IETF Logo Mail Archive

Re: [core] šŸ”” WG Call for Adoption on draft-tiloca-core-multicast-oscoap

Gƶran Selander <goran.selander@ericsson.com> Tue, 13 March 2018 09:46 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 245CB12D7FC for <core@ietfa.amsl.com>; Tue, 13 Mar 2018 02:46:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nw02CppGWNLd for <core@ietfa.amsl.com>; Tue, 13 Mar 2018 02:46:39 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D5E212D72F for <core@ietf.org>; Tue, 13 Mar 2018 02:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1520934396; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YBv9VpoPtoIpcjn5iNnwANfSOgdCw6I9M+QTK8rT22A=; b=EDcpHnHsulyq0M8mh0bBQmZ+qqdc5kXUG7GGLBSvwU/04Oc4ouxpVtyMGpjzXW25 qk6deLKg9UyC8DzbYxMp0tluA3DCJU924yhTBf8vd2WBE85+Kigor31ct0aajMA9 aIqBdrufe1QZ3ll1ELkSRiLazMGckTe00EoZ0+PbL+c=;
X-AuditID: c1b4fb25-44ba69c000002d5f-e7-5aa79dfc76d4
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.183.87]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id EC.E8.11615.CFD97AA5; Tue, 13 Mar 2018 10:46:36 +0100 (CET)
Received: from ESESSMB107.ericsson.se ([169.254.7.151]) by ESESSHC023.ericsson.se ([153.88.183.87]) with mapi id 14.03.0382.000; Tue, 13 Mar 2018 10:46:35 +0100
From: Gƶran Selander <goran.selander@ericsson.com>
To: Esko Dijk <esko.dijk@philips.com>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>
Thread-Topic: [core] šŸ”” WG Call for Adoption on draft-tiloca-core-multicast-oscoap
Thread-Index: AQHTZHxj03czjYXRo0S+1fPiVy/2UaMzOsHggI+LMgCAAj0qAIAJlEGA
Date: Tue, 13 Mar 2018 09:46:35 +0000
Message-ID: <D6C5CECE.A1342%goran.selander@ericsson.com>
References: <DE46411C-EFE7-4D30-B0EC-6FBF6311D1D7@ericsson.com> <DB6P121MB0038392B7975FF42A646FDCC9B3C0@DB6P121MB0038.EURP121.PROD.OUTLOOK.COM> <ae50e98d-bfba-c07c-10d2-69c92e1aef33@ri.se> <VI1P121MB001470B4EE2FE2E26E5E19DB9BD80@VI1P121MB0014.EURP121.PROD.OUTLOOK.COM>
In-Reply-To: <VI1P121MB001470B4EE2FE2E26E5E19DB9BD80@VI1P121MB0014.EURP121.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.3.170325
x-originating-ip: [153.88.183.146]
Content-Type: multipart/alternative; boundary="_000_D6C5CECEA1342goranselanderericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrBIsWRmVeSWpSXmKPExsUyM2J7uO6fucujDE6ulLLY93Y9s8WlZfMZ LVZ+ec3uwOyxZMlPJo8DB3YzeSxt2swUwBzFZZOSmpNZllqkb5fAlTGvaStbwetTLBWL/zxl a2A8s5uli5GTQ0LARGLb8unMXYxcHEIChxklfrxdwgLhLGGUmNA4nRWkik3AReJBwyMmEFtE IFpi/Yo/YHFmAVWJj4e3sYPYwgJ1EnfXH2WEqKmXmPvpMxuE7SaxbvULMJsFqH73u0Ng9bwC FhLXup+yQSybxCTRdnoXWBGnQIzExYOzwQYxCohJfD+1hglimbjErSfzmSDOFpBYsuc8M4Qt KvHy8T+wg0QF9CT29rSzQcSVJH5suMQC0Rsr8bK1mwVisaDEyZlPWCYwis5CMnYWkrJZSMpm MXIAxTUl1u/ShyhRlJjS/ZAdwtaQaJ0zlx2ixFqieYMdspIFjByrGEWLU4uTctONjPVSizKT i4vz8/TyUks2MQLj8+CW36o7GC+/cTzEKMDBqMTD2z5heZQQa2JZcWXuIUYJDmYlEV6zHqAQ b0piZVVqUX58UWlOavEhRmkOFiVx3jnC7VFCAumJJanZqakFqUUwWSYOTqkGRunVb9r2bRHS L3uqx7f68Od3DJG+Zs8+5x78dD8222LxnYoZoU/m7Fvce9yX9WGtnmrzr383vtms0ctj9p2d di57DeOmjxeF427cWfV5AUv3pvcGy6zu85TuF/yWyf36RNS7W/c9ehUk7Gp2zv94bMeRTRnR y4PfRTaGyB0RYnK/ann+47dw5SIlluKMREMt5qLiRADhD+NZywIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/0F_LDLsMHQHY-nuQi0Vwiim-V84>
Subject: Re: [core] šŸ”” WG Call for Adoption on draft-tiloca-core-multicast-oscoap
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 09:46:42 -0000

Hi Esko,

Thanks for good comments!

Letā€™s recap the setting: The sender and recipient of a group OSCORE message needs to retrieve/derive the right security context for sending and receiving requests and responses, and the amount of data sent for this purpose should be as small as possible. This should apply to all phases of communication; first time, normal operation, after member has been excluded, etc.


The OSCORE message format includes the 'kid' and the 'kid context'. For the group setting:

* the kid contains the ID of the sending group member (Sender ID), unique in the group, assigned by the group manager (which could be just a short byte string).

* The kid context contains the group identifier, also assigned by the group manager and unique for this group manager. The kid context is a "context hintā€ helping the recipient endpoint find the security context. If endpoints are deployed with multiple uncoordinated group managers then they need to be able to handle coinciding group identifiers, e.g. by trying multiple security contexts to see if if any verifies. As long as the Master Secret is different for different groups (and different epochs of a group) and the Sender IDs within the group are unique, that is sufficient to make AEAD key and nonce different.


So there is no need for negligable probabilty of coinciding group identifiers as long as the recipient can find its way to the right security context. But in the case of an endpoint being in multiple groups managed by different group managers, it is of course favourable if the group identifiers are different. So we should rephrase this accordingly.


Further comments inline.

From: core <core-bounces@ietf.org<mailto:core-bounces@ietf.org>> on behalf of Esko Dijk <esko.dijk@philips.com<mailto:esko.dijk@philips.com>>
Date: Wednesday 7 March 2018 at 09:29
To: Marco Tiloca <marco.tiloca@ri.se<mailto:marco.tiloca@ri.se>>, Jaime JimƩnez <jaime.jimenez@ericsson.com<mailto:jaime.jimenez@ericsson.com>>, "core@ietf.org<mailto:core@ietf.org> WG (core@ietf.org<mailto:core@ietf.org>)" <core@ietf.org<mailto:core@ietf.org>>
Subject: Re: [core] šŸ”” WG Call for Adoption on draft-tiloca-core-multicast-oscoap

Thanks Marco,

This update solves the issues I think and answers my questions, except for the randomness in the Gid:  ā€œA Gid MUST have a random component and be long enough, in order to achieve a negligible probability of collisions between Group Identifiers from different Group Managersā€; and Appendix C.

The example Appendix C uses a single random byte.  Most people would think the collision probability is quite high in this case; so how can this choice satisfy the requirement?

See above.

Maybe in this example the Group Managers pick a random value and then mutually verify that there are no collissions?


Yes, if there is coordination between group managers, but this is not necessary for the scheme to work as noted above.

The name ā€œGroup Epochā€ could be slightly confusing here ā€“ Appendix C states the epoch applies to a single group. However the example there shows the epoch applies to all groups from the same Group Manager, or in other words the epoch *is* the group. (Because there is no thing like ā€œGroup IDā€ in the example, only GM random byte and Group Epoch bytes.)  Was it intended to add a byte or so for ā€œGroup IDā€ ? So that each group can have its own epoch counter.


The intent was that the Group ID consists of a Group Prefix and a Group Epoch. The need for a group prefix is to allow a constant identifier of the group. The need for group epoch is to allow endpoints to find the right Master Keys used in the group at a certain time.

 Group identifiers may be constructed in other ways that makes the recipient find the right security context.

Hope that helps.

Thanks,
Gƶran


Esko



From: Marco Tiloca <marco.tiloca@ri.se<mailto:marco.tiloca@ri.se>>
Sent: Monday, March 5, 2018 23:18
To: Esko Dijk <esko.dijk@philips.com<mailto:esko.dijk@philips.com>>; Jaime JimƩnez <jaime.jimenez@ericsson.com<mailto:jaime.jimenez@ericsson.com>>; core@ietf.org<mailto:core@ietf.org> WG (core@ietf.org<mailto:core@ietf.org>) <core@ietf.org<mailto:core@ietf.org>>
Subject: Re: [core] šŸ”” WG Call for Adoption on draft-tiloca-core-multicast-oscoap


Hello Esko,



Thanks for your support and comments, we have considered them when producing the latest version of the  draft [1].



Please, find in line some answers to your comments.



Best,

/Marco



[1] https://tools.ietf.org/html/draft-ietf-core-oscore-groupcomm-01

On 2017-12-04 14:35, Esko Dijk wrote:
I also support the adoption of this draft as a work item for CoRE. Below are the results of a quick review, also.

Best regards
Esko Dijk


Overall comments ā€“ or work that the WG could take up next
Ā·         Detailed example with message sizes would be useful. Since itā€™s important for multicast over 6lowpan performance that the IPv6 packets stay small enough (one 802.15.4 frame). At this moment, I canā€™t judge that yet easily based on the draft.


[MT] We have now included detailed examples in Sections 3.1 (Request) and Section 3.2 (Response).


Ā·         Normally, for applications (e.g. Building automation and lighting) groups do need a stable and non-random group ID, that identifies the group over time even as changes occur, e.g. members added/removed. The ā€œGidā€ in the draft however changes. There could be some text added to explain how Gid is linked to a stable ID. E.g., this could be configured by the Group Manager. The stable group ID is then not used over-the-wire for multicast OSCORE.


[MT] It is true that the Gid in this draft changes over time, especially upon renewing the group keying material, and the Group Manager is the only responsible for managing its value update. However, this Gid has to be intended as the identifier of the OSCORE ā€œsecurity groupā€, including as members the endpoints that share the same Common Security Context.

[MT] As you say, applications do rely on a stable and non-random group ID, which is not used over-the-wire for group OSCORE, and instead identifies an ā€œapplication groupā€ having as members the endpoints that participate in a same group application. There is no relation between this application-level group ID and the OSCORE Gid defined in this draft. However, one may possibly map multiple ā€œapplication groupsā€ to the same ā€œsecurity groupā€.

[MT] In order to clarify this point, we included also a definition of ā€œGroupā€ and ā€œGroup IDā€ in Section 1.1.


Ā·         There is normative text in the Appendices; it could be clarified what the status of this is. E.g. only normative if one chooses to implement the optional element described in the Appendix?I have a preference for avoiding normative text in the Appendices, but Iā€™m curious to hear what others think.

[MT] We relaxed the text in Appendices to avoid normative references, with the exception of a ā€œNOT RECOMMENDEDā€ in current Appendix F ā€œNo Verification of Signaturesā€.


Ā·         The text sometimes suggests that a secure group context is linked to one and only one multicast IP address. In practice, there may be more variety ā€“ e.g. one multicast IP address plus one or more unicast IP addresses to which the group message is subsequently delivered. E.g. repeat of the group message to members which did not get it yet. The proposed solution could be reviewed with that view in mind, that there may be multiple (multicast/unicast) IP destination addresses to which a group message will be sent. I did not do that yet; can do so in a future in-depth review.


[MT] Thanks, thatā€™s a very good comment. Weā€™ll think more on the possible view you propose. It should be fine as long as a recipient is able to retrieve the right group Security Context, by using the Gid.



Section 2.1
Some things here are listed as out of scope, but they do come back later in the doc ā€“ such as forward security and backward security , which are addressed I think ā€“ certainly not out of scope.


[MT] Group OSCORE does not ensure forward security and backward security itself. Instead, they are entrusted to the specifying group rekeying protocol enforced by the Group Manager. The specific rekeying protocol if out of scope for Group OSCORE, which however recommends the use of one able to ensure backward and forward security in the group.



Section 3
" Gid MUST be random " -> seems to contradict Appendix B which uses an Epoch counter in the Gid.  Should it say ā€œMUST have a random componentā€ ?


[MT] Right, now fixed (in current Appendix C).



Appendices

  *   Appendix B, a concrete example instance is missing. E.g. ā€œw3fj90f0a_0042ā€ or its bstr equivalent  (just guessing here to the format)


[MT] We added an example, in current Appendix C.



  *
  *   Appendix C, is this an example blueprint of how to do it ā€“ fully optional to follow or not follow this?


[MT] We relaxed the text in current Appendix D, as for the time being it is intended to be a guideline example.



  *

Minor

  *   ligthing -> lighting
  *   enpoint  -> endpoint
  *   Pg 25 , [I-D.ietf-ace-dtls-authorize] reference breaks across line and as such becomes non-searchable in the browser. And I like these refs to be searchable šŸ˜‰





From: core [mailto:core-bounces@ietf.org] On Behalf Of Jaime JimƩnez
Sent: Thursday, November 23, 2017 17:59
To: core@ietf.org<mailto:core@ietf.org> WG (core@ietf.org<mailto:core@ietf.org>) <core@ietf.org><mailto:core@ietf.org>
Cc: ji-ye.park@uni-due.de<mailto:ji-ye.park@uni-due.de>
Subject: [core] šŸ”” WG Call for Adoption on draft-tiloca-core-multicast-oscoap

Dear all,

The draft on "Secure group communication for CoAP" ( draft-tiloca-core-multicast-oscoap<https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap/> ) had in room consensus for adoption during IETF99 already, now we are clear to confirm it on the mailing list.

Please reply to the list with your comments, including although not limited to whether or not you support adoption. Non-authors are especially encouraged to comment.

Target to end the WGA is 14th of December.

Ciao,
- - Jaime JimƩnez


________________________________
The information contained in this email may be confidential and/or legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this email is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original email.




_______________________________________________

core mailing list

core@ietf.org<mailto:core@ietf.org>

https://www.ietf.org/mailman/listinfo/core



--

Marco Tiloca, PhD

Research Institutes of Sweden

RISE ICT/SICS

Isafjordsgatan 22 / KistagƄngen 16

SE-164 40 Kista (Sweden)

Phone: +46 (0)70 60 46 501

https://www.sics.se



The RISE institutes Innventia, SP and Swedish ICT

have merged in order to become a stronger research

and innovation partner for businesses and society.



SICS Swedish ICT AB, has now changed name to RISE SICS AB.

v2.23.0 | Report a Bug | By Email