IETF Logo Mail Archive

Re: [core] [Technical Errata Reported] RFC7252 (5284)

Göran Selander <goran.selander@ericsson.com> Wed, 14 March 2018 16:23 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1921127369 for <core@ietfa.amsl.com>; Wed, 14 Mar 2018 09:23:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.421
X-Spam-Level:
X-Spam-Status: No, score=-2.421 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aw4P5qDMqJSZ for <core@ietfa.amsl.com>; Wed, 14 Mar 2018 09:23:16 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FEB51252BA for <core@ietf.org>; Wed, 14 Mar 2018 09:23:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1521044594; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=r7oZ7o1zuAS4LkoLsxnZxbs+3GAfhKPw18YBlYNrgd4=; b=UsvRLmhapGrLPo+nBo9dk0AcO8m8Sq0DX7bWjBy5K5jOuWuEwu21uKWg2CRmjSQA IzcKdB+b2crNnZHwwx/XUSSrI5SYk1jyWEZg6yqeZYrotPdotob5MC1yyEKFDAM4 fpb2YAYYshlWLhGTCU2OlpZWTRnWVFl1e7Bq0bakPMk=;
X-AuditID: c1b4fb2d-499ff70000005540-9a-5aa94c7213fa
Received: from ESESSHC021.ericsson.se (Unknown_Domain [153.88.183.81]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 76.A8.21824.27C49AA5; Wed, 14 Mar 2018 17:23:14 +0100 (CET)
Received: from ESESSMB107.ericsson.se ([169.254.7.151]) by ESESSHC021.ericsson.se ([153.88.183.81]) with mapi id 14.03.0382.000; Wed, 14 Mar 2018 17:23:13 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Kraus Achim (INST/ECS4)" <Achim.Kraus@bosch-si.com>, RFC Errata System <rfc-editor@rfc-editor.org>, "zach.shelby@arm.com" <zach.shelby@arm.com>, "hartke@tzi.org" <hartke@tzi.org>, "cabo@tzi.org" <cabo@tzi.org>, "ben@nostrum.com" <ben@nostrum.com>, "aamelnikov@fastmail.fm" <aamelnikov@fastmail.fm>, "adam@nostrum.com" <adam@nostrum.com>, "jaime@iki.fi" <jaime@iki.fi>
CC: "dots@ietf.org" <dots@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] [Technical Errata Reported] RFC7252 (5284)
Thread-Index: AQHTuwGoS0FPIxZnd0CK+q0gMPjZqqPPkNuAgAAG4ICAAFPBgA==
Date: Wed, 14 Mar 2018 16:23:13 +0000
Message-ID: <D6CF0906.A2076%goran.selander@ericsson.com>
References: <20180309093425.91095B81706@rfc-editor.org> <3bf7a04492be4f4c882e344cafd4e188@bosch-si.com> <787AE7BB302AE849A7480A190F8B93302DEDFAB6@OPEXCNORMAD.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DEDFAB6@OPEXCNORMAD.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.3.170325
x-originating-ip: [83.252.126.178]
Content-Type: text/plain; charset="utf-8"
Content-ID: <D23EE2F1B9F183408F336CDC5AE6FF1B@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrMIsWRmVeSWpSXmKPExsUyM2J7oG6Rz8oog8s7xCz2vz/EZLF07RpW iz1/F7FbzO88zW5xZMpdVot9b9czW6x9c4TVYtvkV0wWh08pWBx++5Tdomn/VzaLS9eesDvw eKyZt4bRY9PCf4weO08dYPNYsuQnk8fhrwtZPGbtfMLi0fLsJJtHQ9sxVo9pizIDOKO4bFJS czLLUov07RK4MuZvNCmYZFOx6vwh9gbGM1ZdjJwcEgImEjc2nmLuYuTiEBI4zCjR2NHDBuEs YZQ4Mr2LFaSKTcBF4kHDIyaQhIjAfmaJy8t3soEkmIESuyb/YwGxhQXsJOZNmgMWFxGwl9j8 YTsThO0ksXvhbkYQm0VAVeLIn23sIDavgIXE/9/7WSG2HWSU+HJ8Btg2ToEkiYtb34MVMQqI SXw/tYYJYpm4xK0n85kg7haQWLLnPDOELSrx8vE/sF5RAT2JvT3tbBBxJYnbmxuA5nAA9WpK rN+lDzHGWqJ/ZRMLhK0oMaX7IdQ9ghInZz5hmcAoPgvJtlkI3bOQdM9C0j0LSfcCRtZVjKLF qcXFuelGxnqpRZnJxcX5eXp5qSWbGIFJ4eCW37o7GFe/djzEKMDBqMTD+9x7ZZQQa2JZcWXu IUYJDmYlEd491kAh3pTEyqrUovz4otKc1OJDjNIcLErivCc9eaOEBNITS1KzU1MLUotgskwc nFINjK0SM4pvMp1JyVtQNTP7faW2nttH/Ws1QasTRX6dMTywd+bpvrUn3ItuLJCeffQm4xTb mVzPTete8lZlrpH+mtcTxH6TWyVTaYGEnWEb+6/KU1/7o9oPnSlLeHPo9YxP0mXcjT9tjVdn fb9gM+HxgRhVVmaO9fGn7bhu9C7kOLmiL/PcjzchoUosxRmJhlrMRcWJAAvUf1EGAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/AOKtQHxJbNi3sqOlH_nMG4sXUjI>
X-Mailman-Approved-At: Thu, 15 Mar 2018 08:09:04 -0700
Subject: Re: [core] [Technical Errata Reported] RFC7252 (5284)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 16:23:19 -0000

Hello,

Please note there is also a security issue with re-use of tokens. The
following formulation is used in
https://tools.ietf.org/html/draft-ietf-core-echo-request-tag-01#section-5

"When CoAP is used with a security protocol not providing bindings
   between requests and responses, the client MUST NOT reuse tokens
   until the traffic keys have been replaced.  The easiest way to
   accomplish this is to implement the Token as a counter, this approach
   SHOULD be followed."



Regards
Göran



On 2018-03-14 13:23, "core on behalf of mohamed.boucadair@orange.com"
<core-bounces@ietf.org on behalf of mohamed.boucadair@orange.com> wrote:

>Hi Achim,
>(ccing DOTS WG)
>
>Thank you for sharing your thoughts.
>
>I'm personally OK with any wording which makes clear that distinct tokens
>are generated to differentiate among concurrent requests involving the
>same source/destination endpoints.
>
>I'm not sure to understand what you meant by "per simultaneous request",
>though.  
>
>Cheers,
>Med
>
>> -----Message d'origine-----
>> De : Kraus Achim (INST/ECS4) [mailto:Achim.Kraus@bosch-si.com]
>> Envoyé : mercredi 14 mars 2018 12:59
>> À : RFC Errata System; zach.shelby@arm.com; hartke@tzi.org;
>>cabo@tzi.org;
>> ben@nostrum.com; aamelnikov@fastmail.fm; adam@nostrum.com; cabo@tzi.org;
>> jaime@iki.fi
>> Cc : BOUCADAIR Mohamed IMT/OLN; core@ietf.org
>> Objet : RE: [core] [Technical Errata Reported] RFC7252 (5284)
>> 
>> Hi,
>> 
>> if the current definition "tokens currently in use" is interpreted as
>>for
>> "all pending requests", I can't see, that adding "per request" improves
>>the
>> RFC.
>> If something is added, I would recommend to precise that also with the
>>time-
>> scope,
>> e.g. "per simultaneous request".
>> 
>> Mit freundlichen Grüßen / Best regards
>> 
>>  Achim Kraus
>> 
>> (INST/ECS4)
>> Bosch Software Innovations GmbH | Stuttgarter Straße 130 | 71332
>>Waiblingen |
>> GERMANY | www.bosch-si.com
>> 
>> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
>> Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung:
>>Dr.
>> Stefan Ferber, Michael Hahn
>> 
>> -----Original Message-----
>> From: core [mailto:core-bounces@ietf.org] On Behalf Of RFC Errata System
>> Sent: Freitag, 9. März 2018 10:34
>> To: zach.shelby@arm.com; hartke@tzi.org; cabo@tzi.org; ben@nostrum.com;
>> aamelnikov@fastmail.fm; adam@nostrum.com; cabo@tzi.org; jaime@iki.fi
>> Cc: mohamed.boucadair@orange.com; core@ietf.org;
>>rfc-editor@rfc-editor.org
>> Subject: [core] [Technical Errata Reported] RFC7252 (5284)
>> 
>> The following errata report has been submitted for RFC7252, "The
>>Constrained
>> Application Protocol (CoAP)".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata/eid5284
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Mohamed Boucadair <mohamed.boucadair@orange.com>
>> 
>> Section: 5.3.1
>> 
>> Original Text
>> -------------
>> The client SHOULD generate tokens in such a way that tokens currently
>>in use
>> for a given source/destination endpoint pair are unique.
>> 
>> Corrected Text
>> --------------
>> The client SHOULD generate tokens in such a way that tokens currently
>>in use
>> for a given source/destination endpoint pair are unique per request.
>> 
>> Notes
>> -----
>> Multiple requests may be active for a given source/destination endpoint
>>pair.
>> The OLD text is thus broken.
>> 
>> The NEW text is aligned with the definition of the Token:
>> 
>>   A token is intended for use as a client-local identifier for
>>   differentiating between concurrent requests (see Section 5.3); it
>>   could have been called a "request ID".
>> 
>> Further, using the same token for a given source/destination endpoint
>>pair
>> have some implications, for example, for applications which require the
>> support of multiple observe queries because RFC7641 states the
>>following:
>> 
>>    The entry in the list of observers is keyed by the client endpoint
>>     and the token specified by the client in the request.  If an entry
>>     with a matching endpoint/token pair is already present in the list
>>     (which, for example, happens when the client wishes to reinforce
>>     its interest in a resource), the server MUST NOT add a new entry
>>     but MUST replace or update the existing one.
>> 
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please use
>> "Reply All" to discuss whether it should be verified or rejected. When a
>> decision is reached, the verifying party can log in to change the
>>status and
>> edit the report, if necessary.
>> 
>> --------------------------------------
>> RFC7252 (draft-ietf-core-coap-18)
>> --------------------------------------
>> Title               : The Constrained Application Protocol (CoAP)
>> Publication Date    : June 2014
>> Author(s)           : Z. Shelby, K. Hartke, C. Bormann
>> Category            : PROPOSED STANDARD
>> Source              : Constrained RESTful Environments APP
>> Area                : Applications
>> Stream              : IETF
>> Verifying Party     : IESG
>> 
>> _______________________________________________
>> core mailing list
>> core@ietf.org
>> https://www.ietf.org/mailman/listinfo/core
>
>_______________________________________________
>core mailing list
>core@ietf.org
>https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email