[core] My wishlist for corr-clar
Christian Amsüss <christian@amsuess.com> Mon, 17 December 2018 22:46 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9331912D4E6 for <core@ietfa.amsl.com>; Mon, 17 Dec 2018 14:46:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ao8E656N6Qx5 for <core@ietfa.amsl.com>; Mon, 17 Dec 2018 14:46:44 -0800 (PST)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 019FD126C01 for <core@ietf.org>; Mon, 17 Dec 2018 14:46:43 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id EFFBC4251D for <core@ietf.org>; Mon, 17 Dec 2018 23:46:40 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id F2E754D for <core@ietf.org>; Mon, 17 Dec 2018 23:46:38 +0100 (CET)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 8419934A for <core@ietf.org>; Mon, 17 Dec 2018 23:46:38 +0100 (CET)
Received: (nullmailer pid 26064 invoked by uid 1000); Mon, 17 Dec 2018 22:46:37 -0000
Date: Mon, 17 Dec 2018 23:46:37 +0100
From: Christian Amsüss <christian@amsuess.com>
To: core@ietf.org
Message-ID: <20181217224636.GA20914@hephaistos.amsuess.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Ej-hv0XEI2vy2CTO_Fm0y7MkhiE>
Subject: [core] My wishlist for corr-clar
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 22:46:47 -0000
Hello Carsten and CoRE, while there's no established workflow for adding to core-corr-clar, here are a few items I've collected and think would make good additions to that document: * A name for the path-less URI constructed from doing role reversal. RD would have been easier to write with this, and any role reversal is easier to argue about with it too, for example in OSCORE. * A statement on whether that can always be done even if the resulting URI can not be used by anyone else, or might not even have a proper URI representation (coap+tcp://...:ephemeral-port/ for the former, the address of the browser side of a websocket in for the latter). I've sketched up some strawman text (with potential not only better naming but also completely contrary statements) below. * The text from lwig-coap defining the "block key" * echo-request-tag uses a slightly updated version of this (even though not naming it) that elective NoCacheKey options are not described as part of the "block key" (as they could safely be served by an intermediary if all else matches). (Anyway, the lwig-coap text could be a starting point.) * Observation: Anything can cancel implicitly RFC7641 leaves it open how a new request on an active observation token should be processed if it's neither a registration update (which could only vary th ETag set) nor an explicit deregistration. Practically speaking, the server needs to assume that the client has lost any state it had of the observation (for otherwise it would have followed the protocol) and thus treat the old observation as cancelled and process whatever is in the new observation. corr-clar might be a good place to talk about this and pave the way towards sanctioning it. (In effect, that'd mean that anything in an observation can be changed by an observation update -- the server would treat it as a new registraiton anyway if it so wishes.) Has there been any progress on moving corr-clar towards WG adoption, or on its procedural side (how section status w/rt WG consensus is managed)? Best regards Christian --- Strawman text for the constructed URI: 2.2 RFC7252-1.2 Terminology: RFC7252 hints at the possibility for role reversal in Section 9.1.1 by suggesting that the DTLS client should also act as the CoAP client, and RFC8323 accordingly distinguishes between a CoAP client and a connection initiator (however often they may coincide) in Section 3.3. They do not contain considerations for the URIs that'd describe resources on the DTLS client or connection initiator side. : Role-Reversal URI The Role-Reversal URI of a request is a URI based on which resources hosted by the endpoint that sent the request are named. Its construction depends on the protocol used. For CoAP over UDP, DTLS, TCP, TLS and WebSockets, the Role-Reversal URI is constructed by following RFC7252 Section 6.5 and RFC8323 Section 8.7, but with no CoAP options present, and using the source rather than destination address and port. For CoAP over TCP, TLS and WebSockets, that results in an address that is not generally usable (because opening such a connection would not succeed), but can still be used locally for the duration of the connection. Such URIs should not be used outside the host on which the Role-Reversal URI was generated, or for a longer than the connection persists. For CoAP over DTLS, TLS and secure WebSockets, the credentials presented by the Connection Initiator may be insufficient to justify using that connection as to access resources hosted on it. If applications use Role-Reversal URIs over secure protocols, they need to describe under which circumstances those URIs are usable. When used with IPv6, the source address can be a link-local address that requires a zone identifier to be disambiguated between several interfaces. A zone identifier is expressed following RFC 6874, and like Role-Reversal URIs in connection-based protocols can not be used outside the host which generated it. Note that a client can not express resources under its Role-Reversal URI in request payloads as relative references, as these requests's base URIs are ... [probably anonymous, with the application stepping in? the target URI?]. Resources on Role-Reversal URIs must be announced using relative references that use application-dpendant base URIs, or (preferably) perform resource discovery. {{I-D.core-resource-directory}} uses the Role-Reversal URI as the default value for the "base" registration parameter, and described explicitly there as it predates this definition. -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [core] My wishlist for corr-clar Christian Amsüss
- Re: [core] My wishlist for corr-clar Kraus Achim (INST/ECS4)