[core] My wishlist for corr-clar
Christian Amsüss <christian@amsuess.com> Mon, 17 December 2018 22:46 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9331912D4E6 for <core@ietfa.amsl.com>; Mon, 17 Dec 2018 14:46:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ao8E656N6Qx5 for <core@ietfa.amsl.com>; Mon, 17 Dec 2018 14:46:44 -0800 (PST)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 019FD126C01 for <core@ietf.org>; Mon, 17 Dec 2018 14:46:43 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id EFFBC4251D for <core@ietf.org>; Mon, 17 Dec 2018 23:46:40 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id F2E754D for <core@ietf.org>; Mon, 17 Dec 2018 23:46:38 +0100 (CET)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 8419934A for <core@ietf.org>; Mon, 17 Dec 2018 23:46:38 +0100 (CET)
Received: (nullmailer pid 26064 invoked by uid 1000); Mon, 17 Dec 2018 22:46:37 -0000
Date: Mon, 17 Dec 2018 23:46:37 +0100
From: Christian Amsüss <christian@amsuess.com>
To: core@ietf.org
Message-ID: <20181217224636.GA20914@hephaistos.amsuess.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Ej-hv0XEI2vy2CTO_Fm0y7MkhiE>
Subject: [core] My wishlist for corr-clar
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 22:46:47 -0000
Hello Carsten and CoRE,
while there's no established workflow for adding to core-corr-clar, here
are a few items I've collected and think would make good additions to
that document:
* A name for the path-less URI constructed from doing role reversal. RD
would have been easier to write with this, and any role reversal is
easier to argue about with it too, for example in OSCORE.
* A statement on whether that can always be done even if the resulting
URI can not be used by anyone else, or might not even have a proper
URI representation (coap+tcp://...:ephemeral-port/ for the former,
the address of the browser side of a websocket in for the latter).
I've sketched up some strawman text (with potential not only better
naming but also completely contrary statements) below.
* The text from lwig-coap defining the "block key"
* echo-request-tag uses a slightly updated version of this (even
though not naming it) that elective NoCacheKey options are not
described as part of the "block key" (as they could safely be served
by an intermediary if all else matches).
(Anyway, the lwig-coap text could be a starting point.)
* Observation: Anything can cancel implicitly
RFC7641 leaves it open how a new request on an active observation
token should be processed if it's neither a registration update (which
could only vary th ETag set) nor an explicit deregistration.
Practically speaking, the server needs to assume that the client has
lost any state it had of the observation (for otherwise it would have
followed the protocol) and thus treat the old observation as cancelled
and process whatever is in the new observation.
corr-clar might be a good place to talk about this and pave the way
towards sanctioning it. (In effect, that'd mean that anything in an
observation can be changed by an observation update -- the server
would treat it as a new registraiton anyway if it so wishes.)
Has there been any progress on moving corr-clar towards WG adoption, or
on its procedural side (how section status w/rt WG consensus is
managed)?
Best regards
Christian
---
Strawman text for the constructed URI:
2.2 RFC7252-1.2 Terminology:
RFC7252 hints at the possibility for role reversal in Section 9.1.1 by
suggesting that the DTLS client should also act as the CoAP client,
and RFC8323 accordingly distinguishes between a CoAP client and a
connection initiator (however often they may coincide) in Section 3.3.
They do not contain considerations for the URIs that'd describe
resources on the DTLS client or connection initiator side.
: Role-Reversal URI
The Role-Reversal URI of a request is a URI based on which resources
hosted by the endpoint that sent the request are named. Its
construction depends on the protocol used.
For CoAP over UDP, DTLS, TCP, TLS and WebSockets, the Role-Reversal URI is
constructed by following RFC7252 Section 6.5 and RFC8323 Section 8.7,
but with no CoAP options present, and using the source rather than
destination address and port.
For CoAP over TCP, TLS and WebSockets, that results in an address that
is not generally usable (because opening such a connection would not
succeed), but can still be used locally for the duration of the
connection. Such URIs should not be used outside the host on which the
Role-Reversal URI was generated, or for a longer than the connection
persists.
For CoAP over DTLS, TLS and secure WebSockets, the credentials
presented by the Connection Initiator may be insufficient to justify
using that connection as to access resources hosted on it.
If applications use Role-Reversal URIs over secure protocols, they
need to describe under which circumstances those URIs are usable.
When used with IPv6, the source address can be a link-local address
that requires a zone identifier to be disambiguated between several
interfaces. A zone identifier is expressed following RFC 6874, and
like Role-Reversal URIs in connection-based protocols can not be used
outside the host which generated it.
Note that a client can not express resources under its Role-Reversal
URI in request payloads as relative references, as these requests's
base URIs are ... [probably anonymous, with the application stepping
in? the target URI?]. Resources on Role-Reversal URIs must be
announced using relative references that use application-dpendant base
URIs, or (preferably) perform resource discovery.
{{I-D.core-resource-directory}} uses the Role-Reversal URI as the
default value for the "base" registration parameter, and described
explicitly there as it predates this definition.
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
- [core] My wishlist for corr-clar Christian Amsüss
- Re: [core] My wishlist for corr-clar Kraus Achim (INST/ECS4)