IETF Logo Mail Archive

Re: [core] Endpoint Client Name / Endpoint Name in RD draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 25 April 2018 02:17 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D182C1241F3 for <core@ietfa.amsl.com>; Tue, 24 Apr 2018 19:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pqn_XUaRynhe for <core@ietfa.amsl.com>; Tue, 24 Apr 2018 19:17:15 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00060.outbound.protection.outlook.com [40.107.0.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21C1D120725 for <core@ietf.org>; Tue, 24 Apr 2018 19:17:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WUndv2Dt45bbLy6feOcWeFrnll+mckuENbQp7ME2hsU=; b=ZGg4cX6/isTtlmUnF1Y8nC+Gyv/NaIJFiQI5L6J8LTnNutECkzPdbvsqAX3F3GfnYDCiZg/WTLEclA+trEdAFLqvDljRHTMzBpuVHgesDinvI0TIqc2pI1MefvnA8S1uerHa6Juj8NJfbWlNTigIPn63P56KIzZhurvxqY83gv8=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1392.eurprd08.prod.outlook.com (10.167.198.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Wed, 25 Apr 2018 02:17:10 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644%17]) with mapi id 15.20.0696.017; Wed, 25 Apr 2018 02:17:10 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>
CC: Jaime Jiménez <jaime.jimenez@ericsson.com>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Endpoint Client Name / Endpoint Name in RD draft
Thread-Index: AdPMGk8Ajq5nOeuWRv+BrgbskCDzwf//7S4A//+qDBCAALM9gP//8agggADTwQD//7rfYADWabOA/+pTH0D/0qjNgP+lQLCA/0pB5wD+k7uScA==
Date: Wed, 25 Apr 2018 02:17:10 +0000
Message-ID: <VI1PR0801MB21122BA29887CAD4A885B111FA8F0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112B52094B182F5D44C4F64FAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <A484D917-677C-4B29-BBAD-DDDE34B50303@ericsson.com> <VI1PR0801MB21128EA2B70DEEE7C5775A62FAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <070801d3cc3f$8d59e0c0$a80da240$@augustcellars.com>, <VI1PR0801MB2112FB25797DCB8F546C148DFAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <7BA9B091-F489-4ED4-B6EC-5AD7D971D6F7@ericsson.com> <VI1PR0801MB2112A692CB307D213A89DFC8FABB0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ca2b6038e911d93e15e57763836a1d09@xs4all.nl> <VI1PR0801MB21126DE7C4287563D1598E86FA890@VI1PR0801MB2112.eurprd08.prod.outlook.com> <c13edc71f916954978b3468d9f5de9c5@xs4all.nl> <VI1PR0801MB2112642D9A946BD12625E80AFA880@VI1PR0801MB2112.eurprd08.prod.outlook.com> <65097d58ae30b8823b206001fffc8d91@xs4all.nl>
In-Reply-To: <65097d58ae30b8823b206001fffc8d91@xs4all.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [103.40.135.61]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1392; 7:hzlNAJT4YBJ41M/KTB5X9XeL0cNVtjX+ruRjktIC2rzHVdrpMeK+/GaXKTxQYe6heda4Yy1wFDuLJAPaimUstDqAB45nzQhEnhix4Yq0+Ee6Vz5e8x7+bGJkndgTBgenpy7VhPDxwIHbPJlVce14+HnF2sDb/jBmZxOmgt2PmrgiHHoORJ1ch5Yw5km8rly9WTIrtQycEqoLbyYa5pIIr2r/b2+fA3vqVgUM5JzTp6rUOOWDGc5CAS9VUEgYw/yj
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1392;
x-ms-traffictypediagnostic: VI1PR0801MB1392:
x-microsoft-antispam-prvs: <VI1PR0801MB13925DE034021A6AE2616ABBFA8F0@VI1PR0801MB1392.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(176510541525296);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231232)(944501410)(52105095)(10201501046)(3002001)(6055026)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:VI1PR0801MB1392; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1392;
x-forefront-prvs: 06530126A4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(366004)(39380400002)(346002)(376002)(189003)(377424004)(40434004)(51914003)(199004)(13464003)(229853002)(76176011)(3660700001)(8676002)(4326008)(7696005)(486006)(59450400001)(55016002)(305945005)(81166006)(6506007)(8936002)(476003)(86362001)(106356001)(53546011)(25786009)(11346002)(66066001)(446003)(74316002)(6246003)(1730700003)(81156014)(6916009)(7736002)(5890100001)(3280700002)(105586002)(316002)(97736004)(2501003)(5250100002)(99286004)(5660300001)(14454004)(2351001)(26005)(186003)(5640700003)(68736007)(3846002)(33656002)(478600001)(6116002)(2900100001)(72206003)(93886005)(2906002)(9686003)(6436002)(54906003)(53936002)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1392; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: wxhquWF6TQvXM+8pp7w5itSdMVqbvPp1maBUjpLKsHODzpcczEnLGajrH6Vfo3EljiPSige0/8/K+vy2bxgifk4MIJ+eVHTboni5InTbBjl8+72csLS+qU+6TYU1tvWa7OE7lPmYdTsxoAGA+7gflb/e+re6fOlue9rq774tNV5SwdmIp956pc74NiQRO5C7
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 83f4d458-b9b0-430e-6045-08d5aa52a6e9
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 83f4d458-b9b0-430e-6045-08d5aa52a6e9
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2018 02:17:10.6052 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1392
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/7whL5XASE-CXMBZxx36zL2Ow648>
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2018 02:17:18 -0000

Hi Peter,

thanks for the example.
I think a more simple and as unnerving example is the following.
Assume the RD has no registrations yet.
Device A registers multiple times with different ep and d values covering a large spectrum of the ep, d value space.
No other device will be able to register any more; all ep and d values are taken.

Same problem, correct?

[Hannes] Yes.

Suppose A registers without ep and d values Suppose the RD returns an encrypted identifier.
The encrypted identifier remains private to A.
Somewhere there should be a lookup identifier, for example an IP address, to be filled into the registration by A.
lookup identifier is needed because for example B wants to discover registrations with given attributes, B needs the identifier to send requests to the associated discovered device.

And still A can create many registrations with as many possible IP addresses.

[Hannes] RD does not provide such encrypted identifier and hence the example is not valid.


Do you agree, with the examples? Do you have a remedy?
I need to think a bit about it.

[Hannes] The problem goes away when we use the authenticated identifier used by the security protocol.

Ciao
Hannes


Peter


>
> Ciao
> Hannes
>
>
> -----Original Message-----
> From: peter van der Stok [mailto:stokcons@xs4all.nl]
> Sent: 24 April 2018 16:28
> To: Hannes Tschofenig
> Cc: consultancy@vanderstok.org; Jaime Jiménez; core@ietf.org
> Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
>
>
>
> Hannes Tschofenig schreef op 2018-04-23 05:08:
>> Hi Peter,
>>
>> The mailing list discussion reconfirms my worry that people will get
>> this wrong and will introduce security vulnerabilities.
>
> Well, I'm one of those getting it wrong, because I did not understand
> the worry.
>
>>
>> I am saying that the security protocol used to protect the
>> communication will have an authenticated identifier and this
>> identifier then has to be used for identification of the IoT device.
>> This identifier will then also be used for lookups .
>
> This I understand. If I do clearly follow, guidelines must be produced
> about the use of authorized RD accesses.
> Assume authorized access to the RD, using oauth-authz.
> I do surmise that the registration may then return an signed
> identifier instead the path name of the registration.
> The signed identifier can be used for updates.
> The payload will be encrypted, and thus the actual use of ep, and d
> can be maintained as specified in the lookup, but are hidden to
> others.
>
> Is that a correct extrapolated suggestion of your comments? probably
> there is a caveat I don't see.
>
>>
>> I am furthermore arguing that the multiple IoT device cannot share
>> the same identifier.
>
> sorry, what is a multiple IoT device? one with multiple registrations
> in the RD, or one with multiple links? or....
>
> I agree with Jim that for third party registrations
>> we cannot completely get rid of the endpoint client name/endpoint
>> name functionality but for the third party registration you are most
>> likely using a different approach anyway. I am not sure anyone using
>> the RD specification for commissioning tool functionality today since
>> the main purpose of the RD document is for something entirely different.
>
> I do not agree with your conclusion. The use of RD is still being
> discussed as far as I know, and each SDO seems to have its own
> approach and use cases. The use of a CT is completely within scope to
> my knowledge.
>
>
> Thanks hannes for your comments.
> Looking forward to getting things more precise and understandable for
> me.
>
> Peter
>
>>
>> Ciao
>> Hannes
>>
>> -----Original Message-----
>> From: peter van der Stok [mailto:stokcons@xs4all.nl]
>> Sent: 09 April 2018 15:04
>> To: Hannes Tschofenig
>> Cc: Jaime Jiménez; core@ietf.org
>> Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
>>
>>>
>>> I am curious what we lose if we remove this identifier altogether.
>>> The only thing that comes to my mind is a debugging capability where
>>> you might want to test your system without any security protocol.
>> Hi Hannes,
>>
>> Probably, I completely misunderstand your suggestion.
>> Registrations in the RD need identification so that they can be
>> changed, removed , updated, etc...
>> Registrations are identified by the (ep, d) pair, unique within a
>> given RD.
>> Removing ep identifier will force you to find another identifier for
>> a registration.........
>> and you are back to square 1 it seems.
>>
>>
>> Peter
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose
>> the contents to any other person, use it for any purpose, or store or
>> copy the information in any medium. Thank you.
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose
> the contents to any other person, use it for any purpose, or store or
> copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email