Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03
Cigdem Sengul <cigdem.sengul@gmail.com> Fri, 28 February 2020 09:45 UTC
Return-Path: <cigdem.sengul@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1500D3A144F for <ace@ietfa.amsl.com>; Fri, 28 Feb 2020 01:45:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3ejvdprxIP6 for <ace@ietfa.amsl.com>; Fri, 28 Feb 2020 01:45:35 -0800 (PST)
Received: from mail-vk1-xa34.google.com (mail-vk1-xa34.google.com [IPv6:2607:f8b0:4864:20::a34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3EFB3A144E for <ace@ietf.org>; Fri, 28 Feb 2020 01:45:35 -0800 (PST)
Received: by mail-vk1-xa34.google.com with SMTP id i78so755306vke.0 for <ace@ietf.org>; Fri, 28 Feb 2020 01:45:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XnZoyQXzOtF+2BP9H91EzXnwPVD3L3K+wQY0OwuO2B8=; b=PfIO+tFNoyODPx4LqdKr4IZwD74fShzuD6zSMTuJ8SFinEMZz6muc6ILXjfgVfkreZ 23V1G01kpf6ThhV12Nh474/5zT+fZtDcDGuGvj4ww8ziZWiouxuDpCNkgpzdkMRzF4O4 B+gjywGdOiLY0SAcZ/vwx5IAoJNoUO3GnsTbFefUtM3W6Mpkj1E+umrZg/N13TiZoDEu s2Tz8wvkrLVTfongdeklm2EG66YB53BX+0YJ3Dnc/JWCC8y3IXRFammeJiRQWtfnIoYh rpGFZB2Tt+08iuph+CJrKOnQOGobX2+7tytSMCdXQTEYOtjRa0tzY9ZizPnmZTy5dhZZ +KOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XnZoyQXzOtF+2BP9H91EzXnwPVD3L3K+wQY0OwuO2B8=; b=U1RdB+DBLptzK0bH8dSWIDIroViEvY5xdLnSjTQ51OKp3Kh7Fz4uC37Z1Me8HRek5y R+Mwl6SyYYuZMtKZaauIS1aOHcdnU7Jibvw9/eU117ULD6Geqr2PZOaEVL9rl8hcf7+y ixl+6hcft2WvL82FGqLaoM7Nsdsp59unYlX00lRLxQO2hR6YhjzszUcISuvb+p4j/bsa rBwpdO7QrCPRJC/QnAiktnmnaCeoIavp6ZuJ4MDMpwj0t5SLKGILhZf2iLOIkqxzGJgh WjuiczG6ETlNw9BkeTpFDr6iRETd3BRK7vCKmZZkLbKwg63vBcUwjFpWqeCMobieEHNl Ej5A==
X-Gm-Message-State: ANhLgQ3VsKOa7WH+c8pKev+6tol/gbMrJbA4Q+xaWqWrVfHccgjsOrFH nc2wPpVOWFVl9QBARfR5hCAl3IyxAt7gx17HNicSEBO+nHo=
X-Google-Smtp-Source: ADFU+vuBkr92zmH4FmVRKbS6zfjTexKMSh5fUm0Hayjm/GNUVWBqOwasayjtCjVuZ+XnEk+dc/PR6EZnph3hXmJ+Zng=
X-Received: by 2002:a1f:1bc3:: with SMTP id b186mr560955vkb.96.1582883134745; Fri, 28 Feb 2020 01:45:34 -0800 (PST)
MIME-Version: 1.0
References: <AM0PR08MB371601D0F66969D7ECB504AAFAED0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAA7SwCOnY1K=b=fYYMHH57ho0rFZRmN+EuT1K7qt7qxtN3fghw@mail.gmail.com> <AM0PR08MB37165CE98F43A5AEBDA3F411FAE80@AM0PR08MB3716.eurprd08.prod.outlook.com>
In-Reply-To: <AM0PR08MB37165CE98F43A5AEBDA3F411FAE80@AM0PR08MB3716.eurprd08.prod.outlook.com>
From: Cigdem Sengul <cigdem.sengul@gmail.com>
Date: Fri, 28 Feb 2020 09:45:25 +0000
Message-ID: <CAA7SwCMVnO2-SUNyH7bDQ1jEwdbxVsL5bySG72b8GD=HH16=3g@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "ace@ietf.org" <ace@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7b140059f9fb250"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/iqjH9IpiIhHdpmj6GPAGHRdfcT8>
Subject: Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 09:45:38 -0000
Hello Hannes, Thank you very much for your comments. My responses are inside. > > From the text you cited regarding MQTT v5 it is not backwards compatible > to version 3.1.1. The exact impact of working between two devices of > different versions has not been described in the spec either. The follow > sentence in your introduction can easily give readers the impression that > the two versions are backwards compatible. Here is the sentence: > > " It is expected that MQTT > deployments will retain backward compatibility for MQTT v3.1.1 > clients, and therefore, this document also describes a reduced set of > protocol interactions for MQTT v3.1.1 - the OASIS Standard > [MQTT-OASIS-Standard]. > " > Maybe you want to change the wording a little bit. I think the reason why > you want to describe a solution for v3.1.1 is that this is the widely > deployed version. > > I see where I am creating confusion. I should distinguish better that I expect solution providers to still support MQTT v3.1 clients by implementing both MQTT v5 and MQTT v3.1.1 servers, as you said because 3.1.1 is widely deployed. I was not meaning spec backward compatibility. > Regarding the broker term: It is probably a matter of taste but I would > refer to the terms used in the spec and would not replicate the terminology > from the OASIS MQTT specs in the draft. Someone who implements the draft will have to become familiar with MQTT > anyway. But that’s just me. For example, I often see people using the term > “certificate authorities (CA)” in their write-ups. RFC 5280 defines and > uses the term “certification authority (CA)". While the two sound and look > similar only one is actually correct. > OK, you suggest we use MQTT server. I expect broker is more widely-used in practice, and it is not a misspelling of another term either. I would want to keep it, but I would like to see if others prefer MQTT server rather. > > I noticed you have put a normative dependency on > [I-D.palombini-ace-coap-pubsub-profile]. I don't think it is necessary > because it is not a requirement to implement the spec. You could use it on top of it -- or you could use something else as well. I > would move it to the informative part. The added benefit of doing that is > that you do not block your spec till that draft becomes RFC. True. Will fix. > On the other hand, RFC 6749, RFC 7800, and > I-D.ietf-ace-cwt-proof-of-possession cannot be informative references when > you use PoP tokens in your solution. > > Yes, indeed. Will fix. > You might be interesting to hear that there is currently no way to obtain > the keys for a PoP token over HTTP, which your solution requires. The > virtual interim meeting in the OAuth group should probably be of interest > to you. > I plan to join. I have been aware of the issue, but could not follow how it was planned to be resolved. I was looking at this: draft-ietf-oauth-pop-key-distribution Thanks again, --Cigdem > > From: Cigdem Sengul <cigdem.sengul@gmail.com> > Sent: Tuesday, February 25, 2020 3:10 PM > To: Hannes Tschofenig <Hannes.Tschofenig@arm.com> > Cc: ace@ietf.org > Subject: Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 > > Hello Hannes, > > We used broker as it is a widely accepted term in the MQTT Community for > "server" e.g., > majority of the provider would list also a broker implementation to refer > to their server implementation. > > With respect to whether 3.1,1 clients talking to v5, there may be some > issues. This is what the spec says: > > Non-normative Comment > If the Server distributes Application Messages to Clients at different > protocol levels (such as MQTT V3.1.1) which do not support properties or > other features provided by this specification, some information in the > Application Message can be lost, and applications which depend on this > information might not work correctly. > > The spec also defines a protocol version error message: > If the [Client's] Protocol Version [in the CONNECT packet] is not 5 and > the Server does not want to accept the CONNECT packet, the Server MAY send > a CONNACK packet with Reason Code 0x84 (Unsupported Protocol Version) and > then MUST close the Network Connection > > So, whether a broker provides dual support would depend on the provider. > E.g., the Mosquitto broker supports the different protocol versions. > > Thanks, > --Cigdem > > On Tue, Feb 25, 2020 at 10:01 AM Hannes Tschofenig <mailto: > Hannes.Tschofenig@arm.com> wrote: > Hi Cigdem, Hi Anthony, Hi Paul, > > Why are you using the term MQTT broker? My understanding of the MQTT spec > is that there are only clients and servers - nothing more. > > Is a MQTT v3.1.1 client able to talk to a MQTT v5 server? Would a MQTT > v3.1.1 client talk to a MQTT v5 client via a server that supports both > v3.1.1 and v5? > > Ciao > Hannes > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > _______________________________________________ > Ace mailing list > mailto:Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >
- [Ace] draft-ietf-ace-mqtt-tls-profile-03 Hannes Tschofenig
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Cigdem Sengul
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Hannes Tschofenig
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Cigdem Sengul
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Hannes Tschofenig
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Jim Schaad
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Hannes Tschofenig
- Re: [Ace] draft-ietf-ace-mqtt-tls-profile-03 Cigdem Sengul