IETF Logo Mail Archive

Re: [core] Endpoint Client Name / Endpoint Name in RD draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 26 April 2018 10:34 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73893126C19 for <core@ietfa.amsl.com>; Thu, 26 Apr 2018 03:34:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sssEER69hbNo for <core@ietfa.amsl.com>; Thu, 26 Apr 2018 03:34:41 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0044.outbound.protection.outlook.com [104.47.0.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 615A612025C for <core@ietf.org>; Thu, 26 Apr 2018 03:34:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Jhc5ds7J+cGACDwzopHHFdVJ2qi1kWzhunpQflYQznk=; b=VBl07lPEh7mvM5ibcmabJ4vAdb9yDQBIa4GJJ3nxTD7UasYnuIgJcmcEsBSsqFC127Y4HW3JvHJjCyEtuVnrKGnbCA2fYA0LZM/XEdOZsg4AHDdOqNG2Qi6mRIAkbo+rxvSK10QYcXuF5Fvbk8eDRJArjIXnKIDTmj0KwHAGC8g=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1838.eurprd08.prod.outlook.com (10.168.68.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Thu, 26 Apr 2018 10:34:36 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644%17]) with mapi id 15.20.0696.017; Thu, 26 Apr 2018 10:34:36 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>
CC: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>, Jim Schaad <ietf@augustcellars.com>, 'Christian Amsüss' <christian@amsuess.com>, 'Carsten Bormann' <cabo@tzi.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Endpoint Client Name / Endpoint Name in RD draft
Thread-Index: AQHT0zm23rcsFhLKykKKsIPwEtlWPKQCOhQAgAec7ACAA+NkwIAAmP0AgAF5RCCAAjxVgIAAZE/wgABvqgCAAA4LwA==
Date: Thu, 26 Apr 2018 10:34:36 +0000
Message-ID: <VI1PR0801MB2112D91A00C8600853F97323FA8E0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <CB28DFEA-5F9E-4C35-BD86-A37AC5C122C9@tzi.org> <ca2b6038e911d93e15e57763836a1d09@xs4all.nl> <20180413151121.GC20765@hephaistos.amsuess.com> <011701d3d4f0$46255e50$d2701af0$@augustcellars.com> <4EBB3DDD0FBF694CA2A87838DF129B3C01EF5D0D@DEFTHW99EL4MSX.ww902.siemens.net> <VI1PR0801MB2112D28860DD3E048518C10AFA890@VI1PR0801MB2112.eurprd08.prod.outlook.com> <4EBB3DDD0FBF694CA2A87838DF129B3C01F07CF0@DEFTHW99EL4MSX.ww902.siemens.net> <VI1PR0801MB211293D5B26328AFFC450A3AFA880@VI1PR0801MB2112.eurprd08.prod.outlook.com> <4EBB3DDD0FBF694CA2A87838DF129B3C01F17724@DEFTHW99EL4MSX.ww902.siemens.net> <VI1PR0801MB2112EDC31EEF7BF99AC8686FFA8E0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <a8f36753e75f1dee4240a143af2bca71@xs4all.nl>
In-Reply-To: <a8f36753e75f1dee4240a143af2bca71@xs4all.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [103.40.135.59]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1838; 7:y1agymfsh1/xQIUunABmGwqgEwExqQr4Y+ImEeax5BUQ/RUYPR9ub0wDksi3NZUZC3gc/9DuwJEQgGHz/xRoAK31ZzKYK+imz3vO11pJWE6wzg/XyRH+kwuqpyx/3KXOFGKPpkla9ltO+KkK32WPzP9ZJZOkgqvENRACzwz3uWarTgF+I65p8/0P0iySPkP+sGzj70PWftokXOTAB89WYPUJ8uqw78qpmZ6cirkOuJEcdTekZgd8pfhp4O7jliXl
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1838;
x-ms-traffictypediagnostic: VI1PR0801MB1838:
x-microsoft-antispam-prvs: <VI1PR0801MB1838BE59EDC74012D25534F4FA8E0@VI1PR0801MB1838.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231232)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:VI1PR0801MB1838; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1838;
x-forefront-prvs: 0654257CF5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(39860400002)(366004)(376002)(346002)(13464003)(40434004)(189003)(199004)(3280700002)(93886005)(26005)(486006)(1730700003)(102836004)(5250100002)(476003)(81166006)(2906002)(5640700003)(33656002)(8676002)(7736002)(105586002)(6506007)(9686003)(66066001)(8936002)(3660700001)(53546011)(2900100001)(55016002)(54906003)(6916009)(316002)(81156014)(59450400001)(11346002)(76176011)(446003)(6246003)(186003)(305945005)(106356001)(2351001)(53936002)(7696005)(14454004)(74316002)(3846002)(99286004)(25786009)(229853002)(2501003)(6436002)(5660300001)(5890100001)(72206003)(86362001)(4326008)(6116002)(68736007)(478600001)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1838; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Wvs8RQ4EshQXKHdh878YnN0kuEU9zBVRhPxaBlbl5ZYbyhwHxToRitivDXXO/YxPgWxKeqrLIfP65uBKN7MMjFlIqVCo/0Wqj2A95y2I3niLRkpnhsdeCJzoH9smflh8hodGQ8KPIFc+J26RoqZrJXIYDlZkdZ6qGoEMe4/9WWfFvfeJ6cc4ETxbvY5oiVoJ
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: fc311cdb-b277-4a6d-b2e9-08d5ab614ec4
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fc311cdb-b277-4a6d-b2e9-08d5ab614ec4
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2018 10:34:36.3234 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1838
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/-ZCcDwqEnF3Qxoj4W0pke4Vz2w8>
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2018 10:34:43 -0000

Great to hear that I managed to clarify the issue.

Note that I am arguing for having the endpoint name in the RD become optional since I notice the third party registration scenario (even though I consider it somewhat half-baked).

Ciao
Hannes

-----Original Message-----
From: peter van der Stok [mailto:stokcons@xs4all.nl]
Sent: 26 April 2018 16:34
To: Hannes Tschofenig
Cc: Kovatsch, Matthias; Jim Schaad; 'Christian Amsüss'; consultancy@vanderstok.org; 'Carsten Bormann'; core@ietf.org
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft

Hi Hannes,

This e-mail of you to Matthias answers my questions I had before.
thanks.
I was under the impression that you wanted to cater for malicious nodes that forged the authorization token.

>
> The requirement for applications using Endpoint Client Names that are
> different from the names in the device certificates/authentication
> credentials for registration appears fuzzy and not well justified.
> What identifier do you believe you can put in an endpoint client name
> but not in a security protocol or what are the needs of an application
> that cannot be met?
>
For example, the d=value is typically installation dependent.
To my knowledge, using d= is envisaged in building installations.
at the same time, the ep=value does not need a value with a semantic meaning, so any identifier will do in my opinion.

I could imagine that a claim with "d"= is added to the token when required.
Same approach for installations which can afford the overhead and want human readable ep names.

Peter
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email