[core] oscore-groupcomm: Thoughts on the role of the Group Manager
Robert Quattlebaum <rquattle@google.com> Fri, 29 June 2018 20:25 UTC
Return-Path: <rquattle@google.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AFF6130E00 for <core@ietfa.amsl.com>; Fri, 29 Jun 2018 13:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.511
X-Spam-Level:
X-Spam-Status: No, score=-17.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VlxKrFECKO0A for <core@ietfa.amsl.com>; Fri, 29 Jun 2018 13:25:11 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B2ED124C04 for <core@ietf.org>; Fri, 29 Jun 2018 13:25:11 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id v9-v6so3573250pff.9 for <core@ietf.org>; Fri, 29 Jun 2018 13:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :to; bh=mr4t83rrPbLxxwvhkzTWzdWos2kZYh9eNRK83w/P2wY=; b=dfSLKyadI64IrkYMBYL/S7v/9FI31/Vn0/c69IoplX04YK6gKbHd8WkOx4yB1/1WRQ KW6J46ReZ7L2EeuzOIKQ/6ALCrtL4N3XVpmYa/Ni38Pn9XXvHYhY4O5/r6CN/DJVvRDT Xe48RXZqqbHnPqakoCEEGXngoP9fsBV6XEkioL5vopnlU8VPQiFi5yF0FT0kLuYE0rBx M9CxMV7kqJAnlSCeN+X4NfFd0hFh2hzFZD6uTQKx5axtqgaMf4/I484SSvHIeKLm8FQv V8a8m8nnZ1ZmY+NHyrRkRUb7ZhceXcV8AdBRLLxkIIJwZQWkZEl5eiEv3U2d2I/Pca6w +J0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version:date :subject:message-id:to; bh=mr4t83rrPbLxxwvhkzTWzdWos2kZYh9eNRK83w/P2wY=; b=dswM6uAHY411+zk5ZpBjUlVXCFtePtlSLMHpZF7kMcYKhfhuysJzVq661+XxIe+s4z Rm6kFTQ3v5BcQ066GprMKUYgSnHBO9CG2MUrRzAEpcIj9CQAPgt8NSbY5s0wP9BgXKMO 56wFH1RqQKofo17PpWDzrUft4zMuqvmWqEAtwfF6AbKwWMnOfoXlPXKg85yL7RLgBYi8 m3w2Tjmu397KiNDA8K1fMAYod+nRMzu18jQT9/wgRlwMk+Ims1BUttfunfg43EhWZ3mp 48QvA8HLzGSbe1UeDuFx0UuE7pPCli3T3WVi5aNa9R3EkV75jQPAQlkuSGu1azR/iYUk T8tQ==
X-Gm-Message-State: APt69E3xRtnzNdY76kKA9o8SMLKg9PqR3+MgmoCicncMmHlmqZG7SfvG 8n91oxgoLhpm4jSrrF7ddcgbtZRhF4c=
X-Google-Smtp-Source: AAOMgpey/x4pk4bPxxtLvcq6u17MLivkaSKhoBEB5vn3xgEyCk/2NybN+r9e8rjiZGtFyytuxfjumQ==
X-Received: by 2002:a65:4b07:: with SMTP id r7-v6mr1595505pgq.150.1530303910263; Fri, 29 Jun 2018 13:25:10 -0700 (PDT)
Received: from ?IPv6:2601:646:8d00:1cc3:9582:a955:fe06:34c1? ([2601:646:8d00:1cc3:9582:a955:fe06:34c1]) by smtp.gmail.com with ESMTPSA id 76-v6sm2562202pfx.40.2018.06.29.13.25.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jun 2018 13:25:09 -0700 (PDT)
From: Robert Quattlebaum <rquattle@google.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Fri, 29 Jun 2018 13:25:07 -0700
Message-Id: <403E803C-B547-4645-9C8A-7D1753B651E8@google.com>
To: core <core@ietf.org>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Ls9iWfRYU3xwT-shZU7Q8Xzh53o>
X-Mailman-Approved-At: Sat, 30 Jun 2018 11:04:05 -0700
Subject: [core] oscore-groupcomm: Thoughts on the role of the Group Manager
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 20:26:25 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello everyone, I was reviewing draft-ietf-core-oscore-groupcomm-02 and had some comments, specifically to the role of the group manager. First off, overall the direction looks fantastic. Second, appendix D.1 outlines a process for an endpoint becoming a member of the group. In this process, the endpoint itself petitions the Group Manager to be made a part of the group. This seems obtuse to me: Presumably, an authenticated administrative interaction was required to configure that endpoint to know to request to join that group. Wouldn't it make sense to also configure the rest of the required data to participate in the group in the same administrative action? It also seems at odds with the third responsibility of a Group Manager outlined in section 6: "Driving the join process to add new endpoints as group members". In Appendix D.1, it is the endpoint initiating the join, not the Group Manager. Specifically, what I'm proposing is that endpoints don't ask the Group Manager to join a group: instead, the administrator indicates to the Group Manager that a specific endpoint should be added to the group, and at that point the group manager goes ahead and configures the newly added endpoint accordingly. Strictly speaking, I don't even think an endpoint even needs to know who the Group Manager is. The Group Manager already needs the capability to configure endpoints to reconfigure and eject devices from the group. Eliminating the (apparent) requirement for an endpoint to be able to ask to join a group makes implementations more simple without sacrificing any functionality. It would also simplify the required security interactions. It also allows for the Group Manager to be an offline device that only appears during administrative actions. Thoughts? - -\- RQ -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEyqyznYdlVWku4iGibiytsfqnyUQFAls2lSIACgkQbiytsfqn yUQx7Af+J2l7KgFGXaJvnCFYE1mYzQ3ralzsAeFOa5V57CWwX4qPg1oVnwXFrQ2q PFEUB09ovAHHEhI0AmHHSt6tJWwJ8LxGs9vkdwdy/5O4nDGml8ix/gksEzKb66MA q1ilk5qns491vCCfpkCzqcNqaE2wT8n/gnF1a5G1lmeARpOkKHhwOzQ+mKObl0ux akCOMdtZcEjVw+npFqWEMxmmtJIcl0JQIXoIxuPO1eSClaxR6KnP19oHrhrhJHuq W61XyucLWEzwD/mQx3LaeI5UGRdoFOFEVjhQd22AeQYWNaUbygQ8ozz+I6vpkplo l/1LbPhyYMDzEQ0FOgx7Kau3O3Su6A== =kvhP -----END PGP SIGNATURE-----
- [core] oscore-groupcomm: Thoughts on the role of … Robert Quattlebaum