[core] FW: New Version Notification for draft-mattsson-core-coap-attacks-01.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 27 July 2021 12:22 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0194F3A2483 for <core@ietfa.amsl.com>; Tue, 27 Jul 2021 05:22:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K8PBxBkKOjXL for <core@ietfa.amsl.com>; Tue, 27 Jul 2021 05:22:00 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140079.outbound.protection.outlook.com [40.107.14.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7628E3A2481 for <core@ietf.org>; Tue, 27 Jul 2021 05:22:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dgd2iy1MLMZsqqj+CzMPqqZRXstF5ZaX1UKG9b+v22ta6U9tCcBvg6epyN1X49AvtR8iTMFsIk92KNMX9AzqApd3be4G4oHnCqg7MWr7dep+Y7OHfokpbNT9p4rSAJsO2n0Y/CT4x+Sh/f0Ppw7T+5i89w4fj2gZK3qtkjHYi7aFuIZne5TFjQU1H+/1lPE6/sMbEPUHiu66HTAJfZdbM3eoYz/BlJIA8lV2eSFqOh3wUe0STQIsllFrscxoLmf4ORGoIZjpBw/deC/0sRJds4PWjW+4u1N9rcwC/9Grlk2zQiba06X6j4zvscPPkE3Wco4CdItPivy0gwpMeY1c2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gYFbCTlUx3+MpSphCISD0er3cxi/SsZcYLkIOQXFN4E=; b=DcTW/DYoQyjXdWNmQoEWb/MR4xk7o+hZUQsVm82dnMtlN8Dy4gw/s+7g71wbCeiNp/bRvc6nFHVaGjhs7KRUVU9qz8g+knZQ/KV6/xaVGcCvQUu4kJ7ywzWjI+hFudeGXdhbMFiGeZ6jHi3hHInacTX9TijGWcp/BiMzTt9l1jero+96aU+4QnhvQ3mhP0a+XR6VJ6k+IgIGuTuhMTNgVSWDTNrKb0PBs/MX1/S6IpdsFIxzzFnvTy9OMGhD9bQ3/f4utKOsDhW+Di8dTycsqVZF4ErvHA2hIoinp48bSa4J3VaZNcH1UHK/vlWSWPAGKO/CnkKUwhEPZ3z+mzgyCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gYFbCTlUx3+MpSphCISD0er3cxi/SsZcYLkIOQXFN4E=; b=FOqIEM2ggt0xnqzBHWuP8Wk3S+NJZdSnQPDWPi1ajArZ+o0/sAouSNbQ6JVKQ7by8teJPt8qYKdU3np95L4vlX3BiAp0I0qnIWjnbaxmiGt7ElOGk2oFZeu80F7HcgbiQBCjqw4LTQ+j6TG+6ihcWU6dWkm077cDRJnKsAVFtKU=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2940.eurprd07.prod.outlook.com (2603:10a6:3:4c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7; Tue, 27 Jul 2021 12:21:57 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::4999:ec50:d084:341b%5]) with mapi id 15.20.4373.018; Tue, 27 Jul 2021 12:21:57 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: New Version Notification for draft-mattsson-core-coap-attacks-01.txt
Thread-Index: AQHXguD62uN6MBVOcEuQQolQTbBzlqtWvKYy
Date: Tue, 27 Jul 2021 12:21:57 +0000
Message-ID: <HE1PR0701MB30501F88128EA96925703D8289E99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <162738806996.26500.12234093828276493269@ietfa.amsl.com>
In-Reply-To: <162738806996.26500.12234093828276493269@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 186bd5e5-2303-4173-9bac-08d950f920ce
x-ms-traffictypediagnostic: HE1PR0701MB2940:
x-microsoft-antispam-prvs: <HE1PR0701MB29404689D0165555ED79297B89E99@HE1PR0701MB2940.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: G5CxGcHESy8SzRw+Iyh0/zPwkCB+nvftlechcSBaa7vCw42tnZze0xe4AB4R4g2QWhbfYZm4ZxGh6rqxdKs7dr1aY0omE+mU4Etr8b59bSbHhfiPCdfDmuvCEHNZe+3AnU4MWYmlO3Sxy52CkLLN05tH+9eefBKb8/Xy/0pvBVNvyawab9PpGkNBISgL/55Xxv4t4Pr5n2vzZYKIt1bICN1CVivA6xW2QPzoJmfZaPgLoBhvwiUlOggk+98gjpkFql1MacUIyGisRn0BL0qagNggrp1SZclFi3Xo2L/OHfhz6LL1Ygd9jykFs4E3AZ8Hu7UI/15YdPbo31v0LmnzSIW0o2PdmoJ8ZUprlM/APetfLN6dfPznxwNok5XD2tZdYNTWGKdVEhzY87WUu9MkskjCbEIv4c0SAVMz4ETye+UM4c40hjDDNT/DDQRqLaszGexx5b5ZB4rRA8AlEYKo9A5MZXi7EWkCv7qgGtX1C2R1Wc1rS1IG0mCE5s2K1cZfOWGpQAGlVZnxYHnS4D/LbF1uN+UKw9IjXiKbRu+NvI4NtoDbEQUQMfakMVtkLfaPABUMkcsIywh7p1N1HmaiuOxufs38TvnXwNdOfwsQXK/Gux7snXrrExB/2rxOu3+DwnYdATtfx9/y78eURaVFW31SaTxDtUowAs4qpiNl3eUg0WI38p0DiuaktSaJiMpJx8FurNqsAgs9UTHZSnrrMSXKBu9cPRO5bB9NMFPmnhzL+xMnwGRAe7StPtP1BafNHG434PpAlOAIRFq3Yq/2tp7V1eg7JET2TuC9C8u5iLLqyAy5pmfAHMCyV4dsXi32
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(2906002)(66446008)(66476007)(76116006)(66556008)(64756008)(166002)(6916009)(66946007)(966005)(122000001)(15650500001)(83380400001)(38100700002)(71200400001)(316002)(5660300002)(52536014)(44832011)(26005)(55016002)(6506007)(186003)(66574015)(508600001)(86362001)(33656002)(9686003)(7696005)(8936002)(53546011)(8676002)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vJg30WCxv92tCCzT/MMb6jkFdcWxxXtkVmWC6DeZICFdgFysQ9x27HasSNR3gNj3lQ4qGnEmlexWL7LVT96HCaNv5sWdq1Q8G9xacljNikHMGf4FZC/T/jpaZzWVnjfIqeNcyM0CBHIuScG9CqdbI6RLtx2ZfxV17k/OCbh1p5vz6JVRcIxmLzZtS3An7VJ/3+YA/7ObV015JySEqhD4maOV3k2Y/cQWAsn6G7sfXW1MKCPcz9YsY0H+rf/lP5cYmFMB4h30L6nNOmONceostYwgYhpkfz8uqUOIutXAT+SMsqVueRUcgkjRyRYGVevg7Ry63F86HDxqVSjdYEXZaM0++WMSjGKUqJB4P1rCtjk+TcZMY5BG9hwjB1RJinWZJtR3FTLCBwZs4VVcpG1wQvVeen63LoxOgBFM/Y+PrdZ95ueVnDVzwGTzCWGncZiyqXMm2LqlwP/n4bmpG06h95Nfl6MXKkjrL0Uy5EJMB147VChBht4wcdAh5ts8MotmYc7iW9lhtZAsk/yIAZjjgl6SBr8uMhJeZ0NOKXWl0CmnD5sOKGZBP3ckig0hENq8oCktB32w+AkzVlaWvb1fTwNE1w5cOETQ3PHz/o6WKRB71uG7rQeSZHQnUvrMEltMLwEpr1eD4+mOCasfmiNu0kOGqGEgK4CGvF3wqJC6HZiUpXTxHiJtvmYA+kXIYDx6EupSTBf5jR5hqzdnm/J4MYbdBdMv2CUtRZepMFn0tnz1A4m1/OHPNbDaOhbX008I1MlxbSsGh7tN0qiXByAKx51JXSOr8N9YfEhuzozOqtb6DKeLyicVVyvRwpcWMnnrj+JhuDJM9F53KFuM7x7jRX7PMBwNFoOWZLCaGRVSJv2aKkSWnoh0v5MkhqL0dsdbch06ldj7vfPCeNveJeIKoXkj0yVVbwWFMVPocyEmrMntd/vTRG166cDqOXCLFL5q0PtHo0TErJRt6afIkVn/Cy9Y0MEgSLK2tWB/omsfEfUR1/r3xSdh8qcr/rOJNOa9im+7sOTNw9C277QqSFAVh6GYZTp7URdxP5mPZopLgxl7AIHM1rsTdYjgWNfaXY23eJNlkrFwdfkPHOiQhwWHlbIoL5F3SzDirOgCWrJu/7E3pQm5imqjl1iWJdyTep0Qe/VMsagkmM9CD4MhrmQgLuJmza8M60r2Og6slqo1e8HWQorRQq0yDvFy65K3KW1BzMuRV3P+/N18XhcZzxjk76US0x/2GSY/YQs804yxWhqUsi3dI3/NfitiGtG5nhkov8rfZi0HJKWXzQbOLHBxZjVwBbVND+WLwQgpehqa5OoWtHccIz8H+0Xx0th/OzKl2ZPGQ1nGCspYNko9h18XFw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30501F88128EA96925703D8289E99HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 186bd5e5-2303-4173-9bac-08d950f920ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 12:21:57.5476 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iqXXBNMy+FihEy86RRt+lFn/3RAPQtRSRkdRCXnnaWyETpBFxlqeOLCgS/2Bgi+zf3Ya36J/ohdiA8/kT8p9bx+i7rEFDv5CaJAx6dMsyh8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2940
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/AGYA6m2rkfqxOBA1SXRD9bs4kZs>
Subject: [core] FW: New Version Notification for draft-mattsson-core-coap-attacks-01.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 12:22:06 -0000
Hi, I tried to address all received comments on title, abstract, introduction, and amplification attacks. Comments on Section 2 will be addressed in a future version: https://github.com/EricssonResearch/coap-actuators/issues. Section 3 on amplification attacks has been substantially expanded. Cheers, John From: internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Tuesday, 27 July 2021 at 14:14 To: Christian Amsüss <c.amsuess@energyharvesting.at>, Göran Selander <goran.selander@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, Christian Amsuess <c.amsuess@energyharvesting.at>, Francesca Palombini <francesca.palombini@ericsson.com>, Göran Selander <goran.selander@ericsson.com>, John Fornehed <john.fornehed@ericsson.com>, John Mattsson <john.mattsson@ericsson.com> Subject: New Version Notification for draft-mattsson-core-coap-attacks-01.txt A new version of I-D, draft-mattsson-core-coap-attacks-01.txt has been successfully submitted by John Preuß Mattsson and posted to the IETF repository. Name: draft-mattsson-core-coap-attacks Revision: 01 Title: CoAP Attacks Document date: 2021-07-27 Group: Individual Submission Pages: 25 URL: https://www.ietf.org/archive/id/draft-mattsson-core-coap-attacks-01.txt Status: https://datatracker.ietf.org/doc/draft-mattsson-core-coap-attacks/ Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-core-coap-attacks Diff: https://www.ietf.org/rfcdiff?url2=draft-mattsson-core-coap-attacks-01 Abstract: Being able to securely read information from sensors, to securely control actuators, and to not enable distributed denial-of-service attacks are essential in a world of connected and networking things interacting with the physical world. This document summarizes a number of known attacks on CoAP and show that just using CoAP with a security protocol like DTLS, TLS, or OSCORE is not enough for secure operation. The document also summarizes different denial-of-service attacks using CoAP. The goal with this document is motivating generic and protocol-specific recommendations on the usage of CoAP. Several of the discussed attacks can be mitigated with the solutions in draft-ietf-core-echo-request-tag. The IETF Secretariat
- [core] FW: New Version Notification for draft-mat… John Mattsson