Re: [core] Ben Campbell's Discuss on draft-ietf-core-senml-14: (with DISCUSS and COMMENT)
Ari Keränen <ari.keranen@ericsson.com> Mon, 07 May 2018 17:52 UTC
Return-Path: <ari.keranen@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95AC4127076 for <core@ietfa.amsl.com>; Mon, 7 May 2018 10:52:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.332
X-Spam-Level:
X-Spam-Status: No, score=-3.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QT4rB95BLCc5 for <core@ietfa.amsl.com>; Mon, 7 May 2018 10:52:40 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 571CA127869 for <core@ietf.org>; Mon, 7 May 2018 10:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525715556; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WwNTMDrA0EByP8U06PshzIixjngHI9muaWdVSIYFxdY=; b=R4oFGlSJMmYG/4WfJCVnMcuO6fys9TrDg0msY2ZhqqhGQJUlmcHjNRTEoNR6RGL3 /ELggMEHAdicMlF/ToTHDeR/mmTi3dNEa9EvTTLXVoFSQURZ9pfbXRTaHOagmJBs QylUiYiAt0r3I31SnN/k6FunHUe2364uvwnytbZaG3Y=;
X-AuditID: c1b4fb25-5c3ff700000064d0-69-5af09263aeed
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.183.69]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id A9.E8.25808.36290FA5; Mon, 7 May 2018 19:52:36 +0200 (CEST)
Received: from ESESSMB503.ericsson.se (153.88.183.164) by ESESSHC017.ericsson.se (153.88.183.69) with Microsoft SMTP Server (TLS) id 14.3.382.0; Mon, 7 May 2018 19:52:35 +0200
Received: from ESESBMB502.ericsson.se (153.88.183.169) by ESESSMB503.ericsson.se (153.88.183.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Mon, 7 May 2018 19:52:35 +0200
Received: from ESESBMB502.ericsson.se ([153.88.183.185]) by ESESBMB502.ericsson.se ([153.88.183.185]) with mapi id 15.01.1466.003; Mon, 7 May 2018 19:52:34 +0200
From: Ari Keränen <ari.keranen@ericsson.com>
To: Ben Campbell <ben@nostrum.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-core-senml@ietf.org" <draft-ietf-core-senml@ietf.org>, Jaime Jiménez <jaime.jimenez@ericsson.com>, "core-chairs@ietf.org" <core-chairs@ietf.org>, core <core@ietf.org>
Thread-Topic: Ben Campbell's Discuss on draft-ietf-core-senml-14: (with DISCUSS and COMMENT)
Thread-Index: AQHT1UHn+Jopg1j5+EC0sj/ycG3/7aQkjFAA
Date: Mon, 07 May 2018 17:52:34 +0000
Message-ID: <FC1AD855-6A06-460B-A688-8CB69A973E09@ericsson.com>
References: <152385571314.20985.5160681583375127961.idtracker@ietfa.amsl.com>
In-Reply-To: <152385571314.20985.5160681583375127961.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.153]
Content-Type: text/plain; charset="utf-8"
Content-ID: <346B1C205953C84EBBD4FC885AC8C430@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrBIsWRmVeSWpSXmKPExsUyM2K7q27KpA9RBlPfM1nM7zzNbrFt4wU2 i31v1zNb/Hy3hNlixp+JzA6sHkuW/GTymLXzCUsAUxSXTUpqTmZZapG+XQJXRlv7JuaCGRoV d8+9Z2xgnKLexcjJISFgIrHq5AmWLkYuDiGBI4wSp049ZoRwNjNKrJm9nA2kSkjgK6NE+3So qqWMEg+OvmIFSbAJ2Eo8ad0HZosIKEk8b94KVsQs8JJR4vXDXkaQhLBArMS8E3PYIIriJL4t ncoIYRtJXHixgB3EZhFQkXi+/RALiM0rYC/x7u9BRojNvhL35p4Hi3MK+Ems2L4RLM4oICbx /dQaJhCbWUBc4taT+UwQ/whILNlznhnCFpV4+fgfK4StJLH32HWgORxA9ZoS63fpQ7RaSyzo f8AOYStKTOl+yA5xgqDEyZlPWCBOUJW4+u8V4wRGyVlIts1CmDQLyaRZSCbNQjJpASPrKkbR 4tTipNx0I2O91KLM5OLi/Dy9vNSSTYzA+D245bfqDsbLbxwPMQpwMCrx8FblfIgSYk0sK67M PcQowcGsJMLLpgwU4k1JrKxKLcqPLyrNSS0+xCjNwaIkzvvQfHOUkEB6YklqdmpqQWoRTJaJ g1OqgZEv++F55dyCN3lHKruvnHkq+4xNrmJHW7FRY4fe8g0K7MFF3eFJK3btNWN4mtqp+lBt 0vSbUgv9BNtqOE4E2MgErP5r6P5X8blQ4f8i9ZeT93k5cs8uvZloz3639MvjqmdRCnzXv4oY uX5s5fyyz6yAM+WiUfRplW8y2seOtBSUNT9Lu+vPoMRSnJFoqMVcVJwIAPMTncjbAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/1Fsxm3VWK3ErBG6uJLq0PF2fmAM>
Subject: Re: [core] Ben Campbell's Discuss on draft-ietf-core-senml-14: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 17:52:42 -0000
Thank you for the review Ben! We have now submitted a new revision of the SenML draft that addresses all the IESG review comments: https://tools.ietf.org/html/draft-ietf-core-senml-15 For answers to your review comments, please see below. Thanks, Ari > On 16 Apr 2018, at 8.15, Ben Campbell <ben@nostrum.com> wrote: > > Ben Campbell has entered the following ballot position for > draft-ietf-core-senml-14: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-core-senml/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Hopefully this is easy to address: > > §4.7 talks about how SenML can also be used to configure parameters and > controlling actuators. That capability has some rather significant security > implications, but I failed to find mention of it in the security > considerations. That needs to be explicitly discussed. Now Section 13 mentions actuator use explicitly: When SenML is used for configuration or actuation, it can be used to change the state of systems and also impact the physical world, e.g., by turning off a heater or opening a lock. The SenML formats alone do not provide any security and instead rely on the protocol that carries them to provide security. Applications using SenML need to look at the overall context of how these formats will be used to decide if the security is adequate. In particular for sensitive sensor data and actuation use it is important to ensure that proper security mechanims are used. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Substantive: > > §4.4: "If this value is a version number larger than the version which the > system understands, the system SHOULD NOT use this object." > > Why not MUST NOT? Are there situations where an implementation might reasonably > use an object with a higher version number than the implementation understands? Good point. Changed to "MUST NOT". > Editorial/Nits: > > The title is misleading. It makes it sound like the document is just > registering media types; in fact it defines SenML. Other reviewers mentioned the same. Changed this to "Sensor Measurement Lists (SenML)" > §1, first paragraph: "This format was defined...": The antecedent of "this" is > unclear, since the fact the document defines SenML has not yet been mentioned. Changed to "The SenML format is defined..." > §4.3, table 1: What do the asterisks mean? The first sentence after table was supposed to have asterisk to indicate explanation. Now it says: (*) Data Value is base64 encoded string with URL safe alphabet as defined in Section 5 of [RFC4648], with padding omitted. > §5.1.2, paragraph starting with "Note that...": I'm surprised to find normative > requirements buried in a note in an example. We moved the SensML normative text now to a new section (4.7). > §10, first paragraph: " the an integrated sum...": competing articles. Fixed. > §14: "Sensor data can range from information with almost no security > considerations..." > s/security/privacy Fixed.
- [core] Ben Campbell's Discuss on draft-ietf-core-… Ben Campbell
- Re: [core] Ben Campbell's Discuss on draft-ietf-c… Peter Saint-Andre
- Re: [core] Ben Campbell's Discuss on draft-ietf-c… Carsten Bormann
- Re: [core] Ben Campbell's Discuss on draft-ietf-c… Carsten Bormann
- Re: [core] Ben Campbell's Discuss on draft-ietf-c… Ari Keränen
- Re: [core] Ben Campbell's Discuss on draft-ietf-c… Ben Campbell
- Re: [core] Ben Campbell's Discuss on draft-ietf-c… Ari Keränen