IETF Logo Mail Archive

Re: [core] Core Link Format

Esko Dijk <esko.dijk@iotconsultancy.nl> Wed, 13 November 2019 11:15 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D20812003F for <core@ietfa.amsl.com>; Wed, 13 Nov 2019 03:15:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fwQt8tO37pp for <core@ietfa.amsl.com>; Wed, 13 Nov 2019 03:15:35 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80125.outbound.protection.outlook.com [40.107.8.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4F81120013 for <core@ietf.org>; Wed, 13 Nov 2019 03:15:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oV2/uLWspH8PiQLeX1RQ5T5xoAEtFf0cbZLovjqIlp4tqX2J0lpx3h6UZS0JHAHVosghc8Ab++FrjROo3va6RzxBPDIFel9dxrqxaz64LXLIxGXAEJPNgoKHETzW2QPk/FEavdeYdA0MAR6cDnofXVzi+jCyeysxxF8F79J9iuNQPIBg4dEz4mwoL1XhC09cpwOfIsye4ALrldYn4z86tU/f6zMvNd/XBK87iE7qw4SjR8woKCO7cXVTTiem6EnIS3zRexU3MFRsi6JZOFZKltCuj+Awfq9gpjIDQ18oUjEJVdas0cu94iX3H5i309DACD2ibNMxieHYiHLJYFuBRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FoUilDBjMmDZRaP5gWYaX/fmlSOY0u5P2odRGkqolXc=; b=SVfGWk5gh2WxmSvHf8Yx5E1mqFfKhY2fRSn+w9VOvDRfHK0nxxsxJfwnZx9vyH0dKG9WnFjFIrT+7ASFneeNWsu5/vVrk0BIFVgxxhihoz4afa5pkO7EhSsZZNLG62rMau1yYwizojqPa+QHkpdM/ukOg2YxDBwInCm3kHh22MhxtcfSKdd+6C3gCwd+dT91DGHJ5GUKAY55Fq9JHeephrUEmiUHWEpKEKeoUwurDnW4TpgAeKCKyKRrBdloHU4GkdWXH+ElKOEzAzd9eTXGJipc5BKhDkBND6kDqlIcVkNmNWhhNFGLA8q8ABkRgg99A6wvamHyUkghMPu95C5VYg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector2-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FoUilDBjMmDZRaP5gWYaX/fmlSOY0u5P2odRGkqolXc=; b=vRtOFlclBIa2ZU+ywtq01SzYYWsqJkfV5rFlBG2Ui6dadLTTUCruZP0k12O3Qk7RoPXa8cHhI7HYzmKYFOo6KLyWzzIbpU+zeS5ujg5jfEXmmRQVTeEwB1egr6AJAOO8l7Uz5HOZjNwygBKMN1sFtl2vviz96ImNEwPkR+Lmcew=
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM (10.161.62.28) by AM5P190MB0513.EURP190.PROD.OUTLOOK.COM (10.161.65.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Wed, 13 Nov 2019 11:15:32 +0000
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::e1e4:81bb:b85f:d9e4]) by AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::e1e4:81bb:b85f:d9e4%5]) with mapi id 15.20.2430.028; Wed, 13 Nov 2019 11:15:31 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Klaus Hartke <hartke@projectcool.de>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "core@ietf.org WG" <core@ietf.org>
Thread-Topic: [core] Core Link Format
Thread-Index: AdWVUFw8kCY58VE7Q2aWBf8x/cGrdgDVT+uAAFjDmbA=
Date: Wed, 13 Nov 2019 11:15:31 +0000
Message-ID: <AM5P190MB027576C2C78E9D1195095538FD760@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
References: <VI1PR08MB53608C867775D1F1F7051368FA780@VI1PR08MB5360.eurprd08.prod.outlook.com> <CAAzbHvbEDMTxtbnUK7xvLytpFJszYmHoDvEojzcrkJyD4KE1mA@mail.gmail.com>
In-Reply-To: <CAAzbHvbEDMTxtbnUK7xvLytpFJszYmHoDvEojzcrkJyD4KE1mA@mail.gmail.com>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl;
x-originating-ip: [85.147.165.150]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e02fbfea-53cb-4646-1d7f-08d7682acc34
x-ms-traffictypediagnostic: AM5P190MB0513:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <AM5P190MB051300E92D193962C3797E84FD760@AM5P190MB0513.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:1265;
x-forefront-prvs: 0220D4B98D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(366004)(39830400003)(396003)(376002)(346002)(136003)(199004)(189003)(13464003)(316002)(52536014)(11346002)(7696005)(33656002)(6306002)(446003)(55016002)(110136005)(76176011)(6436002)(66066001)(229853002)(186003)(102836004)(256004)(8936002)(14444005)(6506007)(53546011)(8676002)(4326008)(26005)(81156014)(81166006)(5660300002)(99286004)(476003)(44832011)(508600001)(76116006)(966005)(14454004)(3846002)(6116002)(66946007)(64756008)(66476007)(66446008)(66556008)(486006)(86362001)(25786009)(6246003)(7736002)(9686003)(305945005)(71190400001)(71200400001)(74316002)(2906002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5P190MB0513; H:AM5P190MB0275.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HemMIQObi8V+sTcoEKUhfpMRedOLLfP4rcBjXIAxDRDqqSBuT/7NcOZwsQLhaJT8b/M/Bc0vIYt6qz4S5xf14kVmoiqwq4Witodlq/Mw/xoG9si5UDMDC3fu6e+XAtFQl68dXE1WsxCOTMYTQM+UVbedR4EUaqPOgOUpnACO8MVFsgqjdNfYsN4pqd2Oqqz5fsAnNKBbG29pyIwGJZlz+qR40kokG/j8TPr8o0MxzLkeYKlxAZFzUWSZWgdg0Vd8dEHybNr1EmLS6sq/polJmw/DbZDRBPm6gA6Z2Ns9fxwTMsJAslnC9dSbPbOKPgA7cR2oUAQfuM0PHjsYWc75Js+/K4aoNpuVDBveZPr4e5uZdhaqCVqMILyChmDMnZ4YYelXxI35h+/v6OY8hDp+uKlS3p2h5JHUMs1NKkOwh6rQ1Oh+LXWk9tlqFiFGGU/agRGnayWUKU4ygh9x0jDoPZTL8ZgrR5ETQQ6QF+U1RR0=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: e02fbfea-53cb-4646-1d7f-08d7682acc34
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2019 11:15:31.8288 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NkkliDevxmzD81SmaPfrElB5ZKKFA9DEeIGnE/LMARZcpcZpC6THSdr4Ct+ynvnSRkPP/7uIYvClFdS1Ix5R2okHQA9j6uyV5Wh8ipyAHXg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0513
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/8GhixvtJR8CGArLp_QSvYRK5iH4>
Subject: Re: [core] Core Link Format
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 11:15:37 -0000

Another item Klaus' list: the issue when doing unsecured (coap://) discovery where the Link Format should point to available secured (coaps://) resources, which is a very common case.
(Though for LWM2M specifically this problem does not exist, as there is no unsecured discovery I believe.)

Example: request to coap:// port 5683 would ideally look like this
  REQ: GET /.well-known/core
  RES: 2.05 Content
   </s/te>;rt="temperature-c",
   </s/li>;rt="light-lux"

But unfortunately the resources are typically hosted not on the same endpoint but on a secure coaps:// server of the same node. So the response cannot use the above "hosts" relation type because RFC 6690 states "The target URI MUST be a relative URI of the context URI" in case the implicit "hosts" relation like above is used. So that excludes cases where the Context URI is coap:// and the Target URIs (resources) are on coaps:// . 

Rather the example could now look like this in practice:
  REQ: GET /.well-known/core
  RES: 2.05 Content
   <coaps://[2001:db8:85a3::8a2e:0370:7334]/s/te>;rel="hosts";rt="temperature-c",
   <coaps://[2001:db8:85a3::8a2e:0370:7334]/s/li>;rel="hosts";rt="light-lux"

The size of the payload is now tripled due a lot of unneeded or verbose information (IPv6 addresses; "hosts" relation type, scheme). Overall, inefficient.
This is based on my understanding of the specs - anyone please feel free to clarify if I am wrong here.

Best regards
Esko

-----Original Message-----
From: core <core-bounces@ietf.org> On Behalf Of Klaus Hartke
Sent: Monday, November 11, 2019 16:35
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: core@ietf.org WG <core@ietf.org>
Subject: Re: [core] Core Link Format

Hi Hannes,

> In previous discussions it was pointed out that Core Link Format has a couple of deficiencies, which motivated the work on Coral.
> I was wondering whether there is a write-up available about those problems.

I don't have a comprehensive write-up, but a few items from the top of my head below.

The limitations of Link Format most frequently show up in CoRE WG meetings where draft authors present exciting new ways to use Link Format for things it was never intended for. Link Format comes with a bunch of weirdnesses and complexities, which makes it difficult to make it accommodate new use cases. CoRAL is more motivated by the need for more expressiveness than the weirdnesses of Link Format. But those weirdnesses exist, to the point, for instance, that draft-ietf-core-resource-directory defines its own Link Format [1]. If you'd like to avoid these weirdnesses and gain more expressiveness (in particular for future evolution), then I think CoRAL would be really interesting for LwM2M.

Some issues:

* The rules for the context of a link ("...origin of the target
URI...") [2] are a constant source of unawareness/confusion and mis-implementation.

* The "hosts" link relation type [3] has really, really weird semantics (a featureless relation between a host and a resource, where determining the host relies on the weird rules for the link context).

* Despite the appearance of simplicity, parsing Link Format is often more difficult than anticipated by implementers. For example, I've seen implementations that just split the input by ';' and assume that each resulting substring must be one link, regardless of where the ';'
occurs. And don't get me started on link attributes with internationalized string values ;-) title*=UTF-8'de'n%c3%a4chstes%20Kapitel

* Processing URI references correctly is also really hard to get right. On constrained devices, implementations often don't want to pay the price for a full URI parser and just do some simple string manipulation instead. For example, I've seen implementations that completely disregard the existence of percent encoding and dot segments. URI parsers are also a constant source of fun^H^H^Hsecurity issues [4].

* Link relation types must be registered in the IANA Link Relation Types registry [5]. However, of those registered so far, few are actually useful in the context of IoT - and we probably won't get far flooding the registry with IoT-specific vocabulary. Of course, there are extension link relation types [6], but these are not exactly compact on the wire.

* Link target attributes don't even have an IANA registry.

* Link target attributes provide information only about link targets.
However, it is often very useful to be able to provide also information about the represented resource at the same time.

* Link Format only has links that describe how a resource is related to another resource. However, it is often very useful to be able to describe also what you can do with a resource, what parameters are required, etc., when you're extending an API over time.

Best regards,
Klaus

[1] https://tools.ietf.org/html/draft-ietf-core-resource-directory-23#appendix-C
[2] https://tools.ietf.org/html/rfc6690#section-2.1
[3] https://tools.ietf.org/html/rfc6690#section-2.2
[4] https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
[5] https://www.iana.org/assignments/link-relations/link-relations.xhtml
[6] https://tools.ietf.org/html/rfc8288#section-3.3

_______________________________________________
core mailing list
core@ietf.org
https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email