Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks
Marco Tiloca <marco.tiloca@ri.se> Fri, 11 March 2022 16:17 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 329B13A03EC for <core@ietfa.amsl.com>; Fri, 11 Mar 2022 08:17:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.111
X-Spam-Level:
X-Spam-Status: No, score=-7.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEmap_IiLq0A for <core@ietfa.amsl.com>; Fri, 11 Mar 2022 08:17:06 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on061d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::61d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 228283A0121 for <core@ietf.org>; Fri, 11 Mar 2022 08:17:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DIHoTabwWnG6qDwgMOktVS2kzeuL5myaIZ7I0kktL65h+lUvQLUnqObBNh1ZZU2da9vskIF3yserXbxOZGGFUZKMbFEnlWh1r12ru1dMid/QuT7nbNi3UZ/CZHBjkHs9vbcbcmcszlO1PY1VOtpYh8HE5LTc7D9LkU3J/1dx99GNHaC2Rpp4psJ74lC7IBcs84viA1AGlz+A031UUanO/xQhV3KJRpA8rtgVY+6dYEEZ60y+iejsYF7EB/Qt0o7wU10yGKRRwGuZHGAUitnulJamtZMTPXI0IZEXsZUBnMSSj55bNXMoFCXQTOYLiIU9BMdAgwnZmzQINrifi/oS8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HB+ccXkzGBsBPkM3Tt1i5YW3u93iFfi9mpRfZRmLRDs=; b=LM2c1QWbYG6GIJ0xvOZGTAmX9uXEBPOWEWCmT7HhPsc56U3FpmJsqsfu3/1dj67MdNNlEO2wOyb1BYCgmtEbNrozFXZPp4POhIm7fh/TzFAnmDmssk1Hk1TEsJERcSVL2Qcdp/taXbU74mVBwyRSL3ejeVhI1xHEv7Lp876hGHaxQfcy6xHaGr+FFe+UhrVWQmqCcL7ja/53lLzVvwPXcbaVZQxhU6A6BgOgJVc686OLjcno1HC3HTOmfc6o+EostlV9n/ZfBrf0JvVNDvaPe97MIPfF9HDNErfAaqDadCb+LYYeRBK6hvWh408FVl+1mrjy+bMC40QPOupxenZ+sw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HB+ccXkzGBsBPkM3Tt1i5YW3u93iFfi9mpRfZRmLRDs=; b=JTxQZqzQ9+Ifjiwj9xkAwOyAhy4gUhx8CpBiDqHleGwyuuaH8vKb9t2EelFUaghOODmIvJZkdxL/wu+6Y2vIeGyYUNqq/v0wOO/HdzYFlUY0d+GBUsgg8EtwzgxwMkoZiq3eV7GxgK1VbPEMhgBECTqTxcf41iHL3IJgH+cHeFw=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by VE1P189MB1120.EURP189.PROD.OUTLOOK.COM (2603:10a6:800:16d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.22; Fri, 11 Mar 2022 16:16:57 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::7406:4429:8288:c4d]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::7406:4429:8288:c4d%6]) with mapi id 15.20.5061.024; Fri, 11 Mar 2022 16:16:53 +0000
Message-ID: <b0b687ef-015a-8af4-60c3-b830ccc84ddb@ri.se>
Date: Fri, 11 Mar 2022 17:16:35 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: supjps-ietf@jpshallow.com, Achim Kraus <achimkraus@gmx.net>
Cc: mohamed.boucadair@orange.com, core@ietf.org
References: <cadf5151-8f7f-9311-6987-de5bf533abe2@ri.se> <28040_1645773815_621883F7_28040_64_1_787AE7BB302AE849A7480A190F8B9330354999C4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <55ce01d82a31$f052c530$d0f84f90$@jpshallow.com> <01663e0e-ccb7-84d2-08aa-3792799a783c@gmx.net> <5a5401d82a86$c10bf440$4323dcc0$@jpshallow.com>
From: Marco Tiloca <marco.tiloca@ri.se>
In-Reply-To: <5a5401d82a86$c10bf440$4323dcc0$@jpshallow.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------07IUhzQnFdMGCX8jeP6pOKA0"
X-ClientProxiedBy: GV3P280CA0070.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::25) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 696c9135-807c-40d6-b39b-08da037a84be
X-MS-TrafficTypeDiagnostic: VE1P189MB1120:EE_
X-Microsoft-Antispam-PRVS: <VE1P189MB1120F9859364DD24A054BEF6990C9@VE1P189MB1120.EURP189.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: LnaVw3iz4zyTkHY0fCPwzkZ+rKyBUdzOJvH+hK1tsCh847Ncfnb6gC8FbeW5t+KEbAwxZD95XAnbXRMp9qzxBfEqZ1aajS5m8WRTjWnLBlIhRrBXWz8VkyH1U+gwpBR9mkLq8SElOR+cMrDsppQEEBs3Hgx22fXAJGg5VN8/e6ovDBLD54zc8gheRQIrMJOqSQIJmPr/K9kkop6AQMn/3rQ3Ef9/MuH3Pg+bBOX+vP1EQF93xooS4AeVYYH8j7s5olAVdZ2bSiLPilDN18ZnjQiPQLeM6oKU+KviFff7r4YU5UZB11gFfMFZ2juw+mxcoivfZtalyoRlDoB9Nf+6Uh6nlnltxVIvW2inaUdpSRvzS9a+kqwayawt4S1eDWnX50yNHCm2ZHJTm6k5QLFfqLW54u98bbiCa+mPT7i6FDof8kD9VFNb+fjjbClIiidAssvvV6+1h6CvGR6slby1sHHIO6P6zC+pl+i59oBvM8uGpRBb2kBI9g6Seu10VVG7G7FQLN9/8ZTVaEJFOd+tJHKfFKxdfTHl3bBNc8gAnC9kFBeUxpvWWyMkQpqtju14CZ1+Nr3Ezyn6/6Du6rR5xOxaVRz/jM/TntssemQoXfzTIZDma4Isky+TsQuuJs3KEEntLMi4tpFNaeewN5oRleIz6EE8vH17207icliCrncLQ2OMAy2ShIFQEzLav1cnSvVTKLZxBUT+/7wi+GVf3WrE9RE5vGJ7BjN4+zfHZjslc+ayVooDP5Y3FFwq2WXBko0FVmj/HLEm61VDUPnINf0xJZMmH1ZsYv8EOj5Nq94ZUKnM3FOn981keE4L1uY0
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(45080400002)(6486002)(966005)(316002)(2616005)(86362001)(31696002)(6916009)(508600001)(6666004)(66574015)(21480400003)(186003)(26005)(53546011)(38100700002)(33964004)(6506007)(6512007)(83380400001)(44832011)(30864003)(31686004)(235185007)(8936002)(2906002)(66556008)(8676002)(66476007)(36756003)(5660300002)(66946007)(4326008)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Ot0EH5KmDQJ/PTs4EwizdzTq8GqzpF1wU/lD/X8jsFMM1aGX9adY75zz5/z6B8+/t8T4PG4En4TGi2dGx9Cs5QdH1qXkP6g//fKFfPURzPq3jbvZp8X9BxTUGCjuzlpOQW/V1onwkboLKMSsuKqRAZvplfMWaJTRtdmBd9yanzviX+MucfzTsEl6uWMRo+X9H3BSD3Jb+5dIngOIMyOC/xvRG0vS/uIV90/DYYGQxQqcEbnCXEcOZeXggRHKt3rOOD7MVernVC/T0MpZl/k+xot/V0qUdjnsUrjZ/g9X8yoPep0BBupXs6zBaNOhiC2CQ8jlJs9rIUWOLK3CrZMcbhgmmIP++cG3hUuu3sw6BAiCUYALLZtkYSKJGN/UvcSMM7pRW0GSrNZB2GrG/z5fg+9Q1PbDs0flh8sW/7/dWMbfZAzEapCo3nvNmCzvszRjLyflpStkBVFblyXCx4tN1+AiCOhwg0TWMVmWQDpAK/JLZawsZ2erOTo67phoVUlaJ2nzjQKj6cRUjUBXr9uUjUBgmS6WkLkP7qeeh7+4Ti5TKBW0oaalBU74ZsXdWgnRI9cCbwWuocRUYzizjMiVYOdgRHU9JUSZ2CqKL6tiRwjoTUZYjJDmObRwxUS/5KzGzCXcUMBvdzloZa5QP2aaw2oLIvaCUC0tFrth5Urn2X/q7AT5WYTAygR5BgYlAoZmLjitIPYnrMPHHpGUVNQcef7B165EIuNhhycCFIeaAt4rku+LPFdkFOElIesY8Vhv3ihqkmRP59RKgOf5Ud6zMNr6pT+UhCj3SwsgSwv/R6wD/vbcoSQg1KKm/fXApvFvKRVpKOsyivQyjGiltJfcJtcle7NJPA04J43MXCrS600rSkWYQpgdA0M2HbWaTJmG5pvC1xI2Fxhcs00syhZQvH+0o9c0B15KTe9kNIju4FQWkZQD2v4dDo5QN3uWPtDWgwAAwysr2eNCMqAxNsUVbN+kvURJ38xCCfNOcptpwNFIw7MJaeJXNHrbqSAsNGD6lbYiG6C4MskBZo39nkJ1Wz1aLXzxJM6UT9T86QgaQohMsyVfGNvleQke4sHn/eoNUTtPCEUkwz4cf/EC0JX0mHEMrE2vDzqfhcMMoagrTTdmUbCrSGOl3LGLdIghci+YbSIFDXfClkBe5bbuDiSY4a5nr+V5ik1nz9woaJwH/LLZMDUbiBp8KHAVsxFTfJ34oPgYJ57DWFb+8G+dtnaS/qdCrQOY+Yj7z10CzvmJTuCM19c/BkIep+OqZViAMAG7eUh5stCRot5zZ6ChGoWnyLxvMuBxUqDrwzr3i7Em/+nWYoRgaf9MUEGC6nQ0AtS75ISFxNwBuBBzFgE5UYJIWydpm8FZyhOmSgkVz4j2sy3WcGqwcd4LVleJppHcJSPsYcObMP8qidQ5PBJQCA4Y1mAAR8f5qfDkcKa4+yKUPej4g9zVlXZ7Zs4OjnhV3zHn
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 696c9135-807c-40d6-b39b-08da037a84be
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2022 16:16:53.6584 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: f8RxLRkTw1/7V9TNEiFxztex1vnA80OWvVV/mEEFPRXSoI9g4I2QXE7fxYXTNwyCr2RefSPWjAjF/6/O4OV+YA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1P189MB1120
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/66zuMNuAmTKY6W6cv1aoy_izMzg>
Subject: Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 16:17:13 -0000
Dear all, This mail closes the Adoption Call. The draft is adopted as a CoRE Working Group document. Authors, once the submission system reopens, please submit a new version -00 as a Working Group document. When doing so, please use the document name "draft-ietf-core-attacks-on-coap", thus making the agreed document scope evident. We will also set up a CoRE Github repo to host the draft sources. Thanks, Marco, Jaime and Carsten On 2022-02-25 21:32, supjps-ietf@jpshallow.com wrote: > Hi Achim, > > draft-mattsson-core-coap-attacks has a focus on using Request-Tag to mitigate attacks. Usage of ETag is not mandated in RFC7252 or RFC7959 as far as I can tell (but is in to-be-RFC9177), but using ETag with Block2 mitigates potential attack confusion. See attack below. > > Otherwise, please see inline. > > Regards > > Jon > >> -----Original Message----- >> From: Achim Kraus [mailto: achimkraus@gmx.net] >> Sent: 25 February 2022 16:22 >> To: jon@jpshallow.com >> Cc: mohamed.boucadair@orange.com; 'Marco Tiloca'; core@ietf.org >> Subject: Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks >> >> Hi Jon, >> >> I'm not sure about: >> >> > Again using Block-Wise transfers, there has not been consideration >> for a delay attack causing the server to send back the wrong data in a >> BLOCK2 response. See >> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcore-wg%2Fecho-request-tag%2Fissues%2F77&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0T%2Bhaw%2FvEzciuzAdhsmmIxWXvIS13JM1LevFFOS2ntM%3D&reserved=0 . If the attacker >> delays the first request (which triggers a BLOCK2 response), and then >> sends it just before/after the second request (also triggering a BLOCK2 >> response), the request for the next block for, say the second request, >> from the client may get back the block from either the first or second >> request. This can only be mitigated using the Request-Tag on each >> request, even though BLOCK1 is not being used for the request. I think >> this attack also needs to be included. >> >> Does this refer to RFC7959? > Jon> Yes, as Block2s are being used as well as RFC9175 >> > may get back the block from either the first or second request. >> >> But the response will contain a token, which is used for >> request-response matching. So, do you assume, that both request are >> using the same token (maybe then more a unintended violation of the >> token uniqness)? > Jon> No. I would be expecting the Token to be different in each request that asks for the next payload of the body. Use of the same Token is not recommended as per RFC9175, but people do not realize that an empty token should not be used across multiple requests (another attack if "Foe" was removing tokens as the CoAP packets passed through...). > > Jon> Client gets earlier value (ETag not used) against what it thought was the second request. > > Client Foe Server > | | | > +------X | POST "request" T:1 { "offset":0, "length":2000} > | | | > +-------------> POST "request" T:2 { "offset":4000, "length":2000} > | | | > | @------> POST "request" T:1 { "offset":0, "length":2000} > | | | > <-------------+ 2.04 T:2 Block2:0/1/1024 { data containing 4000:1024 } > | | | > <-------------+ 2.04 T:1 Block2:0/1/1024 { data containing 0:1024 } > | | | > +-------------> POST "request" T:3 Block2:0/_/1024 > server - is this continuation of request using T:1 or T:2 ? > | | | > <-------------+ 2.04 T:3 Block2:1/_/1024 { data containing 1024:2000 } > Was this the expected data ? > | | | > > This is fixed if Request differentiating ETag is used in the response. The client may not be able to get the missing secondary block from the alternative request, unless Request-Tag is used in the initial request (hence issue 77). > > ~Jon> > >> best regards >> Achim >> >> Am 25.02.22 um 11:24 schrieb supjps-ietf@jpshallow.com: >>> Hi All, >>> >>> I likewise am in favor of this document, but would like to see a few changes / >> addition. >>> Med is actually referring to 2.4, but this made me realize there was a trap of >> seeing Block and hence thinking RFC7959 for 2.1 - "The Block Attack" which >> actually has no reference to CoAP blocks. A better section title could be "The >> Blocking Attack" and s/Block Attack/Blocking Attack/ elsewhere. >>> For 2.4, "Fragment" in terms of CoAP blocks is not defined, and is not used in >> RFC7959 (RFC7959 refers to fragmentation issues outside of the CoAP layer), so >> is unclear that "fragment" is meant to be referring to a CoAP RFC7959 (or >> draft-ietf-core-new-block to-be-RFC9177) block. >>> Thus, "2.4. The Request CoAP Block Rearrangement Attack" is a step in the >> right direction for me. Then most of the usage of the word fragment needs to >> be replaced with block. >>> As a note for mitigating 2.4.1, to-be-RFC9177 requires the use of Request-Tag >> (https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-core-new-block%23section-4.3&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xOtwVuut7cr5b9XwymOOKszIa1o4wTy2JGsx3YZU%2Fcw%3D&reserved=0) >> and good use of tokens (https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-core-&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hGbqp8JV2ho9GDPEcoZoCG%2Bt3abngC23tkG%2B2pJfV4o%3D&reserved=0 >> new-block#section-6). >>> The lost blocks recovery mechanisms in to-be-RFC9177 mitigate the risk of >> the wrong block being processed in a request by the server. >>> Again using Block-Wise transfers, there has not been consideration for a delay >> attack causing the server to send back the wrong data in a BLOCK2 response. >> See https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcore-wg%2Fecho-request-tag%2Fissues%2F77&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0T%2Bhaw%2FvEzciuzAdhsmmIxWXvIS13JM1LevFFOS2ntM%3D&reserved=0 . If the attacker >> delays the first request (which triggers a BLOCK2 response), and then sends it >> just before/after the second request (also triggering a BLOCK2 response), the >> request for the next block for, say the second request, from the client may get >> back the block from either the first or second request. This can only be >> mitigated using the Request-Tag on each request, even though BLOCK1 is not >> being used for the request. I think this attack also needs to be included. >>> Regards >>> >>> Jon >>> >>>> -----Original Message----- >>>> From: mohamed.boucadair@orange.com >> [mailto:mohamed.boucadair@orange.com] >>>> Sent: 25 February 2022 07:24 >>>> To: Marco Tiloca; core@ietf.org WG (core@ietf.org) >>>> Subject: Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks >>>> >>>> Hi all, >>>> >>>> I support adoption. >>>> >>>> It would helpful to explicit in Section 2.1 that this is about 7959, not the >> new >>>> block (to-be-RFC9177). Assessing the case of the new-block would be useful >> as >>>> well. >>>> >>>> Thank you. >>>> >>>> Cheers, >>>> Med >>>> >>>>> -----Message d'origine----- >>>>> De : core <core-bounces@ietf.org> De la part de Marco Tiloca >>>>> Envoyé : jeudi 24 février 2022 17:21 >>>>> À : core@ietf.org WG (core@ietf.org) <core@ietf.org> >>>>> Objet : [core] WG Adoption Call for draft-mattsson-core-coap-attacks >>>>> >>>>> Dear all, >>>>> >>>>> This mail starts a 2 week Working Group Adoption Call for draft- >>>>> mattsson-core-coap-attacks [1]. >>>>> >>>>> Please, provide your feedback by Wednesday, March 10. >>>>> >>>>> Best, >>>>> Marco and Jaime >>>>> >>>>> [1] https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-mattsson-core-coap-attacks%2F&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3gOYdvrk2Vzwr8qaBE4F6TtZWIzt2Icwc39qw8AxIXg%3D&reserved=0 >>>>> >>>>> -- >>>>> Marco Tiloca >>>>> Ph.D., Senior Researcher >>>>> >>>>> Division: Digital System >>>>> Department: Computer Science >>>>> Unit: Cybersecurity >>>>> >>>>> RISE Research Institutes of Sweden >>>>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ri.se%2F&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ooZ8sdj2lmVZw16fHwTcBc7S975gUqJyT4b55WVmt4c%3D&reserved=0 >>>>> >>>>> Phone: +46 (0)70 60 46 501 >>>>> Isafjordsgatan 22 / Kistagången 16 >>>>> SE-164 40 Kista (Sweden) >>>> >>>> >> ___________________________________________________________________ >>>> ______________________________________________________ >>>> >>>> Ce message et ses pieces jointes peuvent contenir des informations >>>> confidentielles ou privilegiees et ne doivent donc >>>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce >>>> message par erreur, veuillez le signaler >>>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages >>>> electroniques etant susceptibles d'alteration, >>>> Orange decline toute responsabilite si ce message a ete altere, deforme ou >>>> falsifie. Merci. >>>> >>>> This message and its attachments may contain confidential or privileged >>>> information that may be protected by law; >>>> they should not be distributed, used or copied without authorisation. >>>> If you have received this email in error, please notify the sender and delete >> this >>>> message and its attachments. >>>> As emails may be altered, Orange is not liable for messages that have been >>>> modified, changed or falsified. >>>> Thank you. >>>> >>>> _______________________________________________ >>>> core mailing list >>>> core@ietf.org >>>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcore&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=HNmEKTfS3enlRp%2BpTiD1yQ5RnwEG4qKsiCRRFuY%2BmjU%3D&reserved=0 >>> _______________________________________________ >>> core mailing list >>> core@ietf.org >>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcore&data=04%7C01%7Cmarco.tiloca%40ri.se%7C0d9dfd71175c489b8e1008d9f89ded79%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637814180496387412%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=HNmEKTfS3enlRp%2BpTiD1yQ5RnwEG4qKsiCRRFuY%2BmjU%3D&reserved=0 > -- Marco Tiloca Ph.D., Senior Researcher Division: Digital Systems Department: Computer Science Unit: Cybersecurity RISE Research Institutes of Sweden https://www.ri.se Phone: +46 (0)70 60 46 501 Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden)
- [core] WG Adoption Call for draft-mattsson-core-c… Marco Tiloca
- Re: [core] WG Adoption Call for draft-mattsson-co… Henk Birkholz
- Re: [core] WG Adoption Call for draft-mattsson-co… mohamed.boucadair
- Re: [core] WG Adoption Call for draft-mattsson-co… supjps-ietf
- Re: [core] WG Adoption Call for draft-mattsson-co… Achim Kraus
- Re: [core] WG Adoption Call for draft-mattsson-co… supjps-ietf
- Re: [core] WG Adoption Call for draft-mattsson-co… Marco Tiloca