Re: [core] New draft-tiloca-core-groupcomm-proxy on proxied CoAP multicast operation

Esko Dijk <esko.dijk@iotconsultancy.nl> Mon, 30 March 2020 13:12 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 734F73A15A1 for <core@ietfa.amsl.com>; Mon, 30 Mar 2020 06:12:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.021
X-Spam-Level:
X-Spam-Status: No, score=0.021 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_SPF_HELO_TEMPERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancynl.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urH1wOrrmDkX for <core@ietfa.amsl.com>; Mon, 30 Mar 2020 06:12:29 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70099.outbound.protection.outlook.com [40.107.7.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F3573A15A0 for <core@ietf.org>; Mon, 30 Mar 2020 06:12:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eu4B6hszCMk97JfX7cRhNvUWBsXH2OcdPRvobtkoyGbK7bDwoPmmQKmZeU/qn0C6ZBSlUdm36A2mYCErVarWPnMNi8ibx78JHK6POb//e2MfCvduVh5S+TRURyXBxq47P1duv4oZnIX+kJWhG1uyQBH53ZRBHMVtLxXXx58STUl6KdZUC2sYscDgfeS2oG+nZwsIok2G32CbhPoTTDXA1c91CTMa9ynVAIZ3JUTP4n/WHRc9zsQq28UAoXBtW/wSfMSB+97ohQPbP6DzBAXcSj7tPu/Yhm+Lf2MTpLXMdIdduwDnq+M9vraNGzBbqRgV+S0JPYGNdJElYoKXD3tdVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mbqw5bNuJcwwshjrpwhaOj2PipqKiftpXjTyV9lY5K0=; b=AfV4DaUOCKC+QA77VumQ5Ska2/0YOwVlD/IrZFuKmEuJigb/KEbDIVkYkXPXpLVoM9vhkfl1NMOaidweMzBKXCYz0rdcy7c7XIRMgtAWBvfdXOAYBd5alPhaK55MxInl3Jbu6j+2W9636XSKKKlqLnoWj6NmxcDy6TEVk2EIMQ5btjxp0mlCt7phEd2HE9dB4yDy+znfwBaFZHtd9t8HhP/8to/ovZxbOn7VOnT1It/5zPHtJxMNji3PF0aYSGsUNE3A/RPEAZ9uKwIERt403QT8DoF1PTnUO06kZIPGvmtWeSLfYMVE4//rzw0eP7XdkX9MgGPTKxuk1mlXC8SueQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancynl.onmicrosoft.com; s=selector2-iotconsultancynl-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mbqw5bNuJcwwshjrpwhaOj2PipqKiftpXjTyV9lY5K0=; b=DstwqlXl0rHpuESZ7hBWf3f+d0f3Lnz8DzVhspfbZJkfKkISN5o0Rk9kS0SU2UXHBnUHpjLxZ1L18gTs/VPm7DCRYdk2jCzuiQw8H+iyzMLtlsliqKVZHs2pLgt0zcsVGkD6Nncx20iE0hN93/VZ6GINtkRDhKjYr88IpnKQBlw=
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM (10.161.62.28) by AM5P190MB0531.EURP190.PROD.OUTLOOK.COM (10.161.81.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Mon, 30 Mar 2020 13:12:25 +0000
Received: from AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::8c96:a66b:e170:bf8f]) by AM5P190MB0275.EURP190.PROD.OUTLOOK.COM ([fe80::8c96:a66b:e170:bf8f%3]) with mapi id 15.20.2856.019; Mon, 30 Mar 2020 13:12:25 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: =?utf-8?B?Q2hyaXN0aWFuIEFtc8O8c3M=?= <christian@amsuess.com>, Marco Tiloca <marco.tiloca@ri.se>
CC: "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] New draft-tiloca-core-groupcomm-proxy on proxied CoAP multicast operation
Thread-Index: AdX3h8v3qOoNt7aTQmqeLXySL0X+xwA/0ZqAA4K0sXA=
Date: Mon, 30 Mar 2020 13:12:25 +0000
Message-ID: <AM5P190MB0275DDE559BE618264A8941EFDCB0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
References: <AM5P190MB02753814229668BC943A5C02FDFC0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM> <20200312155829.GA346418@hephaistos.amsuess.com>
In-Reply-To: <20200312155829.GA346418@hephaistos.amsuess.com>
Accept-Language: en-US, nl-NL
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=esko.dijk@iotconsultancy.nl;
x-originating-ip: [85.147.167.236]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2de28e81-f1cb-4530-1697-08d7d4abfd9d
x-ms-traffictypediagnostic: AM5P190MB0531:
x-microsoft-antispam-prvs: <AM5P190MB0531301AFE13FC0EDC7B18FFFDCB0@AM5P190MB0531.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0358535363
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM5P190MB0275.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(10019020)(366004)(136003)(376002)(346002)(396003)(39830400003)(66574012)(52536014)(66556008)(66476007)(66946007)(64756008)(186003)(66446008)(76116006)(81156014)(110136005)(5660300002)(8936002)(33656002)(8676002)(81166006)(44832011)(316002)(508600001)(6506007)(7696005)(9686003)(55016002)(4326008)(71200400001)(26005)(2906002)(86362001)(53546011); DIR:OUT; SFP:1102;
received-spf: None (protection.outlook.com: iotconsultancy.nl does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9EmDBXSLMrdwn5UR9T+iavHMtNJ5VVrRJ4zmW8BM2V19BPBgc4YvEZkG6E0xEapJSugBznj1ZvMRlaM5mbVYwoa2hphTftbziAGA7cuBsV4HoNvUrKCvlCVO+xUDUiykpBHTjUMYLewsDLNMBpj7OZshBg8kbfxsGU2B8QHhHdUJPSKtm7rO66Bk4w0/bU02OllCrtp8v8adJLaCCwkyIc3Yud6cJu7ohI1t5LSPBj6MoNDoud6cNKf2WvYhbpY71tTtdK/8CsWpEYAMDUx6YPGEma45CzFioS1cYpJVOsIetXsarNLZfJtZtFTv4V6QqSpY22+FIe0GliLy4s3SucYraIJjYjWloiPPpdS5f459KIVgbHBkj2YabtAdT85bFgpwXvzkBA4r6my6QTfuIwJ5LukAQNybIHS6oQxeObDESs45S1bpu3TlJJAVO1BB
x-ms-exchange-antispam-messagedata: /TQ+XHinwFHG5pANoz9rmzJ50IccONkkONiERU8fyrEUzqIv2p11IHBt2mJPPR02M9z0F/IvOlWdVD2VlOrj3rKgSoJm4WyhLNnB2QWpQ3q18g3k3f/2f5GdoB0VDlIEZixbiKKPlRyrX7qVkHKdBg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-Network-Message-Id: 2de28e81-f1cb-4530-1697-08d7d4abfd9d
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2020 13:12:25.4303 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q4Lm43GYaqAj4mIzYfRHP8OBN3LYwh3tOY02S8fOl7gHyJ4Be7bzxVCnSkAMJDn108gT0cX3VwA5ydNoHYQEUHNe1iUxhODG/7iDqqeCF+I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0531
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/MYccztqTjpVue6IvxzN4R-ET7fs>
Subject: Re: [core] New draft-tiloca-core-groupcomm-proxy on proxied CoAP multicast operation
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2020 13:12:36 -0000

Hello Christian,

Thanks for your review / skimming round! Please see our answers below marked "[GP]".

Regards
Esko

-----Original Message-----
From: Christian Amsüss <christian@amsuess.com> 
Sent: Thursday, March 12, 2020 16:58
To: Esko Dijk <esko.dijk@iotconsultancy.nl>nl>; Marco Tiloca <marco.tiloca@ri.se>
Cc: core@ietf.org
Subject: Re: [core] New draft-tiloca-core-groupcomm-proxy on proxied CoAP multicast operation

Hello Esko, hello Marco,
hello CoRE,

thanks for tackling this.

I'm only skimming over it in a first round, but a few things have come
up:

* Multicast-Signaling: Is this a CBOR unsigned integer or a CoAP uint?

[GP] Yes, that was indeed an oversight. We will change it to uint as it is totally fine for our scope.

* Response-Forwarding: Is this expected to be extensible to any other
  CoAP transport that may come up that supports multicast? The use of
  CBOR tags seems to imply that, but then there's the question of how
  the client would arrive at a URI for follow-up unicast communication.

  Have you considered just using values that'd go into Uri-Host in a
  follow-up request?

[GP] The use of CBOR tags was not on purpose to be prepared for future transports. It was more re-using a convention that was already there. But by doing it this way we are prepared for potential future transports, in which something else than an IPv4 or IPv6 or MAC address needs to be sent back to the client.
The current encoding is expected to be more efficient than providing an IP address as a Uri-Host string. The current encoding can also be re-used in a Uri-Host or Uri-Proxy Option sent towards a proxy, although the client needs to do some transcoding to get it into the string format used by CoAP.
If the client uses a direct unicast connection to reach the server (maybe this use case is less common?) then it doesn't use the returned IP address in the CoAP request; it will only use it in the destination IP address of the IP packet that is sent and then having it in a byte-by-byte format is quite useful.

* Why is the information about the client being behind a proxy
  forwarded? We don't to this in other proxying cases, and it just puts
  an additional burden on the origin server I don't see a compelling
  need for.

  From reading up to 5.3, I'd have expected that the proxy strip
  Multicast-Signaling when doing the actual multicast, and put back the
  Response-Forwarding option.

[GP]  Yes, that can also work - the Multicast-Signaling only goes up to the Proxy ; and the Proxy adds the IP address information to the response that's forwarded back to the client.
We opted for the current end-to-end solution to have the extra information (in both ways) secured so the Proxy can't tamper with it. (This works in combination with OSCORE.)
We see some pros and cons for both options. It would take some more analysis and discussion to decide which is best!


* At some point, as a WG we will need to think of whether we really want
  to have another option with Observe-like multiresponses; Block-wise
  and Observe being the two extensions so early everyone knew from
  RFC7252 they would come does put them into a special position.

  I do see the benefits of doing things this way -- it is way more
  efficient than anything I could think of that works across unaware
  proxies.

  If we see this as general enough to be one of the few ways to have
  longer-lived tokens, all is fine, and I am fine with that outcome, but
  would like to hear some WG discussion on whether we are as a group.
  In particular, that process should come up with some criterion of
  whether a mechanism is special enough to be another Observe.

  Otherwise, one option is to define a single one more generalized
  longlived-token mechanism that'd go along any option that starts an
  observationish process (and tells the proxy the eventual-consistency
  semantics of the request). Observe doesn't need that because it's been
  known all along, but if it weren't, it could be expressed in terms of
  that one option (plus its own option).

  If even that doesn't fly, the whole protocol would need to look very
  different (but I hope it won't come to that).

[GP] The concept of multiple responses (by the Proxy) to a client's request is already defined in RFC 7252 so it is not 'new' in that sense. The use of the Options as we define it, doesn't change that behavior.
Also in draft-ietf-core-groupcomm-bis we discuss the longer-lived Tokens issue; so that's inherently present in multicast situations (proxied or not).
Maybe we could use draft-ietf-core-groupcomm-bis to define the more general long-lived-token mechanisms? (Not sure yet what these would be, in general.)
This would require more discussion. Further input is welcome on what this generalized mechanism would look like.

* The proxy needs to authenticate the client, that's a sane requirement.

  In a situation where I alerady deploy OSCORE for E2E, it would be
  convenient to use OSCORE to protect the leg to the proxy as well.

  OSCORE rules that out per specification, but to my understanding
  that's not for technical reasons, but primarily due to how to
  everything is phrased as protecting and unprotecting a complete
  message rather than accessing options before and after unprotection.

  This would make a convincing use case for nested OSCORE, so I'd
  suggest thinking about this. It may help to describe it in terms of
  sending a message to a forward proxy; option classes might change in
  the course of that. (In particular, Uri-Host and OSCORE become Class E
  for that purpose).

[GP] Yes, we agree this looks like a very interesting use case for nested OSCORE protection. It appears to be feasible; we started doing some more analysis on this.

Best regards, and thanks for working on that document
Christian

[GP] Thanks again for this good feedback!

Best regards

Esko & Marco


IoTconsultancy.nl  |  Email/Skype: esko.dijk@iotconsultancy.nl 



-- 
I shouldn't have written all those tank programs.
  -- Kevin Flynn