Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
Göran Selander <goran.selander@ericsson.com> Wed, 12 October 2016 12:31 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F3F129447 for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 05:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPCwlUr8hcNW for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 05:31:54 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AE851293F4 for <Ace@ietf.org>; Wed, 12 Oct 2016 05:31:53 -0700 (PDT)
X-AuditID: c1b4fb3a-aa3ff7000000099a-0a-57fe2d366d52
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.183.66]) by (Symantec Mail Security) with SMTP id 51.17.02458.63D2EF75; Wed, 12 Oct 2016 14:31:51 +0200 (CEST)
Received: from ESESSMB303.ericsson.se ([169.254.3.183]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.03.0319.002; Wed, 12 Oct 2016 14:31:49 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
Thread-Index: AQHSJGBb3IlreYskZUK0h4lx2n498qCkXjyAgABRfAD//+O0gIAAC3CA
Date: Wed, 12 Oct 2016 12:31:48 +0000
Message-ID: <0DA0C0F0-BDE4-47FA-868F-849019929B31@ericsson.com>
References: <CABFpCtAqw53V9VfReuF+w3yQU+d+rhG9Ga_e4BX3KsEjGAjXzQ@mail.gmail.com> <2c0f8002-966e-0e40-cc85-0a6ba3e58916@gmx.net> <D423EAA1.6AC63%goran.selander@ericsson.com> <060bdcd2-5edb-d324-05d8-38ce63b5afcf@gmx.net>
In-Reply-To: <060bdcd2-5edb-d324-05d8-38ce63b5afcf@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; boundary="Apple-Mail-1FA6460A-72A4-4F04-8A65-6AF92BD791A3"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrDIsWRmVeSWpSXmKPExsUyM2K7k6657r9wg1nLjCy+f+thtli68x6r xZy1e9kcmD0Wb9rP5rFkyU8mj95jv9kCmKO4bFJSczLLUov07RK4MhY8Ws9asCG+4tKEY4wN jPdiuhg5OSQETCT2T/rN3MXIxSEksJ5RYs+2sywgCSGBJYwSWzvyQGw2AReJBw2PmEBsEQFD ieszp7OC2MwC9hIn5kxmBrGFBdIlzrR3s0PUZEgsenuPBcJ2k7h/5BZQDQcHi4CqxMy7MiBh XqDW1S17GSH2PmSUaHw0E6yeU8BaYvWdzWwgNqOAmMT3U2uYIHaJS9x6Mp8J4mgRiYcXT7NB 2KISLx//YwUZxCwwmVHiyc1XjBAbBCVOznzCMoFReBaS/lnI6mYhqYMo0pTY370cylaUmNL9 kB3CtpaY8esgG4RtKvH66EdGZDULGDlWMYoWpxYX56YbGemlFmUmFxfn5+nlpZZsYgTG28Et v612MB587niIUYCDUYmHd4HG33Ah1sSy4srcQ4wqQHMebVh9gVGKJS8/L1VJhPeU1r9wId6U xMqq1KL8+KLSnNTiQ4zSHCxK4rxmK++HCwmkJ5akZqemFqQWwWSZODilGhjNV59+ecq+QaZY 78CZmUcNkhaZz/ZtUz1gOUdvCgNj/Gq9XW6xn64WWDn+/tR0UTqxYGPlsUXxeme/v21jmqai sGye4JWMAKXzUQambc/PNCYtOfuw6NY1cxnB7iM8/o8iBZedrLZkudCq7dCQ8EZdpjZqHdOC pbsKnvBt6N3gpVV9Y9LBtepKLMUZiYZazEXFiQA3eg3fvwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/I6LwejUTgql2VHAdxL58r8SXwAA>
Cc: Marco Tiloca <marco@sics.se>, "Ace@ietf.org" <Ace@ietf.org>
Subject: Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 12:31:56 -0000
Hi Hannes, I must admit I didn't understand that was the conclusion. So, is source authentication mandatory or not? "decoupled" meant that we could work on a solution which allowed to be adapted to all symmetric or asymmetric keys, much in the sense Abhinav expressed in the referred link. Göran > On 12 okt. 2016, at 13:50, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > > Hi Goeran, > > there was never any doubt that we can use COSE to design a security > solution using the already existing building blocks. > > Btw, in the meanwhile we have actually concluded the discussion in ACE > on the group communication security topic, see > https://www.ietf.org/mail-archive/web/ace/current/msg01967.html > > Ciao > Hannes > > PS: You cannot decouple the question of adoption of > draft-somaraju-ace-multicast-01 from the question of source > authentication since this was the core issue of the debate. > >> On 10/12/2016 01:31 PM, Göran Selander wrote: >> >> Hi Hannes, >> >> I’m a bit surprised at your reaction. If you have followed the discussion >> on OSCOAP you know that one recurring request has been on support for >> multicast. This draft is addressing that request. >> >> draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group >> communication and we propose this draft to be the way to extend OSCOAP for >> that purpose. >> >> In the "controversial, long, and tough” discussion you refer to, one >> central issue relates to the use of symmetric keys only in group >> communication. Our draft mandates the use of asymmetric keys since that >> provides source authentication. Should it be agreed that source >> authentication for some purpose is not necessary, it is a simple >> modification of this draft - simply making the counter signature in the >> COSE object non-mandatory. >> >> It was our hope that we in this way can decouple the question of adoption >> of draft-somaraju-ace-multicast-01 from the question of source >> authentication. >> >> Göran >> >> >> >> >> On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig" >> <ace-bounces@ietf.org on behalf of hannes.tschofenig@gmx.net> wrote: >> >>> Hi Marco, Hi Francesca, Hi Goeran, >>> >>> I am a bit surprised about your document submission since you guys have >>> been pretty silent in the group communication security discussion, which >>> was quite controversial, long, and tough. That's where your support >>> would have been needed. Adding the few small bits to the already written >>> draft isn't the problem. >>> >>> Ciao >>> Hannes >>> >>>> On 10/12/2016 10:12 AM, Marco Tiloca wrote: >>>> Dear CoRE/ACE, >>>> >>>> We have submitted a draft on secure group communication for CoAP >>>> addressing security for the setting of a multicast CoAP request with >>>> unicast responses as described in RFC7390. >>>> >>>> This draft builds on the recently updated version of OSCOAP, extended >>>> with mandatory Sender ID and multiple Recipient Contexts. It also >>>> enables source authentication with asymmetric signatures implemented as >>>> counter signatures included with the COSE objects defined by OSCOAP. >>>> >>>> We hope that by submitting now we could get some first discussion to >>>> allow updates before the cutoff. >>>> >>>> This draft provides the missing link between >>>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP. >>>> >>>> Best regards, >>>> Marco >>>> >>>> >>>> ---------- Forwarded message ---------- >>>> From: ** <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> >>>> Date: Wed, Oct 12, 2016 at 9:27 AM >>>> Subject: New Version Notification for >>>> draft-tiloca-core-multicast-oscoap-00.txt >>>> To: Marco Tiloca <marco@sics.se <mailto:marco@sics.se>>, Goeran Selander >>>> <goran.selander@ericsson.com <mailto:goran.selander@ericsson.com>>, >>>> Francesca Palombini <francesca.palombini@ericsson.com >>>> <mailto:francesca.palombini@ericsson.com>> >>>> >>>> >>>> >>>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt >>>> has been successfully submitted by Francesca Palombini and posted to the >>>> IETF repository. >>>> >>>> Name: draft-tiloca-core-multicast-oscoap >>>> Revision: 00 >>>> Title: Secure group communication for CoAP >>>> Document date: 2016-10-12 >>>> Group: Individual Submission >>>> Pages: 15 >>>> URL: >>>> >>>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0 >>>> 0.txt >>>> >>>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap- >>>> 00.txt> >>>> Status: >>>> https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/ >>>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/> >>>> Htmlized: >>>> https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00 >>>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00> >>>> >>>> >>>> Abstract: >>>> This document describes a method for application layer protection of >>>> messages exchanged with the Constrained Application Protocol (CoAP) >>>> in a group communication context. The proposed approach relies on >>>> Object Security of CoAP (OSCOAP) and the CBOR Object Signing and >>>> Encryption (COSE) format. All security requirements fulfilled by >>>> OSCOAP are maintained for multicast CoAP request messages and related >>>> unicast CoAP response messages. Source authentication of all >>>> messages exchanged within the group is ensured, by means of digital >>>> signatures produced through asymmetric private keys of sender devices >>>> and embedded in the protected CoAP messages. >>>> >>>> >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of >>>> submission >>>> until the htmlized version and diff are available at tools.ietf.org >>>> <http://tools.ietf.org>. >>>> >>>> The IETF Secretariat >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ace mailing list >>>> Ace@ietf.org >>>> https://www.ietf.org/mailman/listinfo/ace >> >> _______________________________________________ >> Ace mailing list >> Ace@ietf.org >> https://www.ietf.org/mailman/listinfo/ace >
- [Ace] [core] Fwd: New Version Notification for dr… Marco Tiloca
- Re: [Ace] [core] Fwd: New Version Notification fo… Hannes Tschofenig
- Re: [Ace] [core] Fwd: New Version Notification fo… Göran Selander
- Re: [Ace] [core] Fwd: New Version Notification fo… Hannes Tschofenig
- Re: [Ace] [core] Fwd: New Version Notification fo… Kumar SS, Sandeep
- Re: [Ace] [core] Fwd: New Version Notification fo… Göran Selander
- Re: [Ace] [core] Fwd: New Version Notification fo… Göran Selander