[core] Review on draft-tiloca-core-multicast-oscoap-01
Jim Schaad <ietf@augustcellars.com> Thu, 06 April 2017 01:59 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2211126B6E; Wed, 5 Apr 2017 18:59:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYhfRlWDoGoX; Wed, 5 Apr 2017 18:59:04 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DCD1127077; Wed, 5 Apr 2017 18:59:03 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1491443943; h=from:subject:to:date:message-id; bh=0FTQKskPzu72vKqmEsj9Oo773nS6tR22Mb8+1OQCmSA=; b=Rrzadb+haUgBpLE6KUQ6VAnQoh+6bvyzP+4UWomJ+wYwrmuvJVLhsoGk7xZdpjsihzzyQETo+Ab Q2HTokn23BwsUgl9ISOcQPC6XQ007Md0w0Q04PqFndg0DAiBnj02pFIHEB61Zc9y3PNEG7xKjEDMH Z/+Tgvv1yU8FlguLZznFb7wG6GdHQm/wQHkaoxZsajDdBrgc07Y9xCYDm2aRvJRmwp2dQx/anFBck AVamAYyRzMrp2pPFoovF7pwUu8DeIzFdPDP4dsWWUKX1ucP4n+Kn/V07ug1vHW/pVydoetbvpEu2U DalSjOh7KOWrU2XDQ6L2mdkL5BUPBVWXNybw==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 5 Apr 2017 18:59:02 -0700
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 5 Apr 2017 18:58:57 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-tiloca-core-multicast-oscoap@ietf.org
CC: 'core' <core@ietf.org>
Date: Wed, 05 Apr 2017 18:58:54 -0700
Message-ID: <017401d2ae79$5a6378f0$0f2a6ad0$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdKuTspS7D95VPiCTf6PMOteBsYMvA==
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/J-TaKJ2RUs5dWu-UdiGYFbEZmwU>
Subject: [core] Review on draft-tiloca-core-multicast-oscoap-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 01:59:06 -0000
Here are a few comments on this draft. Section 1 - "Keying Material" - it is a bit confusing to say "key, key pairs". I suggest that this become more detailed on the types of keys - and perhaps purpose - or maybe just reduce to one item. Section 1 - "GM" - The sentence starting "A GMC can" should be split into two as the concepts are different. Section 1 - "GM" - I think that the word 'may' should not be in these sentences. This is what it is responsible for, a group may not use the services. That is a different statement. Section 1 - "GM" - I do not understand what this sentence is trying to say "Any message exchange with the GM MUST be secured and based on different secure channels for different endpoints." Section 1 - "Listener" - Are there cases where a listener may reply to a multicast message w/ a multicast rather than a unicast message? Section 1 - "Group response" - Is this a normal term? Group is implying multicast to my uneducated mind. Section 1 - "Source authentication" - suggest the last sentence ends "not tampered with either by a different group member or by a non-group member". Section 2 - "Multicast communication technology" - The first for instance is a problem, thisis really an M-to-N situation if you are talking about "switches". You should probably change this to "a single switch" so that it is really 1 not M. Section 2 - You should probably add a requirement on ordering of messages. Specifically - there is a requirement that it is possible to determine ordering of messages coming from a single sender, but it is not a requirement to be able to determine the correct ordering of messages between two different senders. If this is a requirement then it needs to be incorporated into the data portion of the protocol. Section 3- para 3 - the last sentence needs to be cleaned up a bit. It could be read as saying that two endpoint ids that are in different groups is precluded. Section 3 - Note that endpoint ids only need to be assigned to multicasters, a pure listener that never responds w/ unicast does not need to have an endpoint id. This would be protocol specific. Section 4 - You would have zero or one sender context - depending on if you would ever respond unicast to a message - protocol dependent. Section 4 - You would have R recipient contexts. One for every possible sender of a message to this endpoint. This would be M-1 or N-1 for a multicaster (depending if unicast responses are needed) or M for a listener. Section 4 - Creation of recipient contexts on demand is an optional item. The current text reads as mandatory. Section 4 - Need to update the last paragraph of this section to deal with the changes in OSCOAP - I assume that Cid is converted into a Group Identifier. The question then becomes if this is transmitted as a separate item or if it is part of the kid when transmitted. Additionally, how it is put into the AAD needs to be modified. Section 5 - Yes - need to be sure to highlight the difference between this and unicast as re-use of serial numbers might occur without the change of using the sender context partial IV always. Section 6.2 - The order of verifying the signature and doing the decryption does not matter and thus should not be mandated. It may be that it is cheaper to do the decryption first as long as the memory constraint is not so large that decryption in place is needed. This would allow the cheaper operation occur first. Section 6.4 - the mapping rules are not necessarily the same in the final paragraph of this section. This is because of the updates to OSCOAP. Section 7.3 - You need to have a bit of a discussion here about the difference between a late joining endpoint and a new endpoint that is joining an existing group. The in latter case there would not be an issue w/ serial numbers because a new context is going to be created. RANT - Please review all 2119 language. If it does not refer to a byte on the wire or to a specific step that one of the parities is going to perform, then it is not appropriate. Example the MAY in the first paragraph of section 3. How would I even think about doing a compliance test for this? Jim
- Re: [core] Review on draft-tiloca-core-multicast-… Beck, Stefan
- Re: [core] Review on draft-tiloca-core-multicast-… Beck, Stefan
- [core] Review on draft-tiloca-core-multicast-osco… Jim Schaad