Re: [core] Comments on draft-ietf-core-object-security-06
Jim Schaad <ietf@augustcellars.com> Mon, 05 December 2016 07:47 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B891293EE; Sun, 4 Dec 2016 23:47:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.797
X-Spam-Level:
X-Spam-Status: No, score=-4.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGxUG-021WOQ; Sun, 4 Dec 2016 23:47:46 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D3BB1293E8; Sun, 4 Dec 2016 23:47:45 -0800 (PST)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 5 Dec 2016 00:07:15 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'Göran Selander' <goran.selander@ericsson.com>, draft-ietf-core-object-security@ietf.org
References: <083101d24ad0$3b071aa0$b1154fe0$@augustcellars.com> <D465F239.6E05D%goran.selander@ericsson.com> <044101d24d0e$57fbdb10$07f39130$@augustcellars.com> <D46AC915.6E620%goran.selander@ericsson.com>
In-Reply-To: <D46AC915.6E620%goran.selander@ericsson.com>
Date: Sun, 04 Dec 2016 23:47:29 -0800
Message-ID: <05d001d24ecb$d60587e0$821097a0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKaVnhZja3Zi1ELigv8nmadx6425QH62YMNAmN/aLECumduK58wJFNQ
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/EdCvqlxqvNSZNpq-4U1fzMdtOUs>
Cc: core@ietf.org
Subject: Re: [core] Comments on draft-ietf-core-object-security-06
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2016 07:47:48 -0000
> -----Original Message----- > From: Göran Selander [mailto:goran.selander@ericsson.com] > Sent: Sunday, December 04, 2016 11:13 PM > To: Jim Schaad <ietf@augustcellars.com>; draft-ietf-core-object- > security@ietf.org > Cc: core@ietf.org > Subject: Re: Comments on draft-ietf-core-object-security-06 > > > > On 2016-12-03 03:38, "Jim Schaad" <ietf@augustcellars.com> wrote: > > > > > > >> -----Original Message----- > >> From: Göran Selander [mailto:goran.selander@ericsson.com] > >> Sent: Friday, December 02, 2016 12:31 AM > >> To: Jim Schaad <ietf@augustcellars.com>; draft-ietf-core-object- > >> security@ietf.org > >> Cc: core@ietf.org > >> Subject: Re: Comments on draft-ietf-core-object-security-06 > >> > >> > >> >Appendix C - I am having a hard time with the first paragraph here. > >> >I do not believe that you have correctly characterized the problem. > >> >The reason that you cannot use OSCOAP for this has more to do with > >> >how you decided which records in the header to authenticate rather > >> >than the fact that this is going to be distributed to multiple recipients. > >> > >> The intended logic is the following: > >> > >> The security requirements draft > >> https://tools.ietf.org/html/draft-hartke-core-e2e-security-reqs > >>currently > >> describes three use cases “proxy forwarding”, “proxy caching” and > >>“publish- > >> subscribe”. The solutions to these requirements protect as much as is > >>possible, while still allowing the functionality of the use case. > >> OSCOAP addresses the "proxy forwarding” use case, which is a basic > >>CoAP request-response with optional forward proxy functionality. This > >>is a use case we have been requested to support, and it is an > >>interesting case also because essentially all options and headers > >>that are passed end-to-end in a CoAP request and response can be > >>protected, response can be bound to a request, and some other > >>security features can be supported. > >> > >> OSCON addresses other use cases with a common solution, including the > >>two remaining use cases mentioned above. In these cases less of the > >>records can be protected, e.g. because a single response should be > >>meaningful to multiple requests. This solution thus targets a format > >>where multiple use cases can be supported rather than optimising > >>security for a particular use case. > >> > >> I will make an issue to clarify this. > > > >It is not the least bit clear to me that publish-subscribe case cannot > >be done with OSCOAP. The proxy caching problem is more difficult, but > >is not solved by OSCON in a way that is not also solved in the OSCOAP > >case as far as I can tell. > > In OSCOAP, the response is bound to the request by including the transaction > identifier (cid, sender ID, sequence number) of the request in the external_aad > of the response. With this the client is able to verify that the server has received > the request and that this message is a response of that request. This > construction also works for multiple responses to a given request such as CoAP > observe (RFC7641) and group communication for CoAP (RFC7390). Different > observe notifications can be distinguished by different sequence numbers of > server, and different unicast responses to a multicast request can be > distinguished by the responding node’s (sender) ID. > > However, with caching and publish-subscribe a given response is used for > multiple requests, so the response cannot be bound to a particular request. > Moreover, for caching and publish-subscribe, less CoAP options and headers can > be protected. E.g. the publisher can update a topic with a PUT, which is provided > with a GET response to the subscriber, so the CoAP Code cannot be integrity > protected between publisher and subscriber. More details about which options > and header are protected in caching and pub-sub in the requirements draft: > > https://tools.ietf.org/html/draft-hartke-core-e2e-security-reqs > > Thus the set of headers and options, and how response is bound to request as > defined in OSCOAP does not apply to pub-sub. But similar constructions are > possible, or else just essentially protect the CoAP payload as with OSCON. > > We did not write anything of the underlying construction in the draft, maybe we > should? I will send a separate message on some thoughts I had over the weekend at some point soon. > > > > > >> > > > >> > >> > > >> >Appendix C - I do not understand what this sentence means. " OSCON > >> >shall not be used in cases which require a secure binding between > >> >request and response." Is it intended to say that the use of a > >> >transaction identifier in the COSE wrappers for the request and > >> >response is not permitted? There are a lot of ways to do this that > >> >do not rely on CoAP. > >> > >> As mentioned, this format is addressing use cases which does not bind > >>response to request. It is possible to define a wrapping of a message > >>exchange in COSE which has different features, but that was not the > >>intention here. > > > >This is not making it any clearer to me. > > Does the text above make things more clear? As stated above - no. Jim > > > Göran > >
- [core] Comments on draft-ietf-core-object-securit… Jim Schaad
- Re: [core] Comments on draft-ietf-core-object-sec… Göran Selander
- Re: [core] Comments on draft-ietf-core-object-sec… Jim Schaad
- Re: [core] Comments on draft-ietf-core-object-sec… Göran Selander
- Re: [core] Comments on draft-ietf-core-object-sec… Jim Schaad