Re: [core] Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14)
Esko Dijk <esko.dijk@iotconsultancy.nl> Wed, 21 September 2022 13:13 UTC
Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 643B1C14CF16 for <core@ietfa.amsl.com>; Wed, 21 Sep 2022 06:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YO2ehZsPLcvo for <core@ietfa.amsl.com>; Wed, 21 Sep 2022 06:13:48 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10123.outbound.protection.outlook.com [40.107.1.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2415C14F743 for <core@ietf.org>; Wed, 21 Sep 2022 06:13:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RRVQIXT8qNaMbsqwXFL5GNf1nGZy1SqB9Mb07q4Z8L3zU9V+XGG//o2GdiIUADZJC+d/hOULnTQobXrs0IxtMFrR7KTus3fkpjupQFU+1vyA2p9BLKpJDzL8fqq9ZYVZUL5NrETYD/spNLvVAlXvqifo6Gej0DE0MSm2bP1DAcslqst4SBxgtM1Jy/dYKIaDO3oPw4k9Sv3PhyoL9km7zoAMfBdFD48TbUO0yBq9d6i9nYiSkvhsJeZxdb3uHWeXA08ccest2h7VmcZnZcreAMH/xUA7zy5Yo8v8kyCMy1G1C+r9Lw/jd3SFxVP4hm5Lk1UDXDACBFZiQl21WWNWlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RXGadgZyRDMWC+AJXt4aQN9Ki53ISgQsXpM7gPVE4rg=; b=Y4wAEXBkky/BiTA5dvlcr+cyI8itzsAhDvzeR5HAu7XRT5s+Kv/moVvt6Qe2I6wZFa2rXAt529T6dcv6aI30tpN2rhMZPXIx6Lkdp0UKkUU6+MkBJAXiyAnF/S5s6Kb9gsyIFgD4aamGmiqY0e0jAuEZdxqJM1SqEZC3wPbp90T/EthigAxK0D0vPCdbLCuau9mf8/n5avM4V2mIPpD1f8e4XK10hZBUhLvfKKqQIBLmQH/0u8My9Q9IcjYJ3ICQs4hBYuSfRdaQiJ/2/m384cD9hP7kHEXcDffGWAi63a5uOkr49+76Pmt+vfTG3UK2Svk9bfiot8IkHH82Q6PiGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RXGadgZyRDMWC+AJXt4aQN9Ki53ISgQsXpM7gPVE4rg=; b=fBB5nnXFKxRcER2NWfmQC6f8kGi7I/TAXMeY4pETqGDlaQpfGeay6nUbE7yc3E5OIAXZV+5NCAxU1jjjg3QVaohXC5f+yfV6P4pZjJo0kZwCmQDqGkW88C1L4bUWVzoRgc5N00L3RgshIQcHWApTa2W4lzg+EVsbhKrx6rX3EOk=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by DB8P190MB0732.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:fc::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.16; Wed, 21 Sep 2022 13:13:42 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::b036:4614:bf67:fa75]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::b036:4614:bf67:fa75%7]) with mapi id 15.20.5632.021; Wed, 21 Sep 2022 13:13:42 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Christian Amsüss <christian@amsuess.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "core@ietf.org WG (core@ietf.org)" <core@ietf.org>
Thread-Topic: [core] Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14)
Thread-Index: AQHYx4Y9y+Hn9IcZYU2VmY10cehN6q3dzgUAgAFK24CACsreIA==
Date: Wed, 21 Sep 2022 13:13:42 +0000
Message-ID: <DU0P190MB1978B04BF7ADFDDA7A61AD6BFD4F9@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <91614672-0629-f10f-9bcc-ad922d4045be@ri.se> <483507C3-9E25-4450-99D4-6FE7FA56266E@tzi.org> <22189.1663100544@dooku> <YyH8C73McJ/DHKRy@hephaistos.amsuess.com>
In-Reply-To: <YyH8C73McJ/DHKRy@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|DB8P190MB0732:EE_
x-ms-office365-filtering-correlation-id: cf3b428a-c7cb-4386-aa5c-08da9bd31b46
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XYIQRkKUtCE+5NBDrWwKVzSyYgZNZ8k2uGhwK/gIQss0TxMC6bDMhDwGZVR4MEWkXYw5YmDGMFAOjtK8VV1Ts0O67LU/eIEcnxGIe9NWV5KCiNwOQ6F/XkH1WdRI4lK8+SgBo3nSk8JtaON30LuXthOpEALCgiu66XxAaJdiY+i0zjyQDrB0GLOa4zjbk43ZuCQ5vNJE23//atQkT+BgELB7UHyvzb8z0DvriFn4qZ9HQD/D6/ofZrUNg5guIcePQ2+abNteURmBxpvP/3A96XlcKbIagsGY9uTbETAkFUIPC65LgxfSRS0cW5enPXrJned3aMzYABSID/z8/bUOPu4RJSeeG66P1gi9Fo8O0YDZ9iWRN0fyhwFaN+pYM6fneRhHarEFf7arZQitBj5I4uJMJW+Jf7QnN7HLQSN8nYYq7yx4fZa1gbd75pTw3QyqelB/5ZyUoS4y1eGwuT8aYgh1QqDf1oEndonHPtmOBGUlhJXLtAxGvL3XCYg1enYd8BA+VmFPEBo7IsPMCyDrEgOh2m5xtRrCQnBuI8P7Yvp3rz3YRNEhS6+Di8FIa6uiit29hyPrTxVbIkT8kg6P2lwucp2MuJALKl+Ket/u3L3VtEORbv10Yws29T36E1RF+XEZCi7DN+XrhrsjbN1iw4F5iLezXdNcMoq9rC+TOR61GkjVhF7s1rvmAAtXu8h7hvjICgAYFtaFx+LsOO1b9ThJi9bjXEAf7Kq3/4FEwYAAKJuN9cJw+CIZBrE5IkBNgg0J2SeB4NOFvFfvuq0R1oysD5y0TDGmEVkPoNIIKJk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(376002)(136003)(346002)(396003)(39830400003)(366004)(451199015)(66574015)(186003)(9686003)(53546011)(7696005)(71200400001)(6506007)(83380400001)(2906002)(44832011)(52536014)(5660300002)(8936002)(55016003)(110136005)(478600001)(8676002)(64756008)(66446008)(66476007)(66556008)(66946007)(76116006)(316002)(41300700001)(4326008)(966005)(38070700005)(86362001)(33656002)(122000001)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZARxH4XXwE1lhcG6nypFfuaz3wC9aOC+aWgrYKuXFUQXLZP6/t3c1WFyUBGlPyzqf+C2rfIOwuEsrLSJpQAouucssM2m0bgaGcLKrHLMF8HYADu0eHZE0VBeCgxG/1IIDPaZ17fdGg0hALr+HH7WBxQAEPqLLaAqsev72iJ9+7JWZcZKRsu4Y/ta9fZU6Fu+NvvCb4AqhiLqxyW2KFkpAoB75PLtxDVDRT8T9KYDqSj/n27vzmfYOSNGfKRCQ5TC6+u5/OUf4mB9kaAvSrFL8sO5bABrBwMwR9wQQsYt4XUiDMidnlHDGNjQsFNh3DrkGJ9b+eLWFyaQ6EPYp7QmOE0MbVbUECVsJFquSOYuMLbGMjf0rbG2vHFSWbi1JkZVJdQB7XUFEbeyZjgLNesm8/um2HdpheCTq89pJenXi6P4M3SrEgOiv7h4S0a9CXeZ22TpOVyYeWDwgCJpeybMr9PiRzjUr4AEiiSmHzDUBTj7trs1yGt0klfGqBfze7pazpwcAvxfOcxyv5DmGOD8wogKWlsrpGhnKK7TC95ac/824zVXXgrg3+Ha7aeh+dMeLiEqGqbxkdUuCbDjRF7oXMk2pfX4FLq1FdJ/d3wE+lltUPQkbdlgciEtzyOG6S3pJ0ouOEN/VUaSyWWbZQquJParCiLmKaHBJKbcdFm1ODH/CwHbwlD4N69eT5Lh3DZ06ERWeOsHhGwOVFkqAQpyMvaXtk8Ble3epcHO9THu4r1Hvi+FNgqs4of7GPVGMYW3/+52Eu/ZdUVCU7Y9T7uk4B24YXPzP1O62v9dX5PII3lOSWqmO1sjOggb1jtUHZxBmkQxRlKMr52cQw1892ZSj+Gsu5YMr0RM7BgWKW/NxzNiT758P2onhtcX70EaaiNzAO3jWL9KYwHvjT06bsMme+PvfTuRBujguod5T/KrZSF5TBTBGFeBsF0HWabi47xcOcA2/DPwgErTehY3Wzhyojog5D3MGoBeEHteRE9l+D4f2//g+HWEaShM46ne67LGO/aDqcTL4K/0mfdc+F+Wb5U9e09gdLYp51LFZEFkvNvw0uJ/N+YwIeM+nzq4UjHehLZzkYAotyJgwJGrPNjO27ryKC0z3q/QCaR1CyRMT3RQTdtvO6Wtu02ABZhogEfGkIdTkCX35RXznns1I+jX488LxX7DnD+DUgnh4V2Glsh1AS0YdS+ZHxzWc/CekPgODI48a8Iz9PzD+Vw6v7avqQ6Y6CiBQe5kMdKdvKO6FJVnr6PMZdHZaU0AoeYPFNeP5Gk8ghKXv7ZTpMobhXJkri+vH2/+nUFks6huLwRwMLEOCGhlWDmxoVYL3g+C40nvd/RqultYCrUNbnoPYQ263jJ1ERPHW57BaH6MOUuuzLfGBIfp1PB1WtYIC0eJMXhXfASE1qEjoxoCIILUzNKkwqSg+BPvUKVnzru6F4XnTn4f6E5jVtCogn8FD7fo8lloKKziPWSIeALapJfxnUwnx1vAwLR+v3tjnewcLtnyvX5LmHlZqLyP7Ul8MNYUJwHKCE5QvAY6n+grZnCpvZNXx1IYVtQUxVEGnx3Jyp7qHPEcv6hwsOPwud4elTeNIa3bSTdtZZ1pcpFwiRoTWmyhANXoF5lKealuwjJfEgAQjrq9afrxAHblF6lAsxdXlV7PkfN3G9k2j9d6A0EU6yGWQQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: cf3b428a-c7cb-4386-aa5c-08da9bd31b46
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2022 13:13:42.4054 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: v+WveGI8t3j3M+Zmk3OnCXsd+lA2MB9+4enqbasGdPjyww6VLDE3U77Q/ewWHu817ry0rGNL1fxOnvmg05G71Wn+LV2YCGOMoWLW04eTEKY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P190MB0732
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Kl8q70Z2bJDDHAMrAVY7sP54PX0>
Subject: Re: [core] Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2022 13:13:53 -0000
Hi Christian, Sorry for having missed the discussion. Here some additional notes: You mention that this usage is a bit strange, as it doesn't seem to be about resource type of any particular resource: > > * <coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp What the JP wants to discover here is not one particular resource, but "any resources for doing Constrained BRSKI" in combination with requesting a particular access protocol (scheme: coaps+jpy) for these. Maybe this combination makes it weird, but it seems to work ok. Note that the "any resources" do not need to be named individually, that would be unnecessary, as the JP only relays DTLS frames to it and does not actually use those resources. The Pledge does that. Another reason these "resources" do not need to be named specifically, is that these are well-known resources. Since these reside at well-known URI paths they do not need explicit discovery. Only the fact that they exist at the endpoint matters. The following response would maybe alleviate your concerns: * <coaps+jpy://[2001:db8:0:abcd::52]:7634/.well-known/brski>;rt=brski.rjp But it would be more bytes for no additional value - semantics are the same. > > I think that "JP may implement either, JR MUST support both" would be > better.. I sent an ANIMA email with considerations about why this is, I was wondering too. Here is the mail: https://mailarchive.ietf.org/arch/msg/anima/57-KoigPOQtfjt8fCjvm2aKhrCo/ In short, if we want a network operator to determine stateless vs stateful JP type we need it to be like written currently. If we want a device vendor to determine stateless vs stateful JP type, and the network must always adapt to this choice, we need to write it like you suggest. > > the `?rt=brski*` does not offer all relevant information any more I also sent a mail about why a '?rt=brski*' would be needed, see https://mailarchive.ietf.org/arch/msg/anima/KbWQKsfFVbTWMijjm1WxCUG6908/ . This is only in case the JP wants to discover which of stateful/stateless are supported in the current network, in a single query, see case 3. The individual resources /rv, /vs etc. it never needs. Btw the Pledge also doesn't need to discover any BRSKI resources: it just uses the /.well-known/brski ones. Section 6.5.1 of draft-ietf-anima-constrained-voucher also says the Pledge SHOULD NOT do discovery for the EST resources as it's more efficient to just use the well-known ones. Regards Esko -----Original Message----- From: core <core-bounces@ietf.org> On Behalf Of Christian Amsüss Sent: Wednesday, September 14, 2022 18:07 To: Michael Richardson <mcr+ietf@sandelman.ca> Cc: Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>; core@ietf.org WG (core@ietf.org) <core@ietf.org>; draft-ietf-anima-constrained-join-prox@ietf.org Subject: Re: [core] Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14) Hello Michael, CoRE, and join-proxy authors, On Tue, Sep 13, 2022 at 10:22:24PM +0200, Michael Richardson wrote: > thank you for bringing this up again. I've had a few comments around this which I somehow failed to deliver to the right people -- this was primarily assembled in the context reviewing the use of rt=, but the comments necessitated widening the scope. Some questions embedded, answering which might help getting progres here. --- There are some aspects about both rt= that make me concerned: * <coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp This indicates that there is a resource at the given URI that can be interacted with in some way described by this resource type. But while there may be also a resource there (in particular, the `/` resource of the forward target), that's not what this line is making a statement about. This line is making a statement about the transport endpoint associated with the URI (which is a bit of a hack but does not disturb the semantics of the remaining URI metadata ecosystem; at [1] I'm developing terminology for that). At the minimum, I think this should use a dedicated target attribute rather than the rt=, as Resource Type semantics are (in all their vagueness) still about a concrete resource and not about the protocol endpoint identified with that URI. However, see below around coaps+jpy for additional suggestions that'd make this obsolete. * Similarly, the query for ?rt=brski.jp returns a resource, when it is actually asking for a transport endpoint. Moreover, there *are* resources available that the pledge likely will need to discover (any of the brski.rv/vs/es). Before I can make any good statements or suggesions here, how is it currenlty envisioned that the pledge will find these resources? * Only partially related, the whole coaps+jpy scheme (which looks to me really more like a generic semi-unidirectional UDP tunnel than anything CoAP related) might not need registration at all. The relevant metadatum which is transported in this (AIU) is that for some UDP port (eg. [2001:db8:0:abcd::52]:5684), there is an additional UDP port (currently advertised as `<coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp`) that has equivalent destination semantics but does all the state-keeping and unwrapping. Given that this only works locally (if it were run separately, that separte entity would need to keep state, whereas the local service can take shortcus and only keep state after DTLS got established), might it not be a better option to just advertise that the CoAPS port has a an additional way in, say, `<coaps://[2001:db8:0:abcd::52]/>;jpy-port=7634` (abbreviated as `</>;jpy-port=7634`)? There is a downside compared to the current approach -- the `?rt=brski*` does not offer all relevant information any more. However, the registrar may still offer the `</>;jpy-port=7634` the line even when it does not match the filters, given that query filtering is generally optional, or offer it on any of the brski.* lines reported. * In unrelated comments, I find it odd that the JP MUST implement both and the registrar only SHOULD do stateless. I can well imagine a JP that doesn't gain anything from stateless (because its platform only provides an `accept()` based API that has per-ciient state anyway), but if I implemented an embedded JP, I'd very much prefer to only do stateless mode (to keep code size small and testable), violating the MUST on implementing both and moreover depending on the JR to implement the SHOULD. I think that "JP may implement either, JR MUST support both" would be better.. [1]: https://www.ietf.org/archive/id/draft-ietf-core-transport-indication-01.html#name-using-uris-to-identify-prot BR c -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [core] CoRE WG Virtual Interim 2022-09-14 Marco Tiloca
- [core] Join-proxy information in the RD (Re: CoRE… Carsten Bormann
- Re: [core] Join-proxy information in the RD (Re: … Carsten Bormann
- Re: [core] Join-proxy information in the RD (Re: … Michael Richardson
- Re: [core] Join-proxy information in the RD (Re: … Christian Amsüss
- [core] discovery of Registrar by stateless Join-P… Michael Richardson
- Re: [core] discovery of Registrar by stateless Jo… Christian Amsüss
- [core] discovery of Join-Proxy/Registrar by pledg… Michael Richardson
- Re: [core] discovery of Registrar by stateless Jo… Michael Richardson
- Re: [core] Join-proxy information in the RD (Re: … Esko Dijk