[core] discovery of Registrar by stateless Join-Proxy (was Re: Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14))
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 14 September 2022 16:53 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4FE5C14F730; Wed, 14 Sep 2022 09:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t6CS6iFPs_3G; Wed, 14 Sep 2022 09:53:23 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5DB6C14F72A; Wed, 14 Sep 2022 09:53:22 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [82.141.252.179]) by relay.sandelman.ca (Postfix) with ESMTPS id 5D3ED1F480; Wed, 14 Sep 2022 16:53:21 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 6C9331A0248; Wed, 14 Sep 2022 18:53:20 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, anima@ietf.org, draft-ietf-anima-constrained-join-prox@ietf.org
In-reply-to: <YyH8C73McJ/DHKRy@hephaistos.amsuess.com>
References: <91614672-0629-f10f-9bcc-ad922d4045be@ri.se> <483507C3-9E25-4450-99D4-6FE7FA56266E@tzi.org> <22189.1663100544@dooku> <YyH8C73McJ/DHKRy@hephaistos.amsuess.com>
Comments: In-reply-to Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com> message dated "Wed, 14 Sep 2022 18:06:35 +0200."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 14 Sep 2022 18:53:20 +0200
Message-ID: <25726.1663174400@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/84AY56_AmD_c_nU2YD96yK0Jo54>
Subject: [core] discovery of Registrar by stateless Join-Proxy (was Re: Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14))
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2022 16:53:24 -0000
Hi, I've added anima@ietf.org, and removed some of the direct CC's, because I know those people are on the MLs. I will also reply a few times with the intention of splitting up the discussion into better threads. Christian Amsüss <christian@amsuess.com> wrote: > There are some aspects about both rt= that make me concerned: > * <coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp > This indicates that there is a resource at the given URI that can be > interacted with in some way described by this resource type. But while > there may be also a resource there (in particular, the `/` resource of > the forward target), that's not what this line is making a statement > about. This line is making a statement about the transport endpoint > associated with the URI (which is a bit of a hack but does not disturb > the semantics of the remaining URI metadata ecosystem; at [1] I'm > developing terminology for that). I agree that it's awkward. > At the minimum, I think this should use a dedicated target attribute > rather than the rt=, as Resource Type semantics are (in all their I don't have a problem with changing rt= to something else completely. > * Only partially related, the whole coaps+jpy scheme (which looks to me > really more like a generic semi-unidirectional UDP tunnel than anything > CoAP related) might not need registration at all. It's not unidirectional! I'm not able to parse "semi-" here, but I suspect that is what you are trying to get at. > The relevant metadatum which is transported in this (AIU) is that for > some UDP port (eg. [2001:db8:0:abcd::52]:5684), there is an additional > UDP port (currently advertised as > `<coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp`) that has > equivalent destination semantics but does all the state-keeping and > unwrapping. Yes, that's totally correct. In practice, we can do whatever smells the least. Our goal is simply to have a pure-RD mechanism for networks that want CoAP and do not want GRASP or mDNS. > Given that this only works locally (if it were run > separately, that separte entity would need to keep state, whereas the I'm not sure what you mean, "only works locally" Do you mean it only works on the localhost, on the link-local, or in the local (autonomous) network? Yes, the Join Proxy probably has a ULA, and I expect the reply will be a ULA, but there is nothing in the protocol that constrains that. Yes, I use the GUA documentation prefix in the examples. (I actually started to write a draft in 6man creating a documentation prefix in ULA-R space) > local service can take shortcus and only keep state after DTLS got > established), might it not be a better option to just advertise that > the CoAPS port has a an additional way in, say, > `<coaps://[2001:db8:0:abcd::52]/>;jpy-port=7634` (abbreviated as > `</>;jpy-port=7634`)? We looked at ways which would allow us to insert the state information into the DTLS framing, like we can when CoAP is on the outside, but that couldn't be done in a way that didn't violate the crypto context of DTLS. > There is a downside compared to the current approach -- the > `?rt=brski*` does not offer all relevant information any more. > However, the registrar may still offer the `</>;jpy-port=7634` the line > even when it does not match the filters, given that query filtering is > generally optional, or offer it on any of the brski.* lines reported. Yes, that's true. The join-proxy is the thing looking for this resource, not the (pledge) end node. The pledge can tunnel a RD through the COAPS to get a list of things. > * In unrelated comments, I find it odd that the JP MUST implement both > and the registrar only SHOULD do stateless. I can well imagine a JP I think that we changed this.... at least, I want to. > I think that "JP may implement either, JR MUST support both" would be > better.. I did put that into my presentation for 114. It's possible we didn't implement that conclusion into the ID. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [core] CoRE WG Virtual Interim 2022-09-14 Marco Tiloca
- [core] Join-proxy information in the RD (Re: CoRE… Carsten Bormann
- Re: [core] Join-proxy information in the RD (Re: … Carsten Bormann
- Re: [core] Join-proxy information in the RD (Re: … Michael Richardson
- Re: [core] Join-proxy information in the RD (Re: … Christian Amsüss
- [core] discovery of Registrar by stateless Join-P… Michael Richardson
- Re: [core] discovery of Registrar by stateless Jo… Christian Amsüss
- [core] discovery of Join-Proxy/Registrar by pledg… Michael Richardson
- Re: [core] discovery of Registrar by stateless Jo… Michael Richardson
- Re: [core] Join-proxy information in the RD (Re: … Esko Dijk