Re: [core] Review of draft-koster-core-coap-pubsub-05
Michael Koster <michael.koster@smartthings.com> Mon, 14 November 2016 02:17 UTC
Return-Path: <michael.koster@smartthings.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CCD3129658 for <core@ietfa.amsl.com>; Sun, 13 Nov 2016 18:17:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.821
X-Spam-Level:
X-Spam-Status: No, score=-1.821 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smartthings-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DVuvc2Gs35Pg for <core@ietfa.amsl.com>; Sun, 13 Nov 2016 18:17:11 -0800 (PST)
Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2969E1295F6 for <core@ietf.org>; Sun, 13 Nov 2016 18:17:11 -0800 (PST)
Received: by mail-pf0-x22c.google.com with SMTP id d2so26122862pfd.0 for <core@ietf.org>; Sun, 13 Nov 2016 18:17:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartthings-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=xqlAK+eU+SJ0W4LyOujL9AxBauHjEOaCDH0DH9uU9CY=; b=jhqBRQeXGK/Z/KlP7xQWQ5Q3lAiqDuzFIyHGBzmKG8BId6merUqEeup1ToQ0tdd1QM C8KwN2QM7oWCb4oSMLtc4GfJKsL8V0b05GZK4rgwNl2kPUwUrqyq+cE4AK8tlHlUyOK8 XONsXxXL0l1HNM25ox5ES3Xih6eEo0xuKijBWQ6e5sKb1bT3Ewf52nHbnw0HM9S/6W2m 5v1MSoFgo1e2C9ubsR1XDindtpgq8XCFDR8zizogLy4Uq6YQ0LcUmZfAqnHUV3rK6FWS 6yTT2OTiN7El7dJDPfHI0HzeZ68jlhsjtYtGoYOADb3xvpR+LdLjbep4/VHAww9Fey6a VrlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=xqlAK+eU+SJ0W4LyOujL9AxBauHjEOaCDH0DH9uU9CY=; b=VbYQMK73AlxXHFQVDJIEBjCLEBx8HYnwtX7IXt9IA75MNBecMBB3w0GNPSpW3WUsmy ApFVo8zkLXscCWyoDcCdNLMYpJdoui/cEht2FT8Z7UICqQF8ktKKXtFHbSN2UrPaqOkf qP4bZdrx8WwzvpHHjjbB8DcaQvaWnUhAbmA+uW4FwAof5TUxGe9uoI20+vXuLDmyJm6e +LL84aa19pAws0cgyXc2qXOLV4bQpfLeuWRiZUnvUmHsv661nJioiQf1lG56cPImcw7l OnVZ7vM4NWS6G8V/vNMiW39GVHVkNQ4ujWcMQlXa91tSHazZv4rswLlHJudAVsl3v8tv 2KKA==
X-Gm-Message-State: ABUngvemtBsWUY1BqgyOjZUenTPYcT70CqLspB8mn8seHTY900PQ0xaL420iWibhLPNbX9aq
X-Received: by 10.98.48.69 with SMTP id w66mr31782096pfw.0.1479089830614; Sun, 13 Nov 2016 18:17:10 -0800 (PST)
Received: from [172.20.3.22] ([183.102.9.2]) by smtp.gmail.com with ESMTPSA id f23sm30666407pff.59.2016.11.13.18.17.08 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 13 Nov 2016 18:17:10 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Michael Koster <michael.koster@smartthings.com>
In-Reply-To: <04fe01d1ee01$35bf9120$a13eb360$@augustcellars.com>
Date: Mon, 14 Nov 2016 11:17:07 +0900
Content-Transfer-Encoding: quoted-printable
Message-Id: <A55CB116-3E88-4C7D-B837-7992C82EC4B1@smartthings.com>
References: <04fe01d1ee01$35bf9120$a13eb360$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Df5aoa6CBfhOdgtUEqDJ8K_mYeA>
Cc: draft-koster-core-coap-pubsub@ietf.org, core@ietf.org
Subject: Re: [core] Review of draft-koster-core-coap-pubsub-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2016 02:17:13 -0000
Hi Jim, replies inline > On Aug 4, 2016, at 12:35 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > I have a hard time saying that this is ready to be published, but that is in > part because I think that the security aspects that are not being addressed > in the document are important. > > > Section 3.2 - The phrase "and potentially buffer messages" is causing me > problems. By definition it must buffer the last data value that it > includes. It would be good at this point to explain exactly why it is > buffering messages here. I assume that you are talking about the flow > control issues that are discussed later but I don't know this. Each client should be sent all notifications that its subscriptions require, even if they are published faster than they notified. What is actually buffered needs to include payloads and content formats, not necessarily entire messages. > > Section 4.2 - What is the behavior of Max-Age for sub-topics? Is the topic > deleted only if it has no current sub-topics? Publish rates of the topic > and sub-topic may not be the same. > Yes, good point. publication on a topic needs to reset the lifetime counters of all topics in its path. > Section 4.2 - How does a topic creator control who can a) publish to the > topic, b) create sub-topics, c) subscribe to the topic. Based on how things > are laid out I make the assumption that the broker is the entity that would > enforce these rules. > The access control would use the same mechanisms as resource access control, so it would be ACLs most likely. We wil add this to the security considerations! > Section 4.3 - As we go forward into the world of having secure items, the > rule on only publishing a fixed content type means that there will be no way > for a broker to create other content types without losing the authentication > source of a signature by the publisher on the content. It would be nice if > it were possible to publish multiple content types at one point. I guess > one method might be to look at a content type that would be list of contents > w/ different content types but then the discovery method becomes odd. Also > create would need to be modified to deal with the situation as well. Yes, please see the email response to Peter van der Stok I sent out earlier. > > Section 4.7 - The following language is driving me crazy. "A CoAP pubsub > Client wishing to remove a topic MAY use the CoAP Delete operation". If > you are going to say that it may do X, then you need to also say that what > other things it could do to remove it. I think you should just remove the > MAY here (and in similar places) and just say "to remove a topic uses the > CoAP Delete operation". > Thanks, yes, Sorry for the attack on your sanity ;-) > Section 7 - Should there be advice on how to distinguish between a new > publish and a re-publish because a response was not received? > Hmm yes based on the CoAP MID I suppose. Good catch. > Section 8 - DTLS will not provide authentication if there is a proxy in the > way between the client and the broker that terminates the DTLS session. > (The whole hop authentication vs end-to-end.) > yes a pubsub broker is a DTLS endpoint. > Section 8 - the last paragraph is giving me a problem. It appears to say > that if the broker is not trusted hen it would have a problem doing the > correct forwarding to subscribers since it would be unable to read the CoAP > headers. Is that correct? > It's meant to say that the CoAP header (e.g. content-type option) is needed to correctly notify subscribers. > Confirmation of messages. The system seems to be very light on telling one > when confirmation of messages should be used and when it should not be used. > For example, if notifications are being sent out from a broker - should all > messages get confirmations before continuing, should only some messges get > confirmations based either on the message published or on the notification > that is being sent to the client. I.e. do you treat a removal from a > subscription differently if it is deleted vs if the authorization for the > subscriber expires? In one case doing the get will show that it no longer > exists but in the other case the client will have missed messages when it > was not subscribed. > Yes, we removed the guidance to use/not use confirmable because it is a transport layer function. I see we may want to make it explicit that notify behavior is the same as resource state notification. If a broker uses CON to notify, then it must follow the state machine behavior for CON. It is not required to use CON to notify if publish uses CON. this is where pubsub differes from a message store-and-forward. Subscription uses CoAP Observe, so whatever mechanism is implemented to remove observers that no longer have a security relationship applies here. We wil be updating the draft again this week. Please let us know any further questions and suggestions. Thanks! Best regards, MIchael > >
- Re: [core] Review of draft-koster-core-coap-pubsu… Hannes Tschofenig
- Re: [core] Review of draft-koster-core-coap-pubsu… Hannes Tschofenig
- Re: [core] Review of draft-koster-core-coap-pubsu… Jim Schaad
- [core] Review of draft-koster-core-coap-pubsub-05 Jim Schaad
- Re: [core] Review of draft-koster-core-coap-pubsu… Michael Koster