IETF Logo Mail Archive

Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-est-07

Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 25 January 2019 12:34 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47755130DEA for <ace@ietfa.amsl.com>; Fri, 25 Jan 2019 04:34:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.032
X-Spam-Level:
X-Spam-Status: No, score=-2.032 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y--oxsAyQXmm for <ace@ietfa.amsl.com>; Fri, 25 Jan 2019 04:34:16 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0719.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66E0712F295 for <ace@ietf.org>; Fri, 25 Jan 2019 04:34:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector1-iotconsultancy-nl; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kVebRnMpzDkcyzMyDm+Vv55Or4i9MKjUXHdg6hQUSYs=; b=sbfMI82V5+OjkTrWpQNMdkSK5becrcxjqIBDUJIZD8Sw6WzaNJMwUsPJqAKhd9rhTXtnSblzSWazOYqd6U0Ip1//UUJCHnzHxz/l0duPToZBL9eypAkwlRYKdQqxShTKMNa5flK7cZJkj3eHz0KuDQuKPdW5/QiZX6vgVHdDzfE=
Received: from DB6P190MB0054.EURP190.PROD.OUTLOOK.COM (10.172.229.12) by DB6P190MB0343.EURP190.PROD.OUTLOOK.COM (10.175.242.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.29; Fri, 25 Jan 2019 12:34:12 +0000
Received: from DB6P190MB0054.EURP190.PROD.OUTLOOK.COM ([fe80::2d19:ef79:d153:7627]) by DB6P190MB0054.EURP190.PROD.OUTLOOK.COM ([fe80::2d19:ef79:d153:7627%6]) with mapi id 15.20.1558.016; Fri, 25 Jan 2019 12:34:12 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, "ace@ietf.org" <ace@ietf.org>
CC: Jim Schaad <ietf@augustcellars.com>, "consultancy@vanderstok.org" <consultancy@vanderstok.org>
Thread-Topic: [Ace] FW: WGLC comments draft-ietf-ace-coap-est-07
Thread-Index: AdSrtk3M3NcfgQ45QNualt2l/rHBKAAh1EAwAfAKqrcAKwJX4A==
Date: Fri, 25 Jan 2019 12:34:12 +0000
Message-ID: <DB6P190MB00541BFA2A318A5F06E254B3FD9B0@DB6P190MB0054.EURP190.PROD.OUTLOOK.COM>
References: <011501d4ac3d$ab2b9650$0182c2f0$@augustcellars.com> <0e5d254ced7242a69b4bd48a1c99442e@XCH-ALN-010.cisco.com> <22883.1548345549@localhost>
In-Reply-To: <22883.1548345549@localhost>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl;
x-originating-ip: [2001:1c02:3101:4800:d85f:76e9:4a30:d070]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6P190MB0343; 6:No7kNsCndfe9DGKBxsrv+9pW9HhZX0IfeQX85Qvd78l8JJtOich+tgDwYUeFXQOB0mEKVvca3rkxwI4qpqT/5fyaUD4z00POa8gyWSsAfM6OrzYSX9+eFmM6xS+NKdoyAyQjxuDzpQiT+ekJ+MHgE2yoCjsknTNyJhqQxq7HtwrVVdbrmK5SC5TI9PUeSv0p+99AxhspZF1vJ6t4FNL+M1kIDl7MLlUTSRwYfaBdwdziphJVPrfq1kAdPjar3BOSU4W46TJw4L+PvvkuDSwN0/jvhS7orDXZwQzGXAiLFfvK/8ChByDOocONpU5dqIWfNdIY9CX62R9qOule10yuQ8CchjTgehv0uWkSy4skPItVN3LC+bzbddHPJoasi5eN1/IDckWCM/Xww1t/qncl1r9bCu0INaNNAIGLCGo9IeiW2Xc6dT/3MGKjcTv3h/kGOoARo71UnsiFDXM499VZCg==; 5:x8/XrphkYp+8abVtxNhZ6v/2zBkmxo46IuLR25OEF7HG6lgTttfIvt42TaHPxfh9Ifxg8+w9LQIqOf1aNLiEYAcgBYG3dOmmrwiSCRBmJuN8FO+SgfaZS/Qcf/wh0DxxswXnPbz5Bx7Uax0yDs2CFONl9kjcdUOmAfoI2O6wcAV5C14XqH5gz1GdntiFZalJozWDThaMXiXzbU1NfqCjGg==; 7:NdPY7SGAc4EapHZNUYn0l8qTKUgya6r462kBGXXGJhvGXtW+Cahj2fF0HyE7VkJ4cKBx6oq1DJeegcGW9P+KPF/bpT/RF5FBhd3ye3uhvy1kezJyk6Eghgcd8TqXWeYSDyoZy9YQyVuG7zfQWlTxtw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 283117e3-a556-43a4-4ae8-08d682c16921
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:DB6P190MB0343;
x-ms-traffictypediagnostic: DB6P190MB0343:
x-microsoft-antispam-prvs: <DB6P190MB0343C9179838A4D2771D74B4FD9B0@DB6P190MB0343.EURP190.PROD.OUTLOOK.COM>
x-forefront-prvs: 0928072091
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39830400003)(396003)(366004)(136003)(346002)(13464003)(54094003)(199004)(189003)(54906003)(110136005)(6436002)(316002)(68736007)(2906002)(229853002)(8936002)(99286004)(8676002)(81156014)(81166006)(105586002)(7736002)(106356001)(305945005)(55016002)(25786009)(4326008)(508600001)(966005)(53936002)(6246003)(14454004)(6306002)(9686003)(74482002)(6116002)(33656002)(74316002)(2501003)(97736004)(71190400001)(71200400001)(486006)(44832011)(446003)(86362001)(46003)(11346002)(7696005)(102836004)(476003)(14444005)(256004)(76176011)(186003)(6506007)(53546011); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6P190MB0343; H:DB6P190MB0054.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /S5JwQkrEYsO5m59zNku0fu6E+4ckEFkc8y3WAKngZZve/TCTNYBmdy8usQ+D4wTwFznV7AIN15zJ6cCsZt6dEhjd4kjbOZ/VIPbONmD1n9hh14WWJ0Ftm1bzv/AvLBFIcNuMY9PmqQPk+dz1Q8b/Fg38FJpQFIgEKqeL5a3Ll/EBj8vGoY41uHG5TJFMh0Mm47jB0cGuqgw6wzPvYLLRUiCq9Nsug5vwrZaRfEphx5xga6yWjCLQLAAorA4P9uyh/n1jDXPiCRsOYQo/cqMDv0OfHSJ6+AO7QT34Nhav//lumpgg6nYPNrzoXmI8ivPwJQYZbHOoVsSHHZchT/Q6ehE4AT8TlaTFYCFCT7BKdBsgf91E/j1/GX3ylIGH0UGvyrMeaYhONjN5VBuMnRzEj9/JByiDFxQYK2l9582UUs=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: 283117e3-a556-43a4-4ae8-08d682c16921
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2019 12:34:12.1404 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0343
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/8d3Y0Bja_Tm-BlpdiqEa_D3hN2Q>
Subject: Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-est-07
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2019 12:34:21 -0000

> This implies that a server is not required to support /.well-known/est We are not clear about this.  I would prefer that the server ALWAYS supports the well-known names, such that the client can skip doing resource discovery if it thinks that the extra bytes in the URL matter less than additional round trip to do discovery.

Agree that the server MUST always support the /.well-known/est resource, since that's the resource that by definition is used for use cases where discovery is not viable.  So if a failure on that resource ought to trigger a discovery action, that would contradict its purpose.

Best regards
Esko Dijk

-----Original Message-----
From: Ace <ace-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Thursday, January 24, 2019 16:59
To: Panos Kampanakis (pkampana) <pkampana@cisco.com>; ace@ietf.org
Cc: Jim Schaad <ietf@augustcellars.com>; consultancy@vanderstok.org
Subject: Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-est-07


https://goo.gl/LT4HYh  is a diff from -06 to current.
Panos has done a great job updating this according to the issues raised during the WGLC. Thank you

I have re-read diffs to catch up, and have these minor author tweaks/questions.

> Client authentication via DTLS Client Certificate is mandatory.

I wonder if this should go into it's own section so that one can more easily say, "Please see section x.y.z"

s/enrolment/enrollment/   <- use American spelling, I guess. We had both.

section 6:
        REQ: GET /.well-known/core?rt=ace.est*

I didn't know the trailing "*" was a thing.
  </est>; rt="ace.est",

I guess I have to re-read the Core Link resource discovery document.
Can a server respond with </>; ?? it's shorter, and I think would be valid?

>  If
>                        the default root resource requests fail, the client
>              SHOULD fall back
>                        to doing a resource discovery.  Resource discovery
>              SHOULD be employed
>                        when non-default URIs (like /est or
>              /est/ArbitraryLabel) or ports are
>                                      supported by the server or when the
>              client is unaware of what EST-
>                        coaps resources are available by the server.

This implies that a server is not required to support /.well-known/est We are not clear about this.  I would prefer that the server ALWAYS supports the well-known names, such that the client can skip doing resource discovery if it thinks that the extra bytes in the URL matter less than additional round trip to do discovery.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email