR3s0PUZEgsenuPBcJ2k7h/5BZQDQcHi4CqxMy7MiBh XqDW1S17GSH2PmSUaHw0E6yeU8BaYvWdzWwgNqOAmMT3U2uYIHaJS9x6Mp8J4mgRiYcXT7NB 2KISLx//YwUZxCwwmVHiyc1XjBAbBCVOznzCMoFReBaS/lnI6mYhqYMo0pTY370cylaUmNL9 kB3CtpaY8esgG4RtKvH66EdGZDULGDlWMYoWpxYX56YbGemlFmUmFxfn5+nlpZZsYgTG28Et v612MB587niIUYCDUYmHd4HG33Ah1sSy4srcQ4wqQHMebVh9gVGKJS8/L1VJhPeU1r9wId6U xMqq1KL8+KLSnNTiQ4zSHCxK4rxmK++HCwmkJ5akZqemFqQWwWSZODilGhjNV59+ecq+QaZY 78CZmUcNkhaZz/ZtUz1gOUdvCgNj/Gq9XW6xn64WWDn+/tR0UTqxYGPlsUXxeme/v21jmqai sGye4JWMAKXzUQambc/PNCYtOfuw6NY1cxnB7iM8/o8iBZedrLZkudCq7dCQ8EZdpjZqHdOC pbsKnvBt6N3gpVV9Y9LBtepKLMUZiYZazEXFiQA3eg3fvwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/I6LwejUTgql2VHAdxL58r8SXwAA>
Cc: Marco Tiloca <marco@sics.se>, "Ace@ietf.org" <Ace@ietf.org>
Subject: Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 12:31:56 -0000

Hi Hannes,

I must admit I didn't understand that was the conclusion. So, is source authentication mandatory or not?

"decoupled" meant that we could work on a solution which allowed to be adapted to all symmetric or asymmetric keys, much in the sense Abhinav expressed in the referred link. 

Göran

> On 12 okt. 2016, at 13:50, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> Hi Goeran,
> 
> there was never any doubt that we can use COSE to design a security
> solution using the already existing building blocks.
> 
> Btw, in the meanwhile we have actually concluded the discussion in ACE
> on the group communication security topic, see
> https://www.ietf.org/mail-archive/web/ace/current/msg01967.html
> 
> Ciao
> Hannes
> 
> PS: You cannot decouple the question of adoption of
> draft-somaraju-ace-multicast-01 from the question of source
> authentication since this was the core issue of the debate.
> 
>> On 10/12/2016 01:31 PM, Göran Selander wrote:
>> 
>> Hi Hannes,
>> 
>> I’m a bit surprised at your reaction. If you have followed the discussion
>> on OSCOAP you know that one recurring request has been on support for
>> multicast. This draft is addressing that request.
>> 
>> draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group
>> communication and we propose this draft to be the way to extend OSCOAP for
>> that purpose.
>> 
>> In the "controversial, long, and tough” discussion you refer to, one
>> central issue relates to the use of symmetric keys only in group
>> communication. Our draft mandates the use of asymmetric keys since that
>> provides source authentication. Should it be agreed that source
>> authentication for some purpose is not necessary, it is a simple
>> modification of this draft - simply making the counter signature in the
>> COSE object non-mandatory.
>> 
>> It was our hope that we in this way can decouple the question of adoption
>> of draft-somaraju-ace-multicast-01 from the question of source
>> authentication.
>> 
>> Göran
>> 
>> 
>> 
>> 
>> On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig"
>> <ace-bounces@ietf.org on behalf of hannes.tschofenig@gmx.net> wrote:
>> 
>>> Hi Marco, Hi Francesca, Hi Goeran,
>>> 
>>> I am a bit surprised about your document submission since you guys have
>>> been pretty silent in the group communication security discussion, which
>>> was quite controversial, long, and tough. That's where your support
>>> would have been needed. Adding the few small bits to the already written
>>> draft isn't the problem.
>>> 
>>> Ciao
>>> Hannes
>>> 
>>>> On 10/12/2016 10:12 AM, Marco Tiloca wrote:
>>>> Dear CoRE/ACE,
>>>> 
>>>> We have submitted a draft on secure group communication for CoAP
>>>> addressing security for the setting of a multicast CoAP request with
>>>> unicast responses as described in RFC7390.
>>>> 
>>>> This draft builds on the recently updated version of OSCOAP, extended
>>>> with mandatory Sender ID and multiple Recipient Contexts. It also
>>>> enables source authentication with asymmetric signatures implemented as
>>>> counter signatures included with the COSE objects defined by OSCOAP.
>>>> 
>>>> We hope that by submitting now we could get some first discussion to
>>>> allow updates before the cutoff.
>>>> 
>>>> This draft provides the missing link between
>>>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP.
>>>> 
>>>> Best regards,
>>>> Marco
>>>> 
>>>> 
>>>> ---------- Forwarded message ----------
>>>> From: ** <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>>
>>>> Date: Wed, Oct 12, 2016 at 9:27 AM
>>>> Subject: New Version Notification for
>>>> draft-tiloca-core-multicast-oscoap-00.txt
>>>> To: Marco Tiloca <marco@sics.se <mailto:marco@sics.se>>, Goeran Selander
>>>> <goran.selander@ericsson.com <mailto:goran.selander@ericsson.com>>,
>>>> Francesca Palombini <francesca.palombini@ericsson.com
>>>> <mailto:francesca.palombini@ericsson.com>>
>>>> 
>>>> 
>>>> 
>>>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt
>>>> has been successfully submitted by Francesca Palombini and posted to the
>>>> IETF repository.
>>>> 
>>>> Name:           draft-tiloca-core-multicast-oscoap
>>>> Revision:       00
>>>> Title:          Secure group communication for CoAP
>>>> Document date:  2016-10-12
>>>> Group:          Individual Submission
>>>> Pages:          15
>>>> URL:           
>>>> 
>>>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0
>>>> 0.txt
>>>> 
>>>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-
>>>> 00.txt>
>>>> Status:       
>>>> https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/
>>>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/>
>>>> Htmlized:     
>>>> https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00
>>>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00>
>>>> 
>>>> 
>>>> Abstract:
>>>>   This document describes a method for application layer protection of
>>>>   messages exchanged with the Constrained Application Protocol (CoAP)
>>>>   in a group communication context.  The proposed approach relies on
>>>>   Object Security of CoAP (OSCOAP) and the CBOR Object Signing and
>>>>   Encryption (COSE) format.  All security requirements fulfilled by
>>>>   OSCOAP are maintained for multicast CoAP request messages and related
>>>>   unicast CoAP response messages.  Source authentication of all
>>>>   messages exchanged within the group is ensured, by means of digital
>>>>   signatures produced through asymmetric private keys of sender devices
>>>>   and embedded in the protected CoAP messages.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Please note that it may take a couple of minutes from the time of
>>>> submission
>>>> until the htmlized version and diff are available at tools.ietf.org
>>>> <http://tools.ietf.org>.
>>>> 
>>>> The IETF Secretariat
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Ace mailing list
>>>> Ace@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ace
>> 
>> _______________________________________________
>> Ace mailing list
>> Ace@ietf.org
>> https://www.ietf.org/mailman/listinfo/ace
>