[core] FW: New Version Notification for draft-mattsson-core-coap-attacks-01.txt

John Mattsson <john.mattsson@ericsson.com> Tue, 27 July 2021 12:22 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0194F3A2483 for <core@ietfa.amsl.com>; Tue, 27 Jul 2021 05:22:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K8PBxBkKOjXL for <core@ietfa.amsl.com>; Tue, 27 Jul 2021 05:22:00 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140079.outbound.protection.outlook.com [40.107.14.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7628E3A2481 for <core@ietf.org>; Tue, 27 Jul 2021 05:22:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dgd2iy1MLMZsqqj+CzMPqqZRXstF5ZaX1UKG9b+v22ta6U9tCcBvg6epyN1X49AvtR8iTMFsIk92KNMX9AzqApd3be4G4oHnCqg7MWr7dep+Y7OHfokpbNT9p4rSAJsO2n0Y/CT4x+Sh/f0Ppw7T+5i89w4fj2gZK3qtkjHYi7aFuIZne5TFjQU1H+/1lPE6/sMbEPUHiu66HTAJfZdbM3eoYz/BlJIA8lV2eSFqOh3wUe0STQIsllFrscxoLmf4ORGoIZjpBw/deC/0sRJds4PWjW+4u1N9rcwC/9Grlk2zQiba06X6j4zvscPPkE3Wco4CdItPivy0gwpMeY1c2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gYFbCTlUx3+MpSphCISD0er3cxi/SsZcYLkIOQXFN4E=; b=DcTW/DYoQyjXdWNmQoEWb/MR4xk7o+hZUQsVm82dnMtlN8Dy4gw/s+7g71wbCeiNp/bRvc6nFHVaGjhs7KRUVU9qz8g+knZQ/KV6/xaVGcCvQUu4kJ7ywzWjI+hFudeGXdhbMFiGeZ6jHi3hHInacTX9TijGWcp/BiMzTt9l1jero+96aU+4QnhvQ3mhP0a+XR6VJ6k+IgIGuTuhMTNgVSWDTNrKb0PBs/MX1/S6IpdsFIxzzFnvTy9OMGhD9bQ3/f4utKOsDhW+Di8dTycsqVZF4ErvHA2hIoinp48bSa4J3VaZNcH1UHK/vlWSWPAGKO/CnkKUwhEPZ3z+mzgyCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gYFbCTlUx3+MpSphCISD0er3cxi/SsZcYLkIOQXFN4E=; b=FOqIEM2ggt0xnqzBHWuP8Wk3S+NJZdSnQPDWPi1ajArZ+o0/sAouSNbQ6JVKQ7by8teJPt8qYKdU3np95L4vlX3BiAp0I0qnIWjnbaxmiGt7ElOGk2oFZeu80F7HcgbiQBCjqw4LTQ+j6TG+6ihcWU6dWkm077cDRJnKsAVFtKU=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2940.eurprd07.prod.outlook.com (2603:10a6:3:4c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7; Tue, 27 Jul 2021 12:21:57 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b%5]) with mapi id 15.20.4373.018; Tue, 27 Jul 2021 12:21:57 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: New Version Notification for draft-mattsson-core-coap-attacks-01.txt
Thread-Index: AQHXguD62uN6MBVOcEuQQolQTbBzlqtWvKYy
Date: Tue, 27 Jul 2021 12:21:57 +0000
Message-ID: <HE1PR0701MB30501F88128EA96925703D8289E99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <162738806996.26500.12234093828276493269@ietfa.amsl.com>
In-Reply-To: <162738806996.26500.12234093828276493269@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 186bd5e5-2303-4173-9bac-08d950f920ce
x-ms-traffictypediagnostic: HE1PR0701MB2940:
x-microsoft-antispam-prvs: <HE1PR0701MB29404689D0165555ED79297B89E99@HE1PR0701MB2940.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: G5CxGcHESy8SzRw+Iyh0/zPwkCB+nvftlechcSBaa7vCw42tnZze0xe4AB4R4g2QWhbfYZm4ZxGh6rqxdKs7dr1aY0omE+mU4Etr8b59bSbHhfiPCdfDmuvCEHNZe+3AnU4MWYmlO3Sxy52CkLLN05tH+9eefBKb8/Xy/0pvBVNvyawab9PpGkNBISgL/55Xxv4t4Pr5n2vzZYKIt1bICN1CVivA6xW2QPzoJmfZaPgLoBhvwiUlOggk+98gjpkFql1MacUIyGisRn0BL0qagNggrp1SZclFi3Xo2L/OHfhz6LL1Ygd9jykFs4E3AZ8Hu7UI/15YdPbo31v0LmnzSIW0o2PdmoJ8ZUprlM/APetfLN6dfPznxwNok5XD2tZdYNTWGKdVEhzY87WUu9MkskjCbEIv4c0SAVMz4ETye+UM4c40hjDDNT/DDQRqLaszGexx5b5ZB4rRA8AlEYKo9A5MZXi7EWkCv7qgGtX1C2R1Wc1rS1IG0mCE5s2K1cZfOWGpQAGlVZnxYHnS4D/LbF1uN+UKw9IjXiKbRu+NvI4NtoDbEQUQMfakMVtkLfaPABUMkcsIywh7p1N1HmaiuOxufs38TvnXwNdOfwsQXK/Gux7snXrrExB/2rxOu3+DwnYdATtfx9/y78eURaVFW31SaTxDtUowAs4qpiNl3eUg0WI38p0DiuaktSaJiMpJx8FurNqsAgs9UTHZSnrrMSXKBu9cPRO5bB9NMFPmnhzL+xMnwGRAe7StPtP1BafNHG434PpAlOAIRFq3Yq/2tp7V1eg7JET2TuC9C8u5iLLqyAy5pmfAHMCyV4dsXi32
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(2906002)(66446008)(66476007)(76116006)(66556008)(64756008)(166002)(6916009)(66946007)(966005)(122000001)(15650500001)(83380400001)(38100700002)(71200400001)(316002)(5660300002)(52536014)(44832011)(26005)(55016002)(6506007)(186003)(66574015)(508600001)(86362001)(33656002)(9686003)(7696005)(8936002)(53546011)(8676002)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?vJg30WCxv92tCCzT/MMb6jkFdcWxxXtkVmWC6DeZICFdgFysQ9x27HasSN?= =?iso-8859-1?Q?R3gNj3lQ4qGnEmlexWL7LVT96HCaNv5sWdq1Q8G9xacljNikHMGf4FZC/T?= =?iso-8859-1?Q?/jpaZzWVnjfIqeNcyM0CBHIuScG9CqdbI6RLtx2ZfxV17k/OCbh1p5vz6J?= =?iso-8859-1?Q?VRcIxmLzZtS3An7VJ/3+YA/7ObV015JySEqhD4maOV3k2Y/cQWAsn6G7sf?= =?iso-8859-1?Q?XW1MKCPcz9YsY0H+rf/lP5cYmFMB4h30L6nNOmONceostYwgYhpkfz8uqU?= =?iso-8859-1?Q?OIutXAT+SMsqVueRUcgkjRyRYGVevg7Ry63F86HDxqVSjdYEXZaM0++WMS?= =?iso-8859-1?Q?jGKUqJB4P1rCtjk+TcZMY5BG9hwjB1RJinWZJtR3FTLCBwZs4VVcpG1wQv?= =?iso-8859-1?Q?Veen63LoxOgBFM/Y+PrdZ95ueVnDVzwGTzCWGncZiyqXMm2LqlwP/n4bmp?= =?iso-8859-1?Q?G06h95Nfl6MXKkjrL0Uy5EJMB147VChBht4wcdAh5ts8MotmYc7iW9lhtZ?= =?iso-8859-1?Q?Ask/yIAZjjgl6SBr8uMhJeZ0NOKXWl0CmnD5sOKGZBP3ckig0hENq8oCkt?= =?iso-8859-1?Q?B32w+AkzVlaWvb1fTwNE1w5cOETQ3PHz/o6WKRB71uG7rQeSZHQnUvrMEl?= =?iso-8859-1?Q?tMLwEpr1eD4+mOCasfmiNu0kOGqGEgK4CGvF3wqJC6HZiUpXTxHiJtvmYA?= =?iso-8859-1?Q?+kXIYDx6EupSTBf5jR5hqzdnm/J4MYbdBdMv2CUtRZepMFn0tnz1A4m1/O?= =?iso-8859-1?Q?HPNbDaOhbX008I1MlxbSsGh7tN0qiXByAKx51JXSOr8N9YfEhuzozOqtb6?= =?iso-8859-1?Q?DKeLyicVVyvRwpcWMnnrj+JhuDJM9F53KFuM7x7jRX7PMBwNFoOWZLCaGR?= =?iso-8859-1?Q?VSJv2aKkSWnoh0v5MkhqL0dsdbch06ldj7vfPCeNveJeIKoXkj0yVVbwWF?= =?iso-8859-1?Q?MVPocyEmrMntd/vTRG166cDqOXCLFL5q0PtHo0TErJRt6afIkVn/Cy9Y0M?= =?iso-8859-1?Q?EgSLK2tWB/omsfEfUR1/r3xSdh8qcr/rOJNOa9im+7sOTNw9C277QqSFAV?= =?iso-8859-1?Q?h6GYZTp7URdxP5mPZopLgxl7AIHM1rsTdYjgWNfaXY23eJNlkrFwdfkPHO?= =?iso-8859-1?Q?iQhwWHlbIoL5F3SzDirOgCWrJu/7E3pQm5imqjl1iWJdyTep0Qe/VMsagk?= =?iso-8859-1?Q?mM9CD4MhrmQgLuJmza8M60r2Og6slqo1e8HWQorRQq0yDvFy65K3KW1BzM?= =?iso-8859-1?Q?uRV3P+/N18XhcZzxjk76US0x/2GSY/YQs804yxWhqUsi3dI3/NfitiGtG5?= =?iso-8859-1?Q?nhkov8rfZi0HJKWXzQbOLHBxZjVwBbVND+WLwQgpehqa5OoWtHccIz8H+0?= =?iso-8859-1?Q?Xx0th/OzKl2ZPGQ1nGCspYNko9h18XFw=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30501F88128EA96925703D8289E99HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 186bd5e5-2303-4173-9bac-08d950f920ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 12:21:57.5476 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iqXXBNMy+FihEy86RRt+lFn/3RAPQtRSRkdRCXnnaWyETpBFxlqeOLCgS/2Bgi+zf3Ya36J/ohdiA8/kT8p9bx+i7rEFDv5CaJAx6dMsyh8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2940
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/AGYA6m2rkfqxOBA1SXRD9bs4kZs>
Subject: [core] FW: New Version Notification for draft-mattsson-core-coap-attacks-01.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 12:22:06 -0000

Hi,

I tried to address all received comments on title, abstract, introduction, and amplification attacks.

Comments on Section 2 will be addressed in a future version:
https://github.com/EricssonResearch/coap-actuators/issues.

Section 3 on amplification attacks has been substantially expanded.

Cheers,
John

From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Tuesday, 27 July 2021 at 14:14
To: Christian Amsüss <c.amsuess@energyharvesting.at>at>, Göran Selander <goran.selander@ericsson.com>om>, John Mattsson <john.mattsson@ericsson.com>om>, Christian Amsuess <c.amsuess@energyharvesting.at>at>, Francesca Palombini <francesca.palombini@ericsson.com>om>, Göran Selander <goran.selander@ericsson.com>om>, John Fornehed <john.fornehed@ericsson.com>om>, John Mattsson <john.mattsson@ericsson.com>
Subject: New Version Notification for draft-mattsson-core-coap-attacks-01.txt

A new version of I-D, draft-mattsson-core-coap-attacks-01.txt
has been successfully submitted by John Preuß Mattsson and posted to the
IETF repository.

Name:           draft-mattsson-core-coap-attacks
Revision:       01
Title:          CoAP Attacks
Document date:  2021-07-27
Group:          Individual Submission
Pages:          25
URL:            https://www.ietf.org/archive/id/draft-mattsson-core-coap-attacks-01.txt
Status:         https://datatracker.ietf.org/doc/draft-mattsson-core-coap-attacks/
Htmlized:       https://datatracker.ietf.org/doc/html/draft-mattsson-core-coap-attacks
Diff:           https://www.ietf.org/rfcdiff?url2=draft-mattsson-core-coap-attacks-01

Abstract:
   Being able to securely read information from sensors, to securely
   control actuators, and to not enable distributed denial-of-service
   attacks are essential in a world of connected and networking things
   interacting with the physical world.  This document summarizes a
   number of known attacks on CoAP and show that just using CoAP with a
   security protocol like DTLS, TLS, or OSCORE is not enough for secure
   operation.  The document also summarizes different denial-of-service
   attacks using CoAP.  The goal with this document is motivating
   generic and protocol-specific recommendations on the usage of CoAP.
   Several of the discussed attacks can be mitigated with the solutions
   in draft-ietf-core-echo-request-tag.




The IETF Secretariat