IETF Logo Mail Archive

Re: [Ace] draft-ietf-ace-cmpv2-coap-transport-00.txt - do not mention V" of CMP in the document

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 12 March 2021 10:07 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BCA03A1734 for <ace@ietfa.amsl.com>; Fri, 12 Mar 2021 02:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gur_moQB81AD for <ace@ietfa.amsl.com>; Fri, 12 Mar 2021 02:07:50 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2047.outbound.protection.outlook.com [40.107.21.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC2EB3A1728 for <ace@ietf.org>; Fri, 12 Mar 2021 02:07:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hMhRx/DjX/6GP7FyW/DW+KM3T2NeS0fJ6S8wuMupFtsWSiyGgn2IOfJWFC7XtDdaDpuj8MSCqeftALhw7HlBo4GiEkKdx6oVxUXu7lCXHhyhvOOadH3vxaniyqZcCScBYcLOSumjldn9kGsHRfvsY09SgEyIiQpUyv74kjOl8BTku/49NXMKC6cJ+VwquK8R9kNa+P2jd7UdVN1yOgTiJQfMix/dqrGetwDsavGtICody9NAGWrduqx0TM8xAGpQGJ69ogKjjP++Efe1NQbOWHyETYBx7esMHBgPWSZl8nfAXB+cQ2J/F/Pm/O88FLerj/tasGtSbJudqiQ6irHEOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6uAuSCx4I716//e4xWIa8RMFSKUORg32GNyTtg98z3k=; b=WVKRvQtJ5caAjpvuJbFjCg2tk3q8bIfC+CzFm3LU2+z6Z6j00q98mq3KZMxDflzjdd1JeTv7tJ9uDVIHpWIq2xHg8AEoAMa3Yi/b9/GgWqJ4T1IEOofmOjH21AGcpf0oQ8e+S+VAEq41FaRU/2A2UfT34Wp+KXpR843tNay0ss76DPZJdYkthVQcUTGgSrvmLJuANbf3/8YbAlHIdoWpA94XZCZ2LJz5n12NzzeGopRjsdjuEljIQ7hM6wblKW3dVWgVpsBKoaCkLQWECRgDgDKrKOxJfNAU023mtiLtW85I6RYvcNYYZh68QK7V5u3h8/eCDqF0yZhXv2QCW38QPw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6uAuSCx4I716//e4xWIa8RMFSKUORg32GNyTtg98z3k=; b=lYgKWjWZ6etlvV9krHQQD67yPcKMO9pTz2SsQiu91XpMGVQo9QKLxMKZfNuiqakQ4GVxWo0SWeQrmhxMt3VFJGaz8PmnRokoueCTpKzB3oVKz1xm6xpTqSd7Wigej0QoyFgNOUBvqImoARwyVUzEd2iy48J5D2+bpak7REN0Ovk=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM8PR10MB4147.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1eb::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Fri, 12 Mar 2021 10:07:47 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d199:e33a:ff08:75b1]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d199:e33a:ff08:75b1%3]) with mapi id 15.20.3912.029; Fri, 12 Mar 2021 10:07:47 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>, Mohit Sahni <mohit06jan@gmail.com>
CC: "ace@ietf.org" <ace@ietf.org>, "Kretschmer, Andreas" <andreas.kretschmer@siemens.com>
Thread-Topic: draft-ietf-ace-cmpv2-coap-transport-00.txt - do not mention V" of CMP in the document
Thread-Index: AdcR5NE+vFPalG7FQ6mvVwMqQIw/LgD+JIiAAC8GgAAAAWWhAAAh6Fmg
Date: Fri, 12 Mar 2021 10:07:47 +0000
Message-ID: <AM0PR10MB2418DCD90001A623466FFE8AFE6F9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <AM0PR10MB24186B276EBD30EE32A7A87BFE969@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <CAEpwuw167FdJzQYLK2ZV0B_6=2edV+wj9zKDnpbiN-0aTgNL=g@mail.gmail.com> <4f9d9e3f-be6a-9fe7-40b2-1f018df1742a@siemens.com> <ea9d4f16-8744-c757-6b81-f22b3ff77e5d@siemens.com>
In-Reply-To: <ea9d4f16-8744-c757-6b81-f22b3ff77e5d@siemens.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-12T10:07:45Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=d3f8fb0b-c0a2-48ca-8c3e-4ac9e39992ed; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: siemens.com; dkim=none (message not signed) header.d=none;siemens.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.169.29]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a59db1d2-2294-4a91-cc28-08d8e53eafde
x-ms-traffictypediagnostic: AM8PR10MB4147:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM8PR10MB41473F82F16F3ABD8F9194D6FE6F9@AM8PR10MB4147.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OaLnzDC0X4E0Ti0rmApoxT0iWmKVSqTib10Fb//LsDRiywK1ZYu2ve693/Bfc1T+a7ACsayMYJEhiLiXIAMbPInKW8b6KGlKAwdTTL4w5wxWqHT044scXG0ysPnCXMONuCahJNXW5tv5R0P9vSf5PQ1Da3KZdzH4B8pEzq2VvjVlzLbeHDPM/mbu8zBVvxe33xNtcif6ANzHgaOrQk/M90bqcjZrXHK77u7eRwI2G9/7y7jWt0ugekrdX3G59r3CIH34RM1Y0O5hZ7UEBih06Zj4fb1400EqEvBpZCzTbgbxNyRTNayjRBJ2BmdKeaq41Cm7elxSoHDydFmGjdolCfZ97DXnmlFslFWgccrVT/4svo1ham0sfGoMQOIucu3KA6mnw5VNg4nP3I3rBdiF4npUI2DOBL1Uwwt06WMPU9yj1yXGHcp+ChwGrkRsIPEHGkRtdPHMk+uhbBpKfGJg8l4+dqtsdvbm/3d08ckIhBfuDniOsNFlg+OW7x2qXeZQLSVEBTV0VbRZEOSBXBnBjSPQJG8LrET/GB2lVFYoiVGCYw+MdQz/6IjR3YocXnDQ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(39860400002)(136003)(376002)(396003)(71200400001)(86362001)(5660300002)(54906003)(52536014)(66556008)(64756008)(66476007)(66446008)(66946007)(2906002)(8936002)(110136005)(8676002)(7696005)(6506007)(33656002)(66574015)(83380400001)(478600001)(26005)(186003)(107886003)(76116006)(4744005)(316002)(9686003)(55016002)(4326008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: rQSmF4QCp4VNInO1Mt8+BZ4fIDKJMC54ND+pdyhTL0NebJ10E0UyjaEW35jT9QvgVJARKHVKtgDIv7RDumJdwes4enx5ThAhxJk26WEBRuiONlpV2agI/b17lThei1L+glYzNxC4BSQ/4iZSJ22EoEerCi8XJqxvPHv95xhrQIxLvQG6qgsKs79XRCFU9C7c08FjFtXEp5SFv+UNuBMpUMXnQUkjeZm/aTcRAtOOZU7ZwuF6//S31FFj8ddKxxkabpDBwOPgAMFFoDEjaKhIVGyLPFPONlOd2zQZUT6qVy4HyKfPWQVjlCZgITTzhddaggeOhVqHTWJSsH0ywEFaQtlNvZT2FVRALKypeH0MYOWZMCViPDKhUJLakaHmxKkg0O+jlbXQGm0Se0MVj5mihTMBna/VvCpzXJBR4rX+ldM6aVX+HmCdnanBl6UKmJjQZkE1cRNQNXrr9iu3Jr3GeOdKbXm9vltYzYa0ZTw4q9ev73r9c7E1Pu/bShd7spdxOnjwC/CkisMebRv5egV7YYO1RgKVdKtGkeHTLPiyYBxA1859y0rnmKvqsQpSMDVsVhorslaUzzWO/RACzdpypfvj920nP2giJGxtdYxxOK7KUurTnyyzvgw4IWzyB1QStHPQlLyhA27+EM6C2HxbxoM5iKhXlGHNLophhVWVng7fqcc+1P8VKazkemiVq2SraoWicwNAzGXYsbnBk2RWB4sK/StjL3IxKuX3cgIIDs6UuJwjRaEu+C2HIWgG1UJO8060OBbEa9gChl3wpj9I4HyobEg0BPi68MmYj8Kr4ef8AIsmZzycBbVQRtYISLQfS4X1NoJJY1dlYgkurhJtQ+IRLO9TqzmtFkc0dC5h5xyOBZrjnZUiupD4gupubUvbBjTEbSqjqOlOzdDm7hxuJ4Xj/ccZ09AW2t07tmwgksXsDyTZcMgiRbjtX8FpT8GtkRHwXexiUWWZNVLU7BkoqW6skRBU2Ip+I6IcleLpPmBuzLk25xUwZA3vjcH0NzIGrFLZGInTs2AXeSr8mbgFK+4HZtHV0+C3t+qRD7zBf5F/p/QXib9/ftZsRgkg4ulgGDM89bGHNWcIIRMG0BNLWDPFhVWjIhLZ7IU3eRr/zZzNdgHKDE78aHuZUztL0LJghMImUx1i2ZZTsLnddAK+5u0z8DtZOdmbgBS9Vy9h/l0lYox+FSNwVL22jXMlJhdelAI9959nD1EZZ8kEBEAe5yD24hV7wt8TcTRKqJSJkluDzO+eSJ4rGz0hbDm+2sLz2hv1LXTqQyh6rgn2720H2GqV4SKVa5hqL+BmsZae4BwcNQJmHqB9NTBfOPsH8VrE
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a59db1d2-2294-4a91-cc28-08d8e53eafde
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2021 10:07:47.2993 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B143yzJsW6Flrbl701mKJ2oJuxBC21TIjaj1KM6jX/GGa13Rj3cE+Enw2NWEeMhlkLKPMrvEm+0HuLpqkRMgyGKO/qF0lH3ACcBF/mYFLQo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4147
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/MFvrBuciUKdqFhRDvxGP1gJtvo8>
Subject: Re: [Ace] draft-ietf-ace-cmpv2-coap-transport-00.txt - do not mention V" of CMP in the document
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 10:07:52 -0000

David, Mohit

> Von: David von Oheimb <David.von.Oheimb@siemens.com> 
> Gesendet: Donnerstag, 11. März 2021 18:51
>
> To reduce the DoS risk in particular with the need to split larger messages into smaller chunks to re-assemble them later,
> it should be pretty helpful if both sides of the connection minimize the number and contents of CMP message fields as far as possible,
> for instance by leaving out unimportant optional fields, using short strings, preferring PBM-based protection, and generally (also for the certificates being managed) using ECC rather than RSA. 
> I suggest placing some remark like this in sections 2.6 and/or 5.

I would not put too many CMP specific recommendations regarding profiling CMP into the CoAP draft to keep the scope focused. I think a general recommendation to try to keep the CMP messages lean should do.

Hendrik

v2.23.0 | Report a Bug | By Email