IETF Logo Mail Archive

Re: [Ace] ace-coap-est: unclear definition of /.well-known/est URI

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Mon, 24 September 2018 14:24 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 879C4130F19 for <ace@ietfa.amsl.com>; Mon, 24 Sep 2018 07:24:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hbezkblyAXS for <ace@ietfa.amsl.com>; Mon, 24 Sep 2018 07:24:36 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E53EC130EE8 for <ace@ietf.org>; Mon, 24 Sep 2018 07:24:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13628; q=dns/txt; s=iport; t=1537799075; x=1539008675; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=SO2xkr5rMixf5jfDEFQYZJcm9ModytQ8kCnYuP+G1qc=; b=JGZ/u53bILTuxx9pt9wpLuL9OQO4kVYrQHhFuXF1iPPAMwPMY3ja6uU4 Lp9KXceUGn7OOsb/z2zDt4hxp4RMzDn169RVOzRBwFb0lcXSQzuvEvxkg EzljNHiLE1xUO4d1YN0yfheQscZmq+YpVaPGLFuQmlPTcXV3TQDiUQy8Z Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0APAACq8qhb/5ldJa1aGQEBAQEBAQEBAQEBAQcBAQEBAQGBU4EVd2V/KAqDapQ9gg2RE4U8FIFmCxgBCoRJAheDQiE2FgEDAQECAQECbRwMhTgBAQEBAwEBIQpBCxACAQgRBAEBKAMCAgIlCxQJCAIEAQ0FCIMagR1kD6IlgS6KBYp4F4FBP4ESgxKDGwEBgS4BEgEJLR8IgkOCVwKIJIVGjxUJAoZBiV4fgUVKhw2GEJRiAhEUgSUkDSQnPXFwFTuCbAmCHBeDRoUUhT5vinuBH4EeAQE
X-IronPort-AV: E=Sophos;i="5.54,298,1534809600"; d="scan'208,217";a="175888104"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Sep 2018 14:24:34 +0000
Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id w8OEOYc0020729 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 24 Sep 2018 14:24:34 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 24 Sep 2018 09:24:33 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1395.000; Mon, 24 Sep 2018 09:24:33 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>, Esko Dijk <esko.dijk@iotconsultancy.nl>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] ace-coap-est: unclear definition of /.well-known/est URI
Thread-Index: AdRKqeFCUK1AzigFR5qvzUaQ2+R0GgAAdGzwAJTV7HAAalmT4AAs2fUAAG/bcYAAAC+wgAAA44oAAArrm4AAGMu/AACWa0kAAAI4qeA=
Date: Mon, 24 Sep 2018 14:24:33 +0000
Message-ID: <eef37a6202fb433cb28e14fe00af6c83@XCH-ALN-010.cisco.com>
References: <DB6P190MB005479015E3F02D4028541A9FD1B0@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <39ff6ec1903c4c3a9d333c41a38a1ad9@XCH-ALN-010.cisco.com> <DB6P190MB00548845B38C0B0DF2380CD1FD180@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <fc396115e9a54f80babfe9a9f5ae9e74@XCH-ALN-010.cisco.com> <DB6P190MB005441A30B3C3414EFF55D5EFD1D0@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <26476.1537455069@localhost> <1c3188c5281a3bc921b97c9c7bc6b053@bbhmail.nl> <DB6P190MB00547429FEA6C0B70337AB69FD130@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <7584.1537475677@localhost> <DB6P190MB0054BB06A482C9E5BE1A1E9FFD120@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM> <245cff4973f04818a2b8d14a75dc56d0@bbhmail.nl>
In-Reply-To: <245cff4973f04818a2b8d14a75dc56d0@bbhmail.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.108.5]
Content-Type: multipart/alternative; boundary="_000_eef37a6202fb433cb28e14fe00af6c83XCHALN010ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.37.102.18, xch-rcd-008.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/QNhHBENtknZzvO7mbCN9w9gXw7w>
Subject: Re: [Ace] ace-coap-est: unclear definition of /.well-known/est URI
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2018 14:24:42 -0000

EST by default runs on port 443 over TLS. It does not have any special port. Discovery is not defined in 7030. It is defined in BRSKI. And it based on GRASP or mDNS service discovery.

I think it is not necessary to define a default port. The default COAPS UDP 5684 suffices. Now if a server wants to advertise a different port then we would need the full URI with the port.

From: Peter van der Stok [mailto:stokcons@bbhmail.nl]
Sent: Monday, September 24, 2018 4:12 AM
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; Panos Kampanakis (pkampana) <pkampana@cisco.com>; consultancy@vanderstok.org; ace@ietf.org
Subject: Re: [Ace] ace-coap-est: unclear definition of /.well-known/est URI

Hi,

What do I read?
when you do GET coap://example.com/.well-known/core
The discovery is on port 5683.
When you do GET coaps://example.com/.well-known/core
the discovery port is 5684.

I agree that we did not assign a port to coaps://example.com/est for that matter,
and as such the example is incorrect. Will we make the port discoverable?

RFC 7030 does not ask a port number from IANA.
And a search through IANA port numbers on "est" does not yield anything.

Any suggestions? or improve my knowledge.

Peter

Esko Dijk schreef op 2018-09-21 10:24:
I've asked if discovery is always required, permitted, or encouraged.

Normally it is always encouraged to use discovery in favour of fixed URIs at the server, to avoid specs squatting the URI namespace. But in our case the /.well-known/est space is already assigned (RFC 7030) so we have to support it also in coaps-est and no additional squatting takes place. Besides support for the well-known URI location, discovery by a client is permitted to find "ace.est" type resources at other places e.g. to get shorter URIs or to get 6lowpan-compressible port numbers, or both.


I.e. - can the client avoid the round trip to do the discovery?
     - does the server have to provide the discovery?
     -- if not, what does a client do that performs the discovery and fails?
I've been told it was required.

- So it can't be required for the client, is my opinion.
- The server must support it (being a good CoAP-citizen) in some way as in the previous email.
- If it fails, the client might try another time using the /.well-known/est resource, or retry the discovery later on. (There could be various implementation-specific tactics here. Maybe the IP address of the EST server was configured wrongly; and the process that lead to this IP address can be redone by the client.)

Esko


_______________________________________________
Ace mailing list
Ace@ietf.org<mailto:Ace@ietf.org>
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email