[Ace] Multicast notifications for distributing public keys to other group members
Göran Selander <goran.selander@ericsson.com> Mon, 04 May 2020 11:18 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD82D3A07BA; Mon, 4 May 2020 04:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06FbIrAz-JmZ; Mon, 4 May 2020 04:18:50 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40050.outbound.protection.outlook.com [40.107.4.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A2273A07B9; Mon, 4 May 2020 04:18:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g4uFPGHQHRx7qd/rYjRnkcHDAFAEs3iZ+ARnZ68sfB/0GVwrgNcMTrv7sscFphl7qu5Op4upf89mY/LGOXbEUcwak/BpSYo+nkbvetHs26xjzEtv/ybzVekhU8wacQ54ppltxgNVC12/oytg4DhEYpOlz0m4sz4JiAzPyi8xVk9P0Wc9U5mKs9OR61ehDowT4LJFxJeyA/ub6sJIFSkVzIUqqiO4dpMEYbJVZwp99uphAOz4UvKdKkGQyZHdKxX6t3VhdmKIH+j8WAX31zYTDzlQIMKbrg9RMc5iIRgFxOrYgwbkga0SoCTdSpZhJ2Q+3/R1caRiU/HSdWZiMW04XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W0W8OQ5oZbDGu4g/k2z1M3dJ9cjH1Z0bgIk9FPhLyRY=; b=dy4qiqoNj1PwA+YG/93TVKxkEqIinKu77cn5MyqWLOAlDClUc621o002xrRj9YnIaFSjDPVGBzqAZuYlQqFpxREiI1KHgE9cZRPa+1RUA//1o0yjlGVyAfoCJSqoyOh67hSl7QkOX/nQj2zancwAvEOZUJfwG3n26eC435v7UBfZluXLRH1/K7KZhZeBv1Yh40Y0i3+TfAKyvBSJGAgllMYjUjlfB2Kxan9OBlaCJ6Opw8gmV26jnaa8lZlws8oyjc5KCvZQ57LtmZce1obIqr3+g6+mjpsgTPzh5llcL2GspcT1aspXJFcsnEH1g19orKpeuGFKNqeZifvCOJ+XnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W0W8OQ5oZbDGu4g/k2z1M3dJ9cjH1Z0bgIk9FPhLyRY=; b=rlbMP7fIOndXqzejp355F7zqhBRjVWsKiwpBmn5vpeI7T9ZfdCZus46ToX2TuTRblSlz5OK/S205n9GfkTduIaHRta7sGoxkSBp3cd92yY6YhimlXt9fbf2mvY+KaF4FcIKsCdoLZcfSlh1vvW21UWvlfcaXlH/hcQ2dW4ayVJg=
Received: from AM7PR07MB6945.eurprd07.prod.outlook.com (2603:10a6:20b:1bf::11) by AM7PR07MB6293.eurprd07.prod.outlook.com (2603:10a6:20b:133::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.24; Mon, 4 May 2020 11:18:47 +0000
Received: from AM7PR07MB6945.eurprd07.prod.outlook.com ([fe80::55ba:3006:67fc:f931]) by AM7PR07MB6945.eurprd07.prod.outlook.com ([fe80::55ba:3006:67fc:f931%7]) with mapi id 15.20.2979.024; Mon, 4 May 2020 11:18:47 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "core@ietf.org" <core@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Multicast notifications for distributing public keys to other group members
Thread-Index: AQHWIgXHzV9mp3zMoEOsNx4hgbX4VQ==
Date: Mon, 04 May 2020 11:18:47 +0000
Message-ID: <F9E18233-30E6-49A6-965F-5728655D5519@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [192.176.1.85]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f70fc3b8-1b52-4f5e-3cd5-08d7f01cea65
x-ms-traffictypediagnostic: AM7PR07MB6293:
x-microsoft-antispam-prvs: <AM7PR07MB629394D4A14839056E023BCAF4A60@AM7PR07MB6293.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 03932714EB
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HNpGAPv8gknM+3eltCia/nUUre5/vdfRezKYdxXvwdCWdThQ1JXstViHzaaDCRkR0/V7W78Gp5zRmuMuH91+CzvJAZhOQkKtOA9clYeDUJJ0xnTA27yy0+Mbl4HWt/eAunJtIrzmayd6dYWfiXxWQGkLohkrH2SUOd897EH4to276cacyULdkMwF8QnJtmzR9co5fwNUyrcy3JZ0hWDf9uflbkdEpL0Y3p2Iy+GRRVZv1Xd8Ydvhb4ufAePb7FvLQ+xEUfcUqF0B4fBWSvW/933o6Bb0Z8I1yM5ncHqosiWZ17rEGsQ1o0ffO+wFdn5H52rCskeGMuK+p8wRw6ngt/9WcPkmYlsmZ8s25KX/7ccTOg6uDaSe23Qfk6/c/kwlMrJbhVk8FoVUn0nGDJoZ3+xp/09RmXxsoSI8FGRKOs59E7ImXJUhDQXo5L7Px5C64RiTkqsunF9N05U8TSg6u/y3TQNOAhVjYJ6YwcKTnflGxsRqTxBj2XbTneverVY1SS7gtmcOW5T84ro0ZLy/DQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR07MB6945.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(136003)(346002)(396003)(39860400002)(376002)(86362001)(15650500001)(76116006)(83080400001)(66446008)(66476007)(478600001)(6506007)(66556008)(450100002)(64756008)(26005)(186003)(66946007)(85182001)(2616005)(966005)(2906002)(85202003)(6512007)(5660300002)(71200400001)(36756003)(316002)(110136005)(66574012)(8676002)(8936002)(33656002)(6486002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: L2/BKP3SC/E/uNHDbcgYy7HIDXRgEGkt3mku7RP6exNa7o0B+XYjVKwe6uvuG07gOq9s4et+XyhUWhTlymlQ5HrXLX1WEmDrcatdvEAOyALj9zxmvME3fW/s1kFHtNtCA6BWOCNqslFRMHn3vFtpP3UnbarZiIOiVdZRs4EfTbEy8LpbMzXkW3I3oaZst1mpk/43pbaXLEUK91mnU5QGQFGUEYS1k9VbNG5klOfA95w1Gt0A7W5LnWkW7AXR+N1t9KhxIm0MMlogFDAQhwX+6LiTRbVUGLTZff+U2NKdNQjU22lJNaZsOfZpsnMaG+SiYqsk/NESXNh6Q4BLP/it4DlBjYJAWkjqAg1P+XgD4hJsST63jGJbCnE2i8WqZ9wcDWZ/kolCLJVfd0g9r/w8x9pMJFImUd5Jqm1WPd5whWRtFRuZjA1XH2aEaHvryqhU8R5h4AdFwTQIwca7mkKNX4wqZIUI2nRinUxWjePRf6vKYVVDrgDDTzciIh4PnfdxQvxAua481mjqZ32/KNMg0LauBOU3TGYGIcYSxU6xQ1y3GarqUayoFgq6mwSzrIHIzV0Rmk+hkdOg3RCQP/pYWw467aW/o+/2Lp2N7lAvkD/xU33MkJ8KeoScpirib9IrfI48/6LMLAgQaOIzC9i2iwFq5sPH1yWS6spcoEwL3dXsdaVI/jntXX18VXCQXOG/Axt9owBJO3EJV8kX75sx0h9zdWntS73tziVT2T7wBe6E/+pjY3fM9CYn1VNmWkIExIltFizFNwgnwICmKlP59IQkMEmPpWKLBPLRMhXnv7g=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3E46990F4CE77A448017D45AF59815A5@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f70fc3b8-1b52-4f5e-3cd5-08d7f01cea65
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2020 11:18:47.7741 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4qENbUXI0z6xBo5B9nlOUTj6DcfyiJwBjy1SHaVxj308RBOS5Pm9pTTw4D17MoWIwv5L7TWOAawNh/OnAxeRHiP0hnh7IT8+NFjEKWCITp4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6293
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/s4J7CSk5MA9lpllhwaUWm-z6p1s>
Subject: [Ace] Multicast notifications for distributing public keys to other group members
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2020 11:18:52 -0000
Dear CoRE and ACE, Apologies for cross-posting, this concerns the security for CoAP group communications (which is a CoRE draft) and the current specified method to retrieve public keys for group communication (which is an ACE draft). When a node joins a group [0] there is a need for group members to get its public key. Section 4.5 of the current Github version of draft-ietf-ace-key-groupcomm "Key Provisioning for Group Communication using ACE" [1] describes procedures for retrieving the public keys, by accessing the resource "ace-group/GROUPNAME/pub-key" in the KDC. Section 4.3 in the same document describes the procedure to "make the ... resource Observable, and send notifications to Clients when the keying material is updated". 1. The use of notifications is good to avoid similar requests from several nodes in these cases. But the procedure is only mentioned briefly as quoted above. Would it be possible to expand on this and make it a recommended mechanism in this draft, or alternatively, a separate draft? 2. If the number of members in the group is large, it would be even better to send just one multicast notification [2] instead of many notifications with the same content, but this requires the sending node to be member of the group. The Group Manager is the authorized party distributing public keys to nodes of the group, but we don't think of it as member of that group. Is it worth to make the GM a group member by default to enable the use of [2] for distribution of the public key of a (re-)joining node? Göran [0] https://tools.ietf.org/html/draft-ietf-core-groupcomm-bis [1] https://ace-wg.github.io/ace-key-groupcomm/draft-ietf-ace-key-groupcomm.html#name-retrieval-of-public-keys-an [2] https://tools.ietf.org/html/draft-tiloca-core-observe-multicast-notifications
- [Ace] Multicast notifications for distributing pu… Göran Selander