Re: [core] Review of draft-fz-core-coap-pm-03

Christian Amsüss <christian@amsuess.com> Fri, 10 March 2023 15:19 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1AD5C14CE33; Fri, 10 Mar 2023 07:19:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0M2rh3Q7HHU; Fri, 10 Mar 2023 07:18:59 -0800 (PST)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 028C9C14CE4C; Fri, 10 Mar 2023 07:18:58 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com ([IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 32AFIvDO095746 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Mar 2023 16:18:57 +0100 (CET) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (hermes.amsuess.com [10.13.13.254]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id A50D21CF6A; Fri, 10 Mar 2023 16:18:56 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [46.183.103.8]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 4114C1F1A2; Fri, 10 Mar 2023 16:18:56 +0100 (CET)
Received: (nullmailer pid 28631 invoked by uid 1000); Fri, 10 Mar 2023 15:18:54 -0000
Date: Fri, 10 Mar 2023 16:18:54 +0100
From: Christian Amsüss <christian@amsuess.com>
To: Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>
Cc: core@ietf.org
Message-ID: <ZAtKXsMuVAKlvr3m@hephaistos.amsuess.com>
References: <80824788-14ed-2947-824f-f96acd6307b5@ri.se>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="uIW7+m5VqFVyuGTc"
Content-Disposition: inline
In-Reply-To: <80824788-14ed-2947-824f-f96acd6307b5@ri.se>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/0UMD-lv9PdCJJlDLlynq2-ywNtY>
Subject: Re: [core] Review of draft-fz-core-coap-pm-03
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 15:19:00 -0000

Hi,

just one remark on what I noticed skimming:

On Sun, Feb 26, 2023 at 08:30:11PM +0100, Marco Tiloca wrote:
> * When using OSCORE, having the PM option as inner or outer does not have to
> be mutually exclusive. That is, measurements can be performed both at the
> ends, and in the individual hops, by having the option both outer and inner.
> 
>    However, if the PM option is used (also) as an outer option, shouldn't
> the outer option also be (at least) integrity-protected, to be reliably
> processed by the intended consumer? This would require using also DTLS
> hop-by-hop, or an (additional) OSCORE association with an intermediary (see
> draft-tiloca-core-oscore-capable-proxies).

I don't think that option should be Class-I. The option is hop-by-hop
now, and may be legitimately terminated at proxies. If it were Class-I,
a proxy's operation would make the requests fail.

If an OSCORE endpoint sends both outer and inner, the inner is for
measuring the connection to the E2E peer, and the outer is for measuring
the connection to next hop proxy.

BR
c

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom