[core] About freshness and order of information in CoAP End-To-End Security
Aura Tuomas <tuomas.aura@aalto.fi> Thu, 07 April 2016 22:21 UTC
Return-Path: <tuomas.aura@aalto.fi>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 318A412D118 for <core@ietfa.amsl.com>; Thu, 7 Apr 2016 15:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrCN4a5A7UeS for <core@ietfa.amsl.com>; Thu, 7 Apr 2016 15:21:34 -0700 (PDT)
Received: from smtp-out-01.aalto.fi (smtp-out-01.aalto.fi [130.233.228.120]) by ietfa.amsl.com (Postfix) with ESMTP id 9787012D6FA for <core@ietf.org>; Thu, 7 Apr 2016 15:21:33 -0700 (PDT)
Received: from smtp-out-01.aalto.fi (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 6E24811533D_706DD6BB for <core@ietf.org>; Thu, 7 Apr 2016 22:21:31 +0000 (GMT)
Received: from EXHUB01.org.aalto.fi (exhub01.org.aalto.fi [130.233.222.118]) by smtp-out-01.aalto.fi (Sophos Email Appliance) with ESMTP id 34B45115329_706DD6BF for <core@ietf.org>; Thu, 7 Apr 2016 22:21:31 +0000 (GMT)
Received: from EXMDB01.org.aalto.fi ([169.254.2.240]) by EXHUB01.org.aalto.fi ([130.233.222.118]) with mapi id 14.03.0294.000; Fri, 8 Apr 2016 01:21:31 +0300
From: Aura Tuomas <tuomas.aura@aalto.fi>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: About freshness and order of information in CoAP End-To-End Security
Thread-Index: AdGRG8k6gBiuCzpESD6Xf3MZeAMeDA==
Date: Thu, 07 Apr 2016 22:21:30 +0000
Message-ID: <7F9C975440487E49BBD35F4FB088ED74CFD21D9C@EXMDB01.org.aalto.fi>
Accept-Language: fi-FI, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [31.133.153.254]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/core/EvA3N0UWTMZIeNLZMvLWvFhjix0>
Subject: [core] About freshness and order of information in CoAP End-To-End Security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 22:21:37 -0000
Reading "draft-hartke-core-e2e-security-reqs-00", I started to wonder about the freshness and reordering of sensor data and actuation confirmation. The examples in section "3.1. One Request - One Response" seem quite simple compared to potential application requirements. https://tools.ietf.org/html/draft-hartke-core-e2e-security-reqs-00#section-3.1 Example: Alarm status retrieval * There are many kinds of freshness: Sometimes you just want to avoid replays, e.g. for counting events. Sometimes reordering of data is not allowed, e.g. if you want the latest sensor status. Sometimes the data should come causally after another event, e.g. in nonce-based freshness mechanisms that bind the sensor data causally to a specific local clock interval at the receiver. Sometimes the data needs to be recent by the wall clock time, e.g. if you have loosely synchronized clocks. * In the alarm status example, it may not be necessary or sufficient for the status data to be "current". In fact, I don't think you ever need to link the answer to the individual alarm status request. Sometimes it is ok to have "recent" status information, in which case caching the at the proxy for a short period is ok. Sometimes you may not want to miss alarms that were raised and then dismissed, in which case the current status is not sufficient but you need the full history. Example: Actuation confirmation * Some actuation may have unique identity, e.g. admit animal number 12345 through the turnstile, and need to be confirmed individually. However, that is not necessarily the case. Some actuation is cumulative, e.g. admit one person though turnstile. Some actions are idempotent, e.g. close the door, and one confirmation may be sufficient. * Some actuations need to be strictly ordered, e.g. open and close the door. Some can be reordered, e.g. close door A and close door B. This could possibly be discussed in terms of causal order (the vector clocks mentioned in the ACE WG list) and how much of that order needs to be preserved in the actuation and in confirmations. Perhaps some of the above comments are beside the point of the draft, but it looks to me that the concepts of freshness and ordering in object or multi-hop security are more difficult to define and address than in secure end-to-end connections where data on the wire is linearly ordered in each direction. Tuomas
- [core] About freshness and order of information i… Aura Tuomas
- Re: [core] About freshness and order of informati… Göran Selander
- Re: [core] About freshness and order of informati… Göran Selander
- Re: [core] About freshness and order of informati… Jim Schaad