Re: [Ace] Embedded Content Types

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 21 February 2019 21:32 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3AFC131282; Thu, 21 Feb 2019 13:32:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyfOtMnpqut2; Thu, 21 Feb 2019 13:32:19 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52C7A131278; Thu, 21 Feb 2019 13:32:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3216; q=dns/txt; s=iport; t=1550784739; x=1551994339; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=SHANmN9FHWxyPQpj/xfUV/WG0n3i7JiyzmA8gOLbpe0=; b=JTNo7dNCibxGmtD+UZjLAK4csAvnivla9pTwSeyrwPMNSrekQtA01zCB J74VeiXmME9+2rNDzY5izEJhzV1X+YcQfNgdP3K6bPY4oeiObxpDaM1Mn SrVxmHeWDJbv0/wsNzw9U+nxKUI3PGxZdALSrKrudcz3RzTb59uOk1X2y 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ADAAACGG9c/4wNJK1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBUQQBAQEBAQsBgVQvgWonCoN9iBqNYpgegXsLAQGEbAI?= =?us-ascii?q?Xg2MiNAkNAQMBAQIBAQJtKIVKAQEBBCMRRQwEAgEGAg4DBAEBAQICJgICAjA?= =?us-ascii?q?VCAgBAQQOBQiFC5B5m2GBL4ovgQuLPReBQD+DbjWEay2CcoJXAqNTCQKSVCG?= =?us-ascii?q?TC4kRkz8CERSBKB84gVZwFYMnkF1BMY5sgR8BAQ?=
X-IronPort-AV: E=Sophos;i="5.58,396,1544486400"; d="scan'208";a="240141860"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Feb 2019 21:32:18 +0000
Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x1LLWIqq019798 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 21 Feb 2019 21:32:18 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 21 Feb 2019 15:32:17 -0600
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1395.000; Thu, 21 Feb 2019 15:32:17 -0600
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>, "Klaus Hartke" <hartke@projectcool.de>, "draft-ietf-ace-coap-est@ietf.org" <draft-ietf-ace-coap-est@ietf.org>
Thread-Topic: [Ace] Embedded Content Types
Thread-Index: AdTJQwabXPaUkoDzRkqcz/D5vJfkVwAH1C+AABSNAYAACQoogA==
Date: Thu, 21 Feb 2019 21:32:17 +0000
Message-ID: <38fa1ec646974a329c286279b3fa9ff0@XCH-ALN-010.cisco.com>
References: <02a201d4c945$eb10a510$c131ef30$@augustcellars.com> <17e617f1090e451c8b17f6550c2e213a@XCH-ALN-010.cisco.com> <CCD28BCC-16AA-492B-8E14-DAE9F2CF2E3C@tzi.org>
In-Reply-To: <CCD28BCC-16AA-492B-8E14-DAE9F2CF2E3C@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.243.182]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/OVUloJliReKmTY27CHzawWGflL4>
Subject: Re: [Ace] Embedded Content Types
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 21:32:25 -0000

Thanks Carsten. 

Let's say we use a query /skg?sk=xxx&spk=yyy. /skg/xxx,yyy is a different URI imo, so it changes the EST spec and that introduces changes that affect CAs that already implemented it. So let's say we do /skg?sk=xxx&spk=yyy. When I am doing resource discovery and the server is returning the content formats for skg, is he going to signal his supported formats with 
</est/skg>;rt="ace.est.skg";ct="62 xxx yyy"

RFC5272 says
> The Content-Format code "ct" attribute provides a hint about the 
> Content-Formats this resource returns.  Note that this is only a hint, 
> and it does not override the Content-Format Option of a CoAP response 
> obtained by actually requesting the representation of the resource. 
> [...] The Content-Format code attribute MAY include a space-separated 
> sequence of Content-Format codes, indicating that multiple 
> content-formats are available.

So it looks tome that ct="62 280 284 281 TBD287" could hint to the client that all the following formats are supported for the multipart. 

I had a chat with Klaus where he mentioned that he assumed the ct="63 xxx yyy" returned attribute values are the accepted values by the server in the "Accept" option. 


-----Original Message-----
From: Carsten Bormann <cabo@tzi.org>; 
Sent: Wednesday, February 20, 2019 8:11 PM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com>;
Cc: Jim Schaad <ietf@augustcellars.com>;; ace@ietf.org; Klaus Hartke <hartke@projectcool.de>;; draft-ietf-ace-coap-est@ietf.org
Subject: Re: [Ace] Embedded Content Types

On Feb 20, 2019, at 22:33, Panos Kampanakis (pkampana) <pkampana@cisco.com>; wrote:
> 
> If we broke the requests to different URIs, it means that a client needs to keep track of his transactions and on top of it he needs to correlate the key and the cert he receives at a later time.

I think this is just a misunderstanding — the idea wasn’t to supply the parts under different URIs, but to make up different URIs for retrieving the different combinations coming in one multipart-core, in one transaction.

As in

/skg?sk=284&spk=281

(Where sk is short for “secret key” and spk for “signed public key” — substitute your own names.)

or, say

/skg/284,281

This provides full format agility while preserving the interaction model.

Grüße, Carsten