Re: [core] Review of draft-fz-core-coap-pm-03

Christian Amsüss <> Fri, 10 March 2023 15:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C1AD5C14CE33; Fri, 10 Mar 2023 07:19:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id h0M2rh3Q7HHU; Fri, 10 Mar 2023 07:18:59 -0800 (PST)
Received: from ( [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 028C9C14CE4C; Fri, 10 Mar 2023 07:18:58 -0800 (PST)
Received: from ([IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by (8.17.1/8.17.1) with ESMTPS id 32AFIvDO095746 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Mar 2023 16:18:57 +0100 (CET) (envelope-from
X-Authentication-Warning: Host [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd] claimed to be
Received: from ( []) by (Postfix) with ESMTP id A50D21CF6A; Fri, 10 Mar 2023 16:18:56 +0100 (CET)
Received: from (unknown []) by (Postfix) with ESMTPSA id 4114C1F1A2; Fri, 10 Mar 2023 16:18:56 +0100 (CET)
Received: (nullmailer pid 28631 invoked by uid 1000); Fri, 10 Mar 2023 15:18:54 -0000
Date: Fri, 10 Mar 2023 16:18:54 +0100
From: Christian Amsüss <>
To: Marco Tiloca <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="uIW7+m5VqFVyuGTc"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [core] Review of draft-fz-core-coap-pm-03
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Mar 2023 15:19:00 -0000


just one remark on what I noticed skimming:

On Sun, Feb 26, 2023 at 08:30:11PM +0100, Marco Tiloca wrote:
> * When using OSCORE, having the PM option as inner or outer does not have to
> be mutually exclusive. That is, measurements can be performed both at the
> ends, and in the individual hops, by having the option both outer and inner.
>    However, if the PM option is used (also) as an outer option, shouldn't
> the outer option also be (at least) integrity-protected, to be reliably
> processed by the intended consumer? This would require using also DTLS
> hop-by-hop, or an (additional) OSCORE association with an intermediary (see
> draft-tiloca-core-oscore-capable-proxies).

I don't think that option should be Class-I. The option is hop-by-hop
now, and may be legitimately terminated at proxies. If it were Class-I,
a proxy's operation would make the requests fail.

If an OSCORE endpoint sends both outer and inner, the inner is for
measuring the connection to the E2E peer, and the outer is for measuring
the connection to next hop proxy.


To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom