Re: [Atlas] Application Transport LAyer Security (ATLAS) Charter Text
Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com> Wed, 31 January 2018 12:06 UTC
Return-Path: <prvs=562e578e0=abhijan.bhattacharyya@tcs.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45090131B59 for <atlas@ietfa.amsl.com>; Wed, 31 Jan 2018 04:06:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tcs.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id suBoeTzq7O_K for <atlas@ietfa.amsl.com>; Wed, 31 Jan 2018 04:06:41 -0800 (PST)
Received: from inkolg01.tcs.com (inkolg01.tcs.com [121.241.215.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B09131AAE for <Atlas@ietf.org>; Wed, 31 Jan 2018 04:04:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tcs.com; i=@tcs.com; q=dns/txt; s=default; t=1517400259; x=1548936259; h=mime-version:in-reply-to:references:subject:from:to:cc: message-id:date; bh=pErDx+9BXoLFTp+yFO2ZjLdcOtaz315EYubMNpT0gXI=; b=RqWm4qGSSfNjYInzF84eIygY6Xbg1Tq61C0CNqWhVey59SYayKS/RQVH QEaQHP5F0lXW9YFi4IGa9tPKsX5FK8QyppskQua2WaZxT3tGqS2RovJBD ZdLjq2bWhlHZnykQjdSduNNgz+vFyEXenYmllqOARPoX9aANgxKZI4Jz4 U=;
IronPort-PHdr: 9a23:Ni9zXRL/5gWfeGmxGtmcpTZWNBhigK39O0sv0rFitYgfL/TxwZ3uMQTl6Ol3ixeRBMOHs6kC07Cd6fiocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDSwbaluIBmoogndqNUaipZ+J6gszRfEvmFGcPlMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLDQheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjljsJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6zYIgAAfADMuZWsofzp0UAoxiwCwerGOzi0SVHimPs0KAg1+QtDRzK0Qo9FNwOqnTUq9D1Ob8OXO+uzKnIzDfDYOlQ2Tzg9YXIcgouoe2QXb1qbcXRyVMgFxnFj1SQs4PuIjSY2f4WvGib7upgV/igi2g9pw5qojig3NssipXTiY0JylDL7z95wYY1JNKiU0N7fcKrEIBKuy6GMIt2R9ovTmd1syg0zb0GvIS0fCkMyJk/xx7fd+CHc5CT4h39UeaeOzF4hG5keL2jnBa961KgxfPhWcm13lZKoDRKksPSuXALyxzf8NOHSvxl8ke9xTmPzBrf5f1DIUAxk6fQNp0vwqYom5YOs0nPADX6lFj1gaOMaEkp9PKk5uvhb777vJGTLZV0hRv7Mqk2n8y/Bvk3PRYWUmiA/OS8yKXj/UrkQLVWlvE2krfWsJTdJckDpaC3Gwpb3J8l5RiiEzqo1toWk38dIlxCZhyKk5XlN0nPIPD+E/i/n0yhnCppyvzYJLHtH5bAImLdnLrvZ7pw5FZQyA8pwtBe45JUBKsBIPX2WkLprtPXFR85Mw22w+n9DtVxzJgRWWKVDa+FLKPdq0OH5uI1LOmWZI4UuCzyJuM55/Hyln81g0MSfa6s3ZcPcnC3AuxmI1mFYXrrmtoPE30Fvgw4TOP0k12OSyBdZ22uUKI84TE7BpypDYHCRoCim7GOxj27HphMam9aDVCMFG/id5+YVPcUdCKSPshhnyQYWLi9T48uzwquuRT7y7V5MurU9DcUtZX51Nh6tKXvkkQb6Th9FOyc3n2DCWZukTAmXTgziYl1oU1/w1HL+6hxn+BRHtxa/eJYW09uPJTczu5zDZb4WgvdYt6CSF+8U8SvKS06VZQ6xNpYMBU1IMmrkh2Wh3niOLQSjbHeQcVsqq8=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2BnAwDir3Fa/wQXEqxbHQEBBQELAYMRgReBHbY4ghclhSCDJBcBAQEBAQEBAQIBgRKCOCQBgkcCBGwKAxUGDTJNEREIEQqwDgEBAYMTimMBCyaEW4I3doVVgy8EhTMEgjQFk1eGQooFgkqJTotxhiKLboYyknMhAYIGcIJ8CYR2cIw0AQEB
X-IPAS-Result: A2BnAwDir3Fa/wQXEqxbHQEBBQELAYMRgReBHbY4ghclhSCDJBcBAQEBAQEBAQIBgRKCOCQBgkcCBGwKAxUGDTJNEREIEQqwDgEBAYMTimMBCyaEW4I3doVVgy8EhTMEgjQFk1eGQooFgkqJTotxhiKLboYyknMhAYIGcIJ8CYR2cIw0AQEB
X-IronPort-AV: E=Sophos;i="5.46,439,1511807400"; d="scan'208";a="293737749"
MIME-Version: 1.0
Sensitivity:
Importance: Normal
X-Priority: 3 (Normal)
In-Reply-To:
References:
From: Abhijan Bhattacharyya <abhijan.bhattacharyya@tcs.com>
To: Atlas@ietf.org
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Message-ID: <OF24348B03.E06D1C0A-ON65258226.00420284-65258226.00423E0A@tcs.com>
Date: Wed, 31 Jan 2018 17:33:32 +0530
X-Mailer: Lotus Domino Web Server Release 9.0.1FP8HF242 May 5, 2017
X-MIMETrack: Serialize by http on InKolM02/TCS(Release 9.0.1FP8HF242 | May 5, 2017) at 01/31/2018 17:33:32, Serialize complete at 01/31/2018 17:33:32, Itemize by http on InKolM02/TCS(Release 9.0.1FP8HF242 | May 5, 2017) at 01/31/2018 17:33:32, Serialize by Router on InKolM02/TCS(Release 9.0.1FP8HF242 | May 5, 2017) at 01/31/2018 17:33:53, Serialize complete at 01/31/2018 17:33:53
Content-Type: multipart/alternative; boundary="=_alternative 00423E0865258226_="
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/rK9ysx81BcYCRRcs3ulk-6h8_KA>
Subject: Re: [Atlas] Application Transport LAyer Security (ATLAS) Charter Text
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2018 12:06:46 -0000
Hi Hannes, I went through the draft charter text. Some points that I would like to jot down (please pardon me in case I am raising something that has already been discussed. I was not there in Singapore, so unaware of the discussions on ground): 1) I would second this initiative. It is necessary for moving towards a more 'flat' stack structure to gain more application level control for IoT and low-latency use cases. 2) When we say Application Layer TLS, we essentially infer "Application Layer" as a generic term. The OSI Session Layer concepts have to be incorporated into the Application Layer. So, are we talking about a generic set of requirements that every individual Application Layer need to follow in order to enable the underlying Record Layer in the Transport to function properly? The reason I am highlighting this point is because, the implementation of how the Session Layer feature is implemented will differ amongst different candidate Application Protocols because the semantics are not same. For example CoAP semantics and HTTP semantics are different. So, there will be architectural differences in different version of App Layer TLS. So, probably we need to put some text that clears the objective. 3) While we say that the group will re-use the existing TLS handshake protocol probably we need to be a little bit more elaborate in the line of point (2) above. I think, probably we would like to keep the existing implementation of TLS record-structure intact. So, that defines the requirements / exact deliverables out of the session establishment exercise. Now, if we take the example of the draft that we submitted earlier (draft-bhattacharyya-dice-less-on-coap-00 ), we actually followed the similar philosophy. (i) We learned first what are the required inputs to run the record layer functions and what are the security and performance constraints. (ii) Then we tried to see how we achieve that in a resource efficient manner. (iii)This led to a generic handshake design without caring about the exact application protocol on which it is to be implemented. (iv) Then the concept is implemented using the confirmable semantics of CoAP. So, probably we can put some more clarity on the expected outcome which will bring out the expectations out of the "modern key exchange protocol" and why/how it should be designed with "re-use of the existing TLS handshake". Thank you. With Best Regards Abhijan Bhattacharyya Associate Consultant Scientist, TCS Research Tata Consultancy Services Building 1B,Ecospace Plot - IIF/12 ,New Town, Rajarhat, Kolkata - 700160,West Bengal India Ph:- 033 66884691 Cell:- +919830468972 Mailto: abhijan.bhattacharyya@tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
- [Atlas] Application Transport LAyer Security (ATL… Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Abhijan Bhattacharyya
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Abhijan Bhattacharyya
- Re: [Atlas] Application Transport LAyer Security … Carsten Bormann
- Re: [Atlas] Application Transport LAyer Security … Rafa Marin Lopez
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Carsten Bormann
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Carsten Bormann
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Rafa Marin-Lopez
- Re: [Atlas] Application Transport LAyer Security … Panos Kampanakis (pkampana)
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Rafa Marin-Lopez
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Rafa Marin-Lopez
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Rafa Marin-Lopez
- Re: [Atlas] Application Transport LAyer Security … Hannes Tschofenig
- Re: [Atlas] Application Transport LAyer Security … Owen Friel (ofriel)