Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 12 October 2016 11:50 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB621294D4 for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 04:50:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.597
X-Spam-Level:
X-Spam-Status: No, score=-5.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C9wlDLg6LOwO for <ace@ietfa.amsl.com>; Wed, 12 Oct 2016 04:50:45 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36DF71294D2 for <Ace@ietf.org>; Wed, 12 Oct 2016 04:50:45 -0700 (PDT)
Received: from [192.168.91.134] ([80.92.121.244]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MAyZg-1bkMRJ1LFs-009xgb; Wed, 12 Oct 2016 13:50:41 +0200
To: Göran Selander <goran.selander@ericsson.com>, Marco Tiloca <marco@sics.se>, "Ace@ietf.org" <Ace@ietf.org>
References: <CABFpCtAqw53V9VfReuF+w3yQU+d+rhG9Ga_e4BX3KsEjGAjXzQ@mail.gmail.com> <2c0f8002-966e-0e40-cc85-0a6ba3e58916@gmx.net> <D423EAA1.6AC63%goran.selander@ericsson.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <060bdcd2-5edb-d324-05d8-38ce63b5afcf@gmx.net>
Date: Wed, 12 Oct 2016 13:50:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <D423EAA1.6AC63%goran.selander@ericsson.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="B0viD8JvbCDnSWbIiViVKdP74s8bP7X5W"
X-Provags-ID: V03:K0:Euzvd7peO+K38lJxufbzsDi+CHkfTPPUyf611e4fEto26iKin4X J6ILRhRGARryqnM+mhuL/IylXy4E8TSvv5aC/H62brrgwT2oRc7kuonqe/WNhn7yjqptFe1 +S3qnqWsNrxuLxEImr2dShE73LyKqtJ48YqLOLBaDaDG7nEL0xQPCdSkQZOo6h9MCcw/RjS 6WytPG2L/WLdKPDlFg53w==
X-UI-Out-Filterresults: notjunk:1;V01:K0:bn1BkKadfC8=:1j0wyKOEKQ5gFgAHUNAFSj 0/mAnagmdt8g7rDirgQsD5LJFNSZ76VWBWrADXDiiMyGrk7XdEUUFUS4XuVkYiakQHMkzhh8m ndjc8F1dMvo5xhPEAY/+yqjGuipyLT1hBnWp/1zOtAe0T6fT9F2sAatnt+Ub+g83uNhALNa6m hfj7ZLqUpOt6RB+A11+OrYP9GViqb1sFCczXSqQCmodcGev9nPK1358KuLU6JnqcBhNutbWYr GE04mb1RlXbdGBUprxdT8erTkGmxGaZGG4L1WoxNPdch9MN8vQkKQ3swFT4odStSryWscERPo eOfWCq8HYfxdyUjrSBuGth75ShuiWpHrtGjwXTLf6FqMOcVGhlqIj8XCxXFIxt8RhjnJTcLLb p2tZp1FbftxUZG1npPn2Veahk3VWPFp8VhOwMtROCZuzVwK7Dfx20ysSkwYprNiulVtEVos64 fA36O6JZ5JFm5VJ529f9rxUzptYAJGi1PaZ3bwn7ovn55ER1fTMeuR3iX8mcxfZ3ytfgBW3fA 64Bm4CfT8CtAcXNvNA2ctwdnC1gEbxbVt0vWu+RLLwxM4xgQZv+/XVfbT0U+zrxPaHLj3npoy kgcuH6S1c6EeSma+IePt4SAJeh1t5LqS4YzV4cq8m3jScCX6+H1c5SLycCBIGWqyxwMCa+B4J 7GB2V+LvIVYX/MtV6nRwq/9yz3MvrPfqtABElnoGF8sKegFL2ARPP83gbLx7WvtA7SDnX3u9K tDTjHMuoswhgdyiAk3tCeBM8lxQpk6CeUKywjaty0C47Eg78uki5scN6lIk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/ZXH74rjfHEm7CSWnlhz26nvGo6M>
Subject: Re: [Ace] [core] Fwd: New Version Notification for draft-tiloca-core-multicast-oscoap-00.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 11:50:48 -0000

Hi Goeran,

there was never any doubt that we can use COSE to design a security
solution using the already existing building blocks.

Btw, in the meanwhile we have actually concluded the discussion in ACE
on the group communication security topic, see
https://www.ietf.org/mail-archive/web/ace/current/msg01967.html

Ciao
Hannes

PS: You cannot decouple the question of adoption of
draft-somaraju-ace-multicast-01 from the question of source
authentication since this was the core issue of the debate.

On 10/12/2016 01:31 PM, Göran Selander wrote:
> 
> Hi Hannes,
> 
> I’m a bit surprised at your reaction. If you have followed the discussion
> on OSCOAP you know that one recurring request has been on support for
> multicast. This draft is addressing that request.
> 
> draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group
> communication and we propose this draft to be the way to extend OSCOAP for
> that purpose.
> 
> In the "controversial, long, and tough” discussion you refer to, one
> central issue relates to the use of symmetric keys only in group
> communication. Our draft mandates the use of asymmetric keys since that
> provides source authentication. Should it be agreed that source
> authentication for some purpose is not necessary, it is a simple
> modification of this draft - simply making the counter signature in the
> COSE object non-mandatory.
> 
> It was our hope that we in this way can decouple the question of adoption
> of draft-somaraju-ace-multicast-01 from the question of source
> authentication.
> 
> Göran
> 
> 
> 
> 
> On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig"
> <ace-bounces@ietf.org on behalf of hannes.tschofenig@gmx.net> wrote:
> 
>> Hi Marco, Hi Francesca, Hi Goeran,
>>
>> I am a bit surprised about your document submission since you guys have
>> been pretty silent in the group communication security discussion, which
>> was quite controversial, long, and tough. That's where your support
>> would have been needed. Adding the few small bits to the already written
>> draft isn't the problem.
>>
>> Ciao
>> Hannes
>>
>> On 10/12/2016 10:12 AM, Marco Tiloca wrote:
>>> Dear CoRE/ACE,
>>>
>>> We have submitted a draft on secure group communication for CoAP
>>> addressing security for the setting of a multicast CoAP request with
>>> unicast responses as described in RFC7390.
>>>
>>> This draft builds on the recently updated version of OSCOAP, extended
>>> with mandatory Sender ID and multiple Recipient Contexts. It also
>>> enables source authentication with asymmetric signatures implemented as
>>> counter signatures included with the COSE objects defined by OSCOAP.
>>>
>>> We hope that by submitting now we could get some first discussion to
>>> allow updates before the cutoff.
>>>
>>> This draft provides the missing link between
>>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP.
>>>
>>> Best regards,
>>> Marco
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: ** <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>>
>>> Date: Wed, Oct 12, 2016 at 9:27 AM
>>> Subject: New Version Notification for
>>> draft-tiloca-core-multicast-oscoap-00.txt
>>> To: Marco Tiloca <marco@sics.se <mailto:marco@sics.se>>, Goeran Selander
>>> <goran.selander@ericsson.com <mailto:goran.selander@ericsson.com>>,
>>> Francesca Palombini <francesca.palombini@ericsson.com
>>> <mailto:francesca.palombini@ericsson.com>>
>>>
>>>
>>>
>>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt
>>> has been successfully submitted by Francesca Palombini and posted to the
>>> IETF repository.
>>>
>>> Name:           draft-tiloca-core-multicast-oscoap
>>> Revision:       00
>>> Title:          Secure group communication for CoAP
>>> Document date:  2016-10-12
>>> Group:          Individual Submission
>>> Pages:          15
>>> URL:           
>>>
>>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0
>>> 0.txt
>>>
>>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-
>>> 00.txt>
>>> Status:       
>>>  https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/
>>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/>
>>> Htmlized:     
>>>  https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00
>>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00>
>>>
>>>
>>> Abstract:
>>>    This document describes a method for application layer protection of
>>>    messages exchanged with the Constrained Application Protocol (CoAP)
>>>    in a group communication context.  The proposed approach relies on
>>>    Object Security of CoAP (OSCOAP) and the CBOR Object Signing and
>>>    Encryption (COSE) format.  All security requirements fulfilled by
>>>    OSCOAP are maintained for multicast CoAP request messages and related
>>>    unicast CoAP response messages.  Source authentication of all
>>>    messages exchanged within the group is ensured, by means of digital
>>>    signatures produced through asymmetric private keys of sender devices
>>>    and embedded in the protected CoAP messages.
>>>
>>>
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of
>>> submission
>>> until the htmlized version and diff are available at tools.ietf.org
>>> <http://tools.ietf.org>.
>>>
>>> The IETF Secretariat
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ace mailing list
>>> Ace@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ace
>>>
>>
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>