Re: [core] Iotdir telechat review of draft-ietf-core-echo-request-tag-12
"Christian M. Amsüss" <christian@amsuess.com> Fri, 05 February 2021 17:53 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 526373A0D9C; Fri, 5 Feb 2021 09:53:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qk2ezgDXJ9cy; Fri, 5 Feb 2021 09:53:07 -0800 (PST)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E49963A0DA1; Fri, 5 Feb 2021 09:52:55 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by prometheus.amsuess.com (Postfix) with ESMTPS id 2D40C406FB; Fri, 5 Feb 2021 18:52:53 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id DF392FD; Fri, 5 Feb 2021 18:52:50 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:668a:7d9a:cc8d:9b3c]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 4DE4444; Fri, 5 Feb 2021 18:52:50 +0100 (CET)
Received: (nullmailer pid 2070748 invoked by uid 1000); Fri, 05 Feb 2021 17:52:48 -0000
Date: Fri, 05 Feb 2021 18:52:48 +0100
From: "Christian M. Amsüss" <christian@amsuess.com>
To: Eliot Lear <lear@cisco.com>
Cc: iot-directorate@ietf.org, core@ietf.org, draft-ietf-core-echo-request-tag.all@ietf.org, last-call@ietf.org
Message-ID: <YB2F8Cs2DH6ux2KN@hephaistos.amsuess.com>
References: <161254498927.30549.15609771383242038227@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="wuXfb5e0uzNMGTly"
Content-Disposition: inline
In-Reply-To: <161254498927.30549.15609771383242038227@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/N9ykCh-20wF2O_S_MKJX5gBslH4>
Subject: Re: [core] Iotdir telechat review of draft-ietf-core-echo-request-tag-12
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2021 17:53:10 -0000
Hello Eliot,
On Fri, Feb 05, 2021 at 09:09:49AM -0800, Eliot Lear via Datatracker wrote:
> I do not understand why the Echo option requires opaque data, and why this
> should not be standardized, as it seems that the behavior you are seeking is
> standardized. As you give two example methods in the draft, why not reserve a
> few extra bits to specify which method is in use? This would also allow you to
> drop the necessary callback routines in libraries.
I don't see which callback routines would be involved here. In current
implementations, the value is passed around as an opaque buffer to the
component that is taking responsibility of the Echo option. If multiple
components inside the server produce Echo values and need to tell them
apart, the server is of course free to use the few bits as it needs
them (a pattern that's also used with similar opaque values like the
tokens). But maybe I did not quite get the point about the callbacks,
could you elaborate?
The behavior we are seeking and standardizing is the client's; servers
can use the option as a tool for a variety of applications (those in
section 2.4 and more) which can all work using the same generic client
behavior.
None of the envisioned applications have any data in there that'd be
relevant to the client, and worse, if the client were to understand it,
it could try to construct values, and all of a sudden the security
considerations for applications of this, like server state recovery,
would grow *way* more complex: From a simple rule ("Only send an Echo
value if you ever received it from that peer before") that the server
can rely on the client to obey, it'd grow into requiring the client to
understand when it may or may not tamper with the value.
If a particular application needs the client to understand a value of an
Echo-like value, it should take "the few bits" out of the option number.
(For example, I'd be happy to review a draft on sending a realtime
timestamp in requests -- but that would cover quite a different set of
use cases, and need vastly different security considerations).
> The last sentence in 2.2: is this meant to be limited to OSCORE or all uses of
> DTLS? I found the inner/outer text confusing, and that a diagram might
> actually help.
That sentence is merely illustrating the corner case exception, I'm
confident we can enhance readability here a bit by not referring to
DTLS. (It is general to DTLS in that in DTLS all proxies always see the
CoAP options; it says something about OSCORE is that (DTLS or not),
proxies see the outer options only).
On the general inner/outer diagram ... hm, we could add something
for sure, but I'd be worried that it'd distract by putting focus on a
topic that really belongs to OSCORE. I'll leave an issue open in the
authors' tracker to revisit this when more reviews have come in.
Thank you for your input
Christian
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
- [core] Iotdir telechat review of draft-ietf-core-… Eliot Lear via Datatracker
- Re: [core] Iotdir telechat review of draft-ietf-c… Christian M. Amsüss
- Re: [core] Iotdir telechat review of draft-ietf-c… Eliot Lear
- Re: [core] [Iot-directorate] Iotdir telechat revi… Eric Vyncke (evyncke)