IETF Logo Mail Archive

[core] Media type for OSCORE in HTTP (Was: AD review of draft-ietf-core-object-security-08)

Göran Selander <goran.selander@ericsson.com> Mon, 19 February 2018 17:36 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FCC8128959 for <core@ietfa.amsl.com>; Mon, 19 Feb 2018 09:36:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id firAy6IH-aaI for <core@ietfa.amsl.com>; Mon, 19 Feb 2018 09:35:54 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B29361243F6 for <core@ietf.org>; Mon, 19 Feb 2018 09:35:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519061752; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=vYYFyFYF6w0eCSAotQJK/kIwVI7cgJtRwW1p/ddsynU=; b=DDCmGBhndKvn3J7OMYow/VEvpjv5blFeuyYHlvkvWUYE76whujXsOP89jhM1x/XK kMrZjwD+W/Qe8h3FU3OCxd0XAmfbF//GNL5RJNPZzcMNzC20M2iCxzJNlaReFa42 xmCxrE8Exn615a6QuI712np9c6cxGA464wLI9/zrKI0=;
X-AuditID: c1b4fb25-c03dc9c0000038f0-3d-5a8b0af7964a
Received: from ESESSHC010.ericsson.se (Unknown_Domain [153.88.183.48]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id BD.20.14576.7FA0B8A5; Mon, 19 Feb 2018 18:35:52 +0100 (CET)
Received: from ESESSMB107.ericsson.se ([169.254.7.129]) by ESESSHC010.ericsson.se ([153.88.183.48]) with mapi id 14.03.0352.000; Mon, 19 Feb 2018 18:35:29 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: "core@ietf.org WG" <core@ietf.org>
CC: Alexey Melnikov <alexey.melnikov@isode.com>, "draft-ietf-core-object-security.authors@ietf.org" <draft-ietf-core-object-security.authors@ietf.org>
Thread-Topic: Media type for OSCORE in HTTP (Was: AD review of draft-ietf-core-object-security-08)
Thread-Index: AQHTqagJt6vNLBmjjUqxOVAMxqqEAA==
Date: Mon, 19 Feb 2018 17:35:29 +0000
Message-ID: <D6B0C4F1.9FB9A%goran.selander@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.3.170325
x-originating-ip: [153.88.183.16]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F5E68896A3414B478BCC51F21C784CB3@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupmkeLIzCtJLcpLzFFi42KZGbHdQPcHV3eUwdzNzBYzVhdZ7Hu7ntli 87OvrA7MHkuW/GTyONVsGMAUxWWTkpqTWZZapG+XwJWx6vQV5oJjShUts0+xNjBeUexi5OSQ EDCR+Hp9AWsXIxeHkMBhRonP5/YyQThLGCUe/1jBBFLFJuAi8aDhEZgtIqAm0TrpFRtIEbPA LEaJL71NzCAJYYF4iVn39jBDFKVInOj7CNWgJzFt2mxWEJtFQFXi3re/bCA2r4CFxNwDMxlB bEYBMYnvp9aA1TMLiEvcejKfCeI8AYkle84zQ9iiEi8f/wObIwo0c29POxtEXFFi59l2oBoO oF5NifW79CHGWEvs2neCFcJWlJjS/ZAdYq2gxMmZT1gmMIrOQrJtFkL3LCTds5B0z0LSvYCR dRWjaHFqcVJuupGxXmpRZnJxcX6eXl5qySZGYBQd3PJbdQfj5TeOhxgFOBiVeHin/e6KEmJN LCuuzD3EKMHBrCTC63MDKMSbklhZlVqUH19UmpNafIhRmoNFSZx3jnB7lJBAemJJanZqakFq EUyWiYNTqoGRka3Z6Eh6+vHFWsIuXJG7V0t1fmI/wnbbuP5xgMsPPqNdi5hSGuX7eL8KHPtQ /L+wXubBnexvZx2eNIj9MlyYa7Qy9frDXXl9njw6Uw4XeJx+ftsgLf7j7tP3lvEx7i0WcxYP PCaWs/1aTMFFzcXtN3wKMs1tFxy44X/kotyP9yYrOrpif85TYinOSDTUYi4qTgQAS516FZ4C AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/IuH5zdagG-6vryYQWScn9UqGqSE>
Subject: [core] Media type for OSCORE in HTTP (Was: AD review of draft-ietf-core-object-security-08)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 17:36:01 -0000

All,

The AD review pointed at the omission of media type to use in the header
field Content-Type of an HTTP message carrying an OSCORE encrypted message.

>> If we decide to include a Content-Type header field, the main options
>>are:
>>
>> - reuse of "application/cose” defined in RFC 8152 (if appropriate)
>> - new media type e.g. “application/oscore” to be defined in this draft.
> Either of these work for me.


Does anyone have an strong opinion here (or deviating opinion about the
necessity of having this header field)?

BR
Göran 



On 2018-02-19 15:00, "Alexey Melnikov" <alexey.melnikov@isode.com> wrote:

>
>>> 5) In Section 10.2: which media type is used for the OSCORE-encrypted
>>> payload transported in HTTP?
>>>
>> [GS] Good question, there are a few things to note here. First, the CoAP
>> option Content-Format is Inner so the CoAP payload media type is
>> encrypted. Second, the Outer Content-Format option is not present in
>> OSCORE protected CoAP messages (in the interest of saving message
>> overhead). Third, when CoAP-mappable HTTP is protected with OSCORE, the
>> message is first mapped to CoAP and then processed with OSCORE, so the
>> media type of the OSCORE encrypted payload is carried in the encrypted
>> Content-Format option also in the case of HTTP. However, we may still
>>want
>> to have a Content-Type header field in the HTTP message transporting the
>> OSCORE message. Was this what you were referring to?
>Yes. Applications or plugin frequently get invoked based on media types.
>So if you want to allow for decoding of OSCORE payloads in a plugin, you
>should define a media type.
>
>> According to RFC 7231
>> (https://tools.ietf.org/html/rfc7231#section-3.1.1.5):
>>
>> 'A sender that generates a message containing a payload body SHOULD
>>     generate a Content-Type header field in that message unless the
>>     intended media type of the enclosed representation is unknown to the
>>     sender.  If a Content-Type header field is not present, the
>>recipient
>>     MAY either assume a media type of "application/octet-stream”
>> ([RFC2046]) or examine the data to determine its type.'
>>
>>
>> While Content-Type is recommend, noting that in the case of OSCORE we
>>want
>> to encrypt the Content-Type for the other CoAP endpoint, so whatever
>>media
>> type we would potentially include in the “Outer” message would only be a
>> dummy.
>
>Yes, but it signals to applications that "this payload is
>OSCORE-encrypted".
>
>>   Furthermore, the destination endpoint would anyway first have to
>> process the OSCORE message to recreate the HTTP message before handing
>> over for HTTP processing.
>> As I read the text above it is possible to leave Content-Type out, but
>> would that be an issue in existing networks?
>I think unlabelled content is a bad form :-).
>>   Who would be able to give
>> some advice her?
>>
>> If we decide to include a Content-Type header field, the main options
>>are:
>>
>> - reuse of "application/cose” defined in RFC 8152 (if appropriate)
>> - new media type e.g. “application/oscore” to be defined in this draft.
>Either of these work for me.

v2.23.0 | Report a Bug | By Email