Re: [core] I-D Action: draft-ietf-core-echo-request-tag-09.txt
Christian Amsüss <christian@amsuess.com> Mon, 09 March 2020 17:06 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F90D3A130A for <core@ietfa.amsl.com>; Mon, 9 Mar 2020 10:06:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.623
X-Spam-Level:
X-Spam-Status: No, score=-1.623 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.274, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUrLc47JRTKw for <core@ietfa.amsl.com>; Mon, 9 Mar 2020 10:05:59 -0700 (PDT)
Received: from prometheus.amsuess.com (alt.prometheus.amsuess.com [IPv6:2a01:4f8:190:3064::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67B1E3A1306 for <core@ietf.org>; Mon, 9 Mar 2020 10:05:58 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id 5B40E40028 for <core@ietf.org>; Mon, 9 Mar 2020 18:05:57 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 52101DB for <core@ietf.org>; Mon, 9 Mar 2020 18:05:56 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:10ba:fe54:b668:bae1]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 00474148 for <core@ietf.org>; Mon, 9 Mar 2020 18:05:55 +0100 (CET)
Received: (nullmailer pid 1437468 invoked by uid 1000); Mon, 09 Mar 2020 17:04:30 -0000
Date: Mon, 09 Mar 2020 18:04:30 +0100
From: Christian Amsüss <christian@amsuess.com>
To: core@ietf.org
Message-ID: <20200309170430.GA1437092@hephaistos.amsuess.com>
References: <158377305006.5562.12856917745856619642@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA"
Content-Disposition: inline
In-Reply-To: <158377305006.5562.12856917745856619642@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/-JGUlUqDM51lxZ90THdQtDSh6gc>
Subject: Re: [core] I-D Action: draft-ietf-core-echo-request-tag-09.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 17:06:01 -0000
Hello CoRE, On Mon, Mar 09, 2020 at 09:57:30AM -0700, internet-drafts@ietf.org wrote: > Title : CoAP: Echo, Request-Tag, and Token Processing > Authors : Christian Amsüss > John Preuß Mattsson > Göran Selander > Filename : draft-ietf-core-echo-request-tag-09.txt > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-core-echo-request-tag/ The recent changes in particular: * Make amplification attack mitigation by Echo an RFC7252 updating recommendation (see https://mailarchive.ietf.org/arch/msg/core/wy5bOuXaupfSY9u_hY99U9BDLZ0) * Give some more concrete guidance to that use case in terms of sizes and message types (ibd, using numbers from CoAP-over-UDP-over-IPv6) * Allow short (1-3 byte) Echo values for deterministic cases, with according security considerations (from implementation experience) * Point out the tricky parts around Request-Tag for stateless proxies, and make that purely an outlook example with out-of- scope details (see https://mailarchive.ietf.org/arch/msg/core/5Pc92j3uriocjRVjyeo90fySEwc and https://mailarchive.ietf.org/arch/msg/core/IoIhwW6qUKmq85S2xMOjYUY5i0g) * Lift ban on Request-Tag options without Block1 (as they can legitimately be generated by an unaware proxy) (from processing an open point in Francesca's review) * Suggest concrete numbers for the options (from implementations needing them) I believe this addresses the issues that were raised during the WGLC as well as two points stemming from an implementation of the Echo application for OSCORE sequence number recovery. Kind regards Christian -- There's always a bigger fish. -- Qui-Gon Jinn
- [core] I-D Action: draft-ietf-core-echo-request-t… internet-drafts
- Re: [core] I-D Action: draft-ietf-core-echo-reque… Christian Amsüss