Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 12 October 2016 11:50 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB621294D4 for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 04:50:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.597
X-Spam-Level:
X-Spam-Status: No, score=-5.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9wlDLg6LOwO for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 04:50:45 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36DF71294D2 for <Ace@ietf.org>; Wed, 12 Oct 2016 04:50:45 -0700 (PDT)
Received: from [192.168.91.134] ([80.92.121.244]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MAyZg-1bkMRJ1LFs-009xgb; Wed, 12 Oct 2016 13:50:41 +0200
To: Göran Selander <goran.selander@ericsson.com>, Marco Tiloca <marco@sics.se>, "Ace@ietf.org" <Ace@ietf.org>
References: <CABFpCtAqw53V9VfReuF+w3yQU+d+rhG9Ga_e4BX3KsEjGAjXzQ@mail.gmail.com> <2c0f8002-966e-0e40-cc85-0a6ba3e58916@gmx.net> <D423EAA1.6AC63%goran.selander@ericsson.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <060bdcd2-5edb-d324-05d8-38ce63b5afcf@gmx.net>
Date: Wed, 12 Oct 2016 13:50:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <D423EAA1.6AC63%goran.selander@ericsson.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="B0viD8JvbCDnSWbIiViVKdP74s8bP7X5W"
X-Provags-ID: V03:K0:Euzvd7peO+K38lJxufbzsDi+CHkfTPPUyf611e4fEto26iKin4X J6ILRhRGARryqnM+mhuL/IylXy4E8TSvv5aC/H62brrgwT2oRc7kuonqe/WNhn7yjqptFe1 +S3qnqWsNrxuLxEImr2dShE73LyKqtJ48YqLOLBaDaDG7nEL0xQPCdSkQZOo6h9MCcw/RjS 6WytPG2L/WLdKPDlFg53w==
X-UI-Out-Filterresults: notjunk:1;V01:K0:bn1BkKadfC8=:1j0wyKOEKQ5gFgAHUNAFSj 0/mAnagmdt8g7rDirgQsD5LJFNSZ76VWBWrADXDiiMyGrk7XdEUUFUS4XuVkYiakQHMkzhh8m ndjc8F1dMvo5xhPEAY/+yqjGuipyLT1hBnWp/1zOtAe0T6fT9F2sAatnt+Ub+g83uNhALNa6m hfj7ZLqUpOt6RB+A11+OrYP9GViqb1sFCczXSqQCmodcGev9nPK1358KuLU6JnqcBhNutbWYr GE04mb1RlXbdGBUprxdT8erTkGmxGaZGG4L1WoxNPdch9MN8vQkKQ3swFT4odStSryWscERPo eOfWCq8HYfxdyUjrSBuGth75ShuiWpHrtGjwXTLf6FqMOcVGhlqIj8XCxXFIxt8RhjnJTcLLb p2tZp1FbftxUZG1npPn2Veahk3VWPFp8VhOwMtROCZuzVwK7Dfx20ysSkwYprNiulVtEVos64 fA36O6JZ5JFm5VJ529f9rxUzptYAJGi1PaZ3bwn7ovn55ER1fTMeuR3iX8mcxfZ3ytfgBW3fA 64Bm4CfT8CtAcXNvNA2ctwdnC1gEbxbVt0vWu+RLLwxM4xgQZv+/XVfbT0U+zrxPaHLj3npoy kgcuH6S1c6EeSma+IePt4SAJeh1t5LqS4YzV4cq8m3jScCX6+H1c5SLycCBIGWqyxwMCa+B4J 7GB2V+LvIVYX/MtV6nRwq/9yz3MvrPfqtABElnoGF8sKegFL2ARPP83gbLx7WvtA7SDnX3u9K tDTjHMuoswhgdyiAk3tCeBM8lxQpk6CeUKywjaty0C47Eg78uki5scN6lIk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/ZXH74rjfHEm7CSWnlhz26nvGo6M>
Subject: Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 11:50:48 -0000
Hi Goeran, there was never any doubt that we can use COSE to design a security solution using the already existing building blocks. Btw, in the meanwhile we have actually concluded the discussion in ACE on the group communication security topic, see https://www.ietf.org/mail-archive/web/ace/current/msg01967.html Ciao Hannes PS: You cannot decouple the question of adoption of draft-somaraju-ace-multicast-01 from the question of source authentication since this was the core issue of the debate. On 10/12/2016 01:31 PM, Göran Selander wrote: > > Hi Hannes, > > I’m a bit surprised at your reaction. If you have followed the discussion > on OSCOAP you know that one recurring request has been on support for > multicast. This draft is addressing that request. > > draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group > communication and we propose this draft to be the way to extend OSCOAP for > that purpose. > > In the "controversial, long, and tough” discussion you refer to, one > central issue relates to the use of symmetric keys only in group > communication. Our draft mandates the use of asymmetric keys since that > provides source authentication. Should it be agreed that source > authentication for some purpose is not necessary, it is a simple > modification of this draft - simply making the counter signature in the > COSE object non-mandatory. > > It was our hope that we in this way can decouple the question of adoption > of draft-somaraju-ace-multicast-01 from the question of source > authentication. > > Göran > > > > > On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig" > <ace-bounces@ietf.org on behalf of hannes.tschofenig@gmx.net> wrote: > >> Hi Marco, Hi Francesca, Hi Goeran, >> >> I am a bit surprised about your document submission since you guys have >> been pretty silent in the group communication security discussion, which >> was quite controversial, long, and tough. That's where your support >> would have been needed. Adding the few small bits to the already written >> draft isn't the problem. >> >> Ciao >> Hannes >> >> On 10/12/2016 10:12 AM, Marco Tiloca wrote: >>> Dear CoRE/ACE, >>> >>> We have submitted a draft on secure group communication for CoAP >>> addressing security for the setting of a multicast CoAP request with >>> unicast responses as described in RFC7390. >>> >>> This draft builds on the recently updated version of OSCOAP, extended >>> with mandatory Sender ID and multiple Recipient Contexts. It also >>> enables source authentication with asymmetric signatures implemented as >>> counter signatures included with the COSE objects defined by OSCOAP. >>> >>> We hope that by submitting now we could get some first discussion to >>> allow updates before the cutoff. >>> >>> This draft provides the missing link between >>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP. >>> >>> Best regards, >>> Marco >>> >>> >>> ---------- Forwarded message ---------- >>> From: ** <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> >>> Date: Wed, Oct 12, 2016 at 9:27 AM >>> Subject: New Version Notification for >>> draft-tiloca-core-multicast-oscoap-00.txt >>> To: Marco Tiloca <marco@sics.se <mailto:marco@sics.se>>, Goeran Selander >>> <goran.selander@ericsson.com <mailto:goran.selander@ericsson.com>>, >>> Francesca Palombini <francesca.palombini@ericsson.com >>> <mailto:francesca.palombini@ericsson.com>> >>> >>> >>> >>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt >>> has been successfully submitted by Francesca Palombini and posted to the >>> IETF repository. >>> >>> Name: draft-tiloca-core-multicast-oscoap >>> Revision: 00 >>> Title: Secure group communication for CoAP >>> Document date: 2016-10-12 >>> Group: Individual Submission >>> Pages: 15 >>> URL: >>> >>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0 >>> 0.txt >>> >>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap- >>> 00.txt> >>> Status: >>> https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/ >>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/> >>> Htmlized: >>> https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00 >>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00> >>> >>> >>> Abstract: >>> This document describes a method for application layer protection of >>> messages exchanged with the Constrained Application Protocol (CoAP) >>> in a group communication context. The proposed approach relies on >>> Object Security of CoAP (OSCOAP) and the CBOR Object Signing and >>> Encryption (COSE) format. All security requirements fulfilled by >>> OSCOAP are maintained for multicast CoAP request messages and related >>> unicast CoAP response messages. Source authentication of all >>> messages exchanged within the group is ensured, by means of digital >>> signatures produced through asymmetric private keys of sender devices >>> and embedded in the protected CoAP messages. >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of >>> submission >>> until the htmlized version and diff are available at tools.ietf.org >>> <http://tools.ietf.org>. >>> >>> The IETF Secretariat >>> >>> >>> >>> >>> _______________________________________________ >>> Ace mailing list >>> Ace@ietf.org >>> https://www.ietf.org/mailman/listinfo/ace >>> >> > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace >
- [Ace] [core] Fwd: New Version Notification for dr… Marco Tiloca
- Re: [Ace] [core] Fwd: New Version Notification fo… Hannes Tschofenig
- Re: [Ace] [core] Fwd: New Version Notification fo… Göran Selander
- Re: [Ace] [core] Fwd: New Version Notification fo… Hannes Tschofenig
- Re: [Ace] [core] Fwd: New Version Notification fo… Kumar SS, Sandeep
- Re: [Ace] [core] Fwd: New Version Notification fo… Göran Selander
- Re: [Ace] [core] Fwd: New Version Notification fo… Göran Selander