Re: [Ace] Comments about draft-dijk-core-groupcomm-bis-00

Esko Dijk <> Wed, 29 May 2019 21:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 24A51120096; Wed, 29 May 2019 14:56:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UucaL4HNTrXG; Wed, 29 May 2019 14:56:41 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 94E25120134; Wed, 29 May 2019 14:56:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pRlXgDqqNObYHLPhJOvo+uHSMYJ0lH1ahH7uKLyqSQg=; b=CaZm14PzH54+NThQNYFAURoyO5KxgZrvatVXaY7v8+VER0haxOlAgTaW8NGQnWzF0IywXCI818WxJTl+eD7oWx/wuCmL/YvL52iFWOaMBgXB7onPYr/oUqvglsjEGvDmDDkP++rMgJgLYKZdWQzEoURFyuvGNbAKOnQcxQxDak8=
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ( by AM5P190MB0563.EURP190.PROD.OUTLOOK.COM ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.16; Wed, 29 May 2019 21:56:37 +0000
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::9b3:4a09:dfc8:6487]) by AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::9b3:4a09:dfc8:6487%7]) with mapi id 15.20.1943.016; Wed, 29 May 2019 21:56:37 +0000
From: Esko Dijk <>
To: Jim Schaad <>, "" <>
CC: "" <>, "" <>
Thread-Topic: Comments about draft-dijk-core-groupcomm-bis-00
Thread-Index: AdUUNPLwUpqoK9aaSuCnTZIzn4sN5wCM6LAw
Date: Wed, 29 May 2019 21:56:36 +0000
Message-ID: <AM5P190MB0275CB5FC176B86EA098C215FD1F0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
References: <017f01d515a6$ed172890$c74579b0$>
In-Reply-To: <017f01d515a6$ed172890$c74579b0$>
Accept-Language: en-US, nl-NL
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: [2001:1c02:3101:4800:24b6:8e23:9589:19c9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f1874771-b2ec-432b-cb91-08d6e48085c6
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7193020); SRVR:AM5P190MB0563;
x-ms-traffictypediagnostic: AM5P190MB0563:
x-microsoft-antispam-prvs: <AM5P190MB0563F982A75D1C31BDB9795BFD1F0@AM5P190MB0563.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0052308DC6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39830400003)(136003)(396003)(376002)(366004)(199004)(189003)(13464003)(7736002)(76176011)(305945005)(52536014)(9686003)(2501003)(54906003)(316002)(6246003)(6506007)(110136005)(86362001)(6116002)(71200400001)(8936002)(53936002)(186003)(71190400001)(8676002)(99286004)(7696005)(55016002)(33656002)(81156014)(53546011)(81166006)(2906002)(74316002)(256004)(4326008)(486006)(476003)(102836004)(508600001)(44832011)(14444005)(25786009)(4743002)(229853002)(46003)(74482002)(5660300002)(446003)(11346002)(66946007)(76116006)(68736007)(73956011)(66476007)(66556008)(64756008)(66446008)(6436002)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5P190MB0563; H:AM5P190MB0275.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 4eughSPM45rXqkoM9JP4oeG9AIgZcMAPjLeE/38z8gOK85/M5DnaxwZUDVZG0AOWXVtanDkDRAwnYp8K+61cMqqnr+OfkidLIz3hVmNrpC0LhKYjL6WS6FXzrgwZ1922lhCQ9A1FYk2SLDQWKjAIIYYf9ILJZbBIYPUetnFBdqv1TV2BiMUoBnSwNqBt1KsxY6u6kah4oz7m5PWwS5cp6vnlEU4/FAYJjuF5+9/koNB/6yPWpjNMlpkDyZUYjWSSbEjoApWDmG68vl5o42fVCmo0Tmtimm97+3Q41gwx+JA8q/LRDLWmWRGz1UOig1PPOL/ELxw75sHm43Cjsgjob3n4V12jEhRwt/w0ZJM041ztXyhcXILY4bRjzmiYG/FcTGVYIm8VXPShlkPID3Q82m8pfZot/sCPS+1vKKFfkyw=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f1874771-b2ec-432b-cb91-08d6e48085c6
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2019 21:56:36.9386 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0563
Archived-At: <>
Subject: Re: [Ace] Comments about draft-dijk-core-groupcomm-bis-00
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 29 May 2019 21:56:45 -0000

Hello Jim,

Thanks for your comments - the authors are now looking into these and we'll reply again as soon as we have answers.  I also copy this to the CoRE WG list; as the draft targets the CoRE WG.


-----Original Message-----
From: Jim Schaad <> 
Sent: Wednesday, May 29, 2019 00:45
Subject: Comments about draft-dijk-core-groupcomm-bis-00 

Comments on this draft.

1.  I have an existential problem with this document.  This is a standards track document that is claiming to do an update to an experimental draft.
However, this is something that I would not expect to be done and it is not clear just what the updates to that document are and how one would make
edits to that document in order to apply the updates.   My general
expectation for an experimental document is that it would be 1) declared a failure and killed, 2) declare a partial success and updated for a new experiment (and thus a new experimental document) or 3) declare a resounding success then replaced with either a standards or information document.  

2.  You are claiming to update RFC 7641, but it is not clear to me what is being updated and just what the implications of doing this update are.  As an example of the types of thing that should be clarified are:
*  If a server does not return a response, should it setup to do a later observe operation?
*  More information on how correlation should be done with responses.  As an example, if you do unary observe and the response is routed through a proxy, there are no problems as long as the responses are not later re-routed through a new proxy.  However for multicast, if you have two different servers on the far side of a proxy how does one distinguish between the two of them if everything is coming through a single proxy?

3.  The introduction does not acknowledge that the same thing can be done via pub-sub.  It is ok to declare this out of scope but it needs to be done in up front in the introduction (and probably also in the abstract).

4.  I am not sure that it makes sense to say one should be familiar with terms from Group OSCORE as one would expect this to be from the general to the specific for terminology not the other way around.

5.  In section 2.1.1 - you should state that the centralized directory would be pre-configured in the device.

6. In section 2.1.1 - Do we have any set of properties that are commonly defined for doing this?  Services in the form of resources are easy to understand but I don't know how to do this easily.

7. In section 2.3 - It would make sense to distinguish between the cases of announcing a software update is available and actually distributing the software update by multicast.

8. Section 3.1.1 - It should potentially be stated here, but definitely somewhere that for non-secure groups membership in the group is defined by an endpoint and not by a central endpoint.  This is important in terms of somebody "attacking" a non-secure group.

9.  Section 3.1.2 - It would make sense to point to group naming as part of a directory as well as being for DNS.  

10.  Section 3.1.3 - One of the things that I had a problem with when implementation group broadcast was trying to decide which of the different local groups should be used for an IPv6 multicast address.  A number of these different groups are defined for CoAP and a discussion of the differences or a pointer to the differences would be useful.

11. Section 3.2.1 - Another issue to highlight with tokens is that in the unicast case, the response is expected to come in on the same connection it was sent on.  Thus two different connections can re-use the same token without any problems.  That is not true for multicast as the connection it comes it on will, by definition, not be the one it was sent on.

12. Section 3.2.1 - Might want to mention the use of Accept as one way to think about server response delay as you at least know that you are expecting a response from the server if you have received an accept.

13. Section 3.2.3 - Need to talk about multicast messages, proxies and caching of results.

14. Section 3.2.5 - Does RFC7641 define behavior about receiving a "duplicate" observer request?  Would you reply a second time or not? 

15. Section 6.1 - next to last paragraph - /values does not/values, but does not/

16. Section 6.2 - Should have a consideration about the speed of re-keying vs the frequency of joins/leaves.