[Ace] Comments on draft-tiloca-ace-oscoap-joining
Jim Schaad <ietf@augustcellars.com> Fri, 20 October 2017 05:41 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11EA6126B71; Thu, 19 Oct 2017 22:41:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Level:
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2XkvjUxozkh; Thu, 19 Oct 2017 22:41:53 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FF1313202D; Thu, 19 Oct 2017 22:41:50 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1508478107; h=from:subject:to:date:message-id; bh=K8kDkIOU7hfqDDbsUY+5dvsNdIOLwuKnKR3+l/upOUI=; b=Y7oL4B/UBBvaIQQl6DRUPQ0nLkLXBTeA7BzFBbQbFQfMOMQHALHXsqJP6xDkUVds8BAtunJy8/K qjPWtsFprFNdGKKqdzLBVNFmBbp5UrdTJ8qGdhYLyviKwJQSiXZtspNiq81TWGXVmCDLEDDnxNB8Y chzsyRi2XmSqi3yw3SDGnaBsINuI7cO7JHEjjiDKbjn13zHHiOfbedF/URImWYU1o8VtCq9u6TI09 /kscmH9/4Uv2MJEgORZT8M5EAPUDxGB1iXQA4PPl82JEHA4uESofd4DfMTeCB91zIMbEd4S6b6B52 lvqIDGOUzY+qK7uR0sESG8tVzl/h+f9jSfyQ==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 19 Oct 2017 22:41:46 -0700
Received: from Hebrews (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 19 Oct 2017 22:40:49 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-tiloca-ace-oscoap-joining@ietf.org, draft-palombini-ace-coap-pubsub-profile@ietf.org
CC: ace@ietf.org
Date: Thu, 19 Oct 2017 22:41:40 -0700
Message-ID: <00d401d34966$1c9d0260$55d70720$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdNJYqwwO1HMfVQtQ2OYNKV2BI41ZQ==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/t_GrRaAiSeDCAkNQ-wemyBSsyZs>
Subject: [Ace] Comments on draft-tiloca-ace-oscoap-joining
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 05:41:55 -0000
After the interim meeting, I read this document through in order to produce a review. Instead you are going to get a meta-review. I am having a hard to seeing why this document exists in its current form and it is not some type of simple profile of the pub-sub security draft. While I am not sure that this document is a sub-set of that document, it appears to be about 90-99% a sub set of that document. Consider the following: You have both the publisher and subscriber roles as in the pub-sub draft. You have an entity which is doing key distribution in the system. For the pub-sub draft this is AS2 for you it is the RS, but they are performing the exact same set of tasks. The pub-sub draft as and endpoint which holds the encrypted messages, in its place you are using the multi-cast UDP channel. In both cases they are basically unprotected-untrusted entities to distribute the content message. The only difference is that in the pub-sub model the RS will also provide restricted access to publishing which is not enforceable here. Both of these documents are missing what I would consider to be core pieces. The pub-sub document does initial key distribution, while this document does not. Neither document does any discussion of how subsequent key distribution is done to deal with forward and backward security of messages. This document probably needs to define a new relationship, which might be more generally used, to say - this URL is where you get the security information for this URL which is published in the directory - esp in the case of multi-cast address URLs in the resource directory. You might also find that the correct answer is not to use a separate resource for each channel, but to allow for the use of URI path elements to define the security for a resource. Jim
- [Ace] Comments on draft-tiloca-ace-oscoap-joining Jim Schaad
- Re: [Ace] Comments on draft-tiloca-ace-oscoap-joi… Carsten Bormann
- Re: [Ace] Comments on draft-tiloca-ace-oscoap-joi… Francesca Palombini
- Re: [Ace] Comments on draft-tiloca-ace-oscoap-joi… Marco Tiloca
- Re: [Ace] Comments on draft-tiloca-ace-oscoap-joi… Jim Schaad