[core] draft-hartke-core-stateless

Jim Schaad <ietf@augustcellars.com> Mon, 10 September 2018 23:08 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66EDB130F8A; Mon, 10 Sep 2018 16:08:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.794
X-Spam-Level:
X-Spam-Status: No, score=-0.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m43Rf2F1GCMp; Mon, 10 Sep 2018 16:08:00 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4470130E0F; Mon, 10 Sep 2018 16:07:56 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 10 Sep 2018 16:03:54 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: <draft-hartke-core-stateless@ietf.org>
CC: 'Core' <core@ietf.org>
Date: Mon, 10 Sep 2018 16:07:48 -0700
Message-ID: <009901d4495b$194c4f30$4be4ed90$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdRJSZxEFVxiHpnJRYejIUsSOODSiw==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/4_Z3pRhK9OrYsROvyoqB9XbMQ1U>
Subject: [core] draft-hartke-core-stateless
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 23:08:01 -0000

Section 2.2.2 - Depending on circumstances, I think you might get a Gateway
time out error response as well for some types of proxies.

Section 2.2.2 - Should there be a special indicator that a server cannot
deal with tokens of longer than n bytes?  Otherwise this would seem to be a
good way to exhaust resources on the server/proxy.

Section 3.1 - I would think that repeatable would be better for the option
as then multiple proxies could just insert a new option rather than
attempting to extend or wrap the current value.

Section 3.1 - I am not sure that I agree that the option should be unsafe to
forward.  As long as a client and a server agree to deal with the option
then it does not matter what any intermediate proxies might do.  Changing
this modifies 3.2.2 as well

Section 3.1 - above two arguments would change the values of critical as
well.  I still think that it would be part of the cache key for a proxy that
did not understand the option, it might be noted that a proxy which
understands the option would be in its right to exclude the option from
computing the cache key.

Section 3.1 - The last sentence may need to have some additional text added
about the length of the Token field when splitting the value.  Also needs to
have a note about the interactions messages in those cases where the portion
placed in the token field does not change.  This seems quite possible if one
uses a prefix.

Section 4 - What happens for interactions w/ the observe option?

Section 4.1 - I don't see how paragraph 3 follows from the use of this
option.  This is merely a tree statement for all intermediaries that don't
bother caching.  Note that if the intermediary does cache responses, but
does not cache this option then the entire paragraph does not seem to be
correct.  It could respond from the cache, but not worry about keeping this
value in the cache and trying to figure out when and how to ignore.

Security Considerations - Need additional text someplace about swapping of
tokens which might be more consequential than would normally be the case.

Someplace - Interactions between OSCORE and this new option.

Freshness indicator may need to be dealt with on a per server basis or using
the same type of window that DTLS uses.  If a client sends out two different
messages to two different servers, the order of responses should not control
if a response is processed.

Jim