Re: [core] Review on draft-tiloca-core-multicast-oscoap-01
"Beck, Stefan" <S.Beck@osram.com> Thu, 27 April 2017 20:54 UTC
Return-Path: <S.Beck@osram.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10AFB12878D; Thu, 27 Apr 2017 13:54:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.8
X-Spam-Level:
X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=osram.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TxW7dso3OwzJ; Thu, 27 Apr 2017 13:54:05 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40054.outbound.protection.outlook.com [40.107.4.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80995129B52; Thu, 27 Apr 2017 13:50:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Osram.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4uV9176dA0x3JtuVtcqJtMJmr4ET/G/CbJSeagKNLJg=; b=Z6rIFVtqWoazwoFVKqPso7zpYmUA5TPXh8AG9mm4pnIGZawOVIJW+Xi4zzeDUbmlWimmmo82UorJSqn4fySz9EmIwxiaUO6lBSX685zDbjhQgfVmzd0R9M+COfLJWqMI9Tr+ncCPENy7V8vFiz3iMKS516eJOy3mKPRI8qECKYo=
Received: from VI1PR07MB1663.eurprd07.prod.outlook.com (10.166.143.7) by VI1PR07MB1662.eurprd07.prod.outlook.com (10.166.142.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1075.1; Thu, 27 Apr 2017 20:50:34 +0000
Received: from VI1PR07MB1663.eurprd07.prod.outlook.com ([10.166.143.7]) by VI1PR07MB1663.eurprd07.prod.outlook.com ([10.166.143.7]) with mapi id 15.01.1075.002; Thu, 27 Apr 2017 20:50:33 +0000
From: "Beck, Stefan" <S.Beck@osram.com>
To: Marco Tiloca <marco.tiloca@ri.se>, "draft-tiloca-core-multicast-oscoap@ietf.org" <draft-tiloca-core-multicast-oscoap@ietf.org>
CC: 'core' <core@ietf.org>
Thread-Topic: [core] Review on draft-tiloca-core-multicast-oscoap-01
Thread-Index: AdKuTspS7D95VPiCTf6PMOteBsYMvAPaYIngAG6fVQAACC0AIA==
Date: Thu, 27 Apr 2017 20:50:33 +0000
Message-ID: <VI1PR07MB166366574E971334641F3ACC85100@VI1PR07MB1663.eurprd07.prod.outlook.com>
References: <017401d2ae79$5a6378f0$0f2a6ad0$@augustcellars.com> <HE1PR07MB1657D682FC5030F67C4F3447851E0@HE1PR07MB1657.eurprd07.prod.outlook.com> <59021B50.4070903@ri.se>
In-Reply-To: <59021B50.4070903@ri.se>
Accept-Language: en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ri.se; dkim=none (message not signed) header.d=none;ri.se; dmarc=none action=none header.from=osram.com;
x-originating-ip: [2001:a61:3266:4801:e5e6:a246:e363:a143]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1662; 7:5Oia2D6dIipOZcLkbfEgNEPfhegrHl7+2vlRlHS58//NgzyWFT3+6gxO2zpjR6Cw81KsG7/o1NYEf9uoQjfyGBXtzC2VjjDsCIq7M0an1Eg+89CLeeE2ea5E8N/piJXR6UWAoQ3eg8svl2NM59SfpjKXEVTHEZzlSBVQG3zJeecBtuG3sJzi09zoEo/S/WtkA4Z7KHznvYb8jX9fuhZRwaXzEVfpBqiuAVVvWBPqPGtf54DVupY4HCZKPGkrgd6UtXNqrDA5ffPQWfiAMlEuX6iKnOL5IGIgX1wwbrG/FyUbYd8TNJPhNw2axz7v0ggvptqiUSxv2nsU2C8U3Xet7w==
x-ms-office365-filtering-correlation-id: af60d3f0-333f-49c6-bb63-08d48daf0ca3
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:VI1PR07MB1662;
x-microsoft-antispam-prvs: <VI1PR07MB166280CE0130A1AF8BA4B7A685100@VI1PR07MB1662.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(72170088055959)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123558100)(20161123562025)(20161123555025)(6072148); SRVR:VI1PR07MB1662; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1662;
x-forefront-prvs: 029097202E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39850400002)(39410400002)(39400400002)(39450400003)(39840400002)(39860400002)(377454003)(377424004)(13464003)(52314003)(24454002)(4326008)(2906002)(25786009)(99286003)(53546009)(7736002)(2950100002)(53936002)(305945005)(7696004)(230783001)(9686003)(122556002)(6306002)(55016002)(76176999)(54356999)(229853002)(2501003)(8936002)(99936001)(6436002)(2900100001)(102836003)(3660700001)(5660300001)(81166006)(77096006)(50986999)(33656002)(74316002)(6246003)(3280700002)(38730400002)(189998001)(8676002)(86362001)(561944003)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR07MB1662; H:VI1PR07MB1663.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_010E_01D2BFA8.AC749C60"
MIME-Version: 1.0
X-OriginatorOrg: Osram.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2017 20:50:33.4744 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ec1ca250-c234-4d56-a76b-7dfb9eee0c46
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1662
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/CEyo9fm6NMYfk2QQbRmT1bMsYkU>
Subject: Re: [core] Review on draft-tiloca-core-multicast-oscoap-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2017 20:54:08 -0000
Hi Marco, Thanks for considering my comments. With "simple situations" I meant payload data only, not signatures or MAC. A sample use case could be group messages that switch on / off dozens or more luminaires at once. There's no sensitive payload data involved here. And even if encrypted one could easily find out what is going on, just by monitoring network package flow. Having said that, I fully agree with you though, that encryption should be the norm anyway. I just stumbled over the use of SHALL, SHOULD and MAY in those three last bullets of section 2, which is inconsistent IMO. I would change as follows: 1. Group-level data confidentiality: messages sent within the multicast group *SHOULD* be encrypted. ... In particular, messages *SHALL* be encrypted if privacy sensitive data is exchanged in the group. (or alternatively: describe the privacy concerns in the Security Considerations section) 2. Source authentication: ok 3. Message integrity: messages sent within the multicast group *SHALL* be integrity protected. Stevie -----Original Message----- From: Marco Tiloca [mailto:marco.tiloca@ri.se] Sent: Thursday, April 27, 2017 6:25 PM To: Beck, Stefan <S.Beck@osram.com>; draft-tiloca-core-multicast-oscoap@ietf.org Cc: 'core' <core@ietf.org> Subject: Re: [core] Review on draft-tiloca-core-multicast-oscoap-01 Hello Stefan, Thanks a lot for your review and comments, we have been revising the draft accordingly. As to your comment: "Intuitively I would consider authentication and integrity as SHALL, while confidentiality could be seen as SHOULD (or even MAY? - as the following text already correctly suggests that data confidentiality may only be required if privacy sensitive data is exchanged - which is not necessarily the case, e.g. in simple situations" Do you refer to a signature or a MAC? Also, can you refer to any particular case where confidentiality is not required? Please, consider that group members do own the key material they need for encryption anyway, and [1] suggests encryption as the norm and that newly designed protocols should prefer encryption to cleartext operation. Best regards, /Marco [1] https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/ On 2017-04-25 14:54, Beck, Stefan wrote: > Hi, > On Section 2: > Group-level data confidentiality and Source authentication are described as SHALL, while Message integrity is SHOULD. > > Intuitively I would consider authentication and integrity as SHALL, > while confidentiality could be seen as SHOULD (or even MAY? - as the > following text already correctly suggests that data confidentiality > may only be required if privacy sensitive data is exchanged - which is > not necessarily the case, e.g. in simple situations > > On authentication and integrity: I would use SHALL consistently here - > similar to what is already written on "source authentication" in > section 1. And it is implied by the last statement anyway ("Message > integrity is provided through the same means used to provide source > authentication.") > > Section 7.1: the first paragraph addresses the confidentiality part of "Group-level Security", so you could potentially rename 7.1. to "Group-level Data Confidentiality" as one specific part of the security considerations (provided that this first paragraph remains the only one in 7.1...): > - the second paragraph deals with the obvious ("it is required that all group members are trusted"), so it could even be removed completely? > - and the 3rd paragraph would better fit to 7.2 IMO (as the task of removing a compromised group member becomes a key management task - similar to when legitimate - yet uncompromised - group members are leaving). > > > I also agree with Jim's proposal (on section 1, excerpt below), the same could be applied in section 2 (and 7.1) analogously. > > Stevie > > > -----Original Message----- > From: core [mailto:core-bounces@ietf.org] On Behalf Of Jim Schaad > Sent: Thursday, April 06, 2017 3:59 AM > To: draft-tiloca-core-multicast-oscoap@ietf.org > Cc: 'core' <core@ietf.org> > Subject: [core] Review on draft-tiloca-core-multicast-oscoap-01 > > Here are a few comments on this draft. > > <...> > > Section 1 - "Source authentication" - suggest the last sentence ends "not tampered with either by a different group member or by a non-group member". > > <...> > > Jim > > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core -- Marco Tiloca, PhD Research Institutes of Sweden RISE ICT/SICS Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.sics.se https://www.sics.se/~marco/ The RISE institutes Innventia, SP and Swedish ICT have merged in order to become a stronger research and innovation partner for businesses and society. SICS Swedish ICT AB, has now changed name to RISE SICS AB.
- Re: [core] Review on draft-tiloca-core-multicast-… Beck, Stefan
- Re: [core] Review on draft-tiloca-core-multicast-… Beck, Stefan
- [core] Review on draft-tiloca-core-multicast-osco… Jim Schaad