Re: [core] I-D Action: draft-ietf-core-attacks-on-coap-02.txt
John Mattsson <john.mattsson@ericsson.com> Fri, 23 December 2022 06:36 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57F9C14CEE5 for <core@ietfa.amsl.com>; Thu, 22 Dec 2022 22:36:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1oF8-hzKBFP for <core@ietfa.amsl.com>; Thu, 22 Dec 2022 22:36:22 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2076.outbound.protection.outlook.com [40.107.22.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75411C14F72F for <core@ietf.org>; Thu, 22 Dec 2022 22:36:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ejbp03+/UP6Y69F6f0Za38pHm8dzPlVPKcORSRa8HvX5wTzUk/RtNxzfOvUaObVH/TfB4KY52JOlfkyZH8ml2KU9RSyt+FE7pTIzEnWpKplURJsCP5pCS/pWHqeYwk9z5JX7ZUINJ92XiwHFvbmgKPO2Qm7+x9fDTZ4zjdRCf6zbJYKCGjbZ/d9as+SG9uy2e6n+ze6MAs4C2UH39Fdyjoby9bG/YqPSyn5Oi4yB9x5gP473HmQMbzAUOHsUbfTJpcHKXLHfjkoRcdcOK9AUgQE407wwgzyn+vK+7zJI3pkpJPivsMTXgbda5uTwy5tPZXv9jV15WRAIT2jIYSBSJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L1qlu1U53hfyPYBGYsJu8eenT9QEO3Z3S5o6aFQr5ac=; b=ioZoNvNLTGGREog3fxp0+HcxYodvE9SXoms7N+fknDUEKdReZfr1J+WQaOtoPU9leWw5j1j8aGo1B/LzZy1JqZN0+qO0VfMju0eBCyPLEQeTgZxlUHWfNFkpvPCQFlpUM37JFGep7nWwLZhYyIfWNb62CFWIPUXlmLEjeNpo/qqQ5uKYHbzu99Ho3nF087d2h/vBcJ3Lsv2mO7escEyni45Dw4gmlwoEG5u2fcoV2tArNfA4TEmbbsGNTtQK3u1i6eKX2gLTHVxKNEZTTFbO9iIGAX4x45ah87x7rLN5DCTZOuDeDnSMrnD2MGRxB1d9yS0ITo9f/HZiaP88F7CWuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L1qlu1U53hfyPYBGYsJu8eenT9QEO3Z3S5o6aFQr5ac=; b=io7cjy2XpxhUhrXxpeFnZWO6e/z/90PdS0Xe9o5dBbD+s4aZA0Almo9euOgiDpHPZnY5MNHwo26pGyMAnuAFvgHTUEkVXvP3ZhD/NSXDgDWqxzXuf4yc3o8fleU7pQsmncIJtoyNwmEe7WSNzY4uJnpDt+aAyOuFI0hbB76or64=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by PA4PR07MB8648.eurprd07.prod.outlook.com (2603:10a6:102:261::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Fri, 23 Dec 2022 06:36:13 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::fc77:42d2:1bc6:ec49%12]) with mapi id 15.20.5944.013; Fri, 23 Dec 2022 06:36:13 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] I-D Action: draft-ietf-core-attacks-on-coap-02.txt
Thread-Index: AQHZFphh8hW/SwTZ9k+4RTSlY+tXKq57BBXY
Date: Fri, 23 Dec 2022 06:36:13 +0000
Message-ID: <HE1PR0701MB30504D4C518AA6CE9941927789E99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <167177709362.31452.17676101450732027881@ietfa.amsl.com>
In-Reply-To: <167177709362.31452.17676101450732027881@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR0701MB3050:EE_|PA4PR07MB8648:EE_
x-ms-office365-filtering-correlation-id: 77ad0ad6-3bfb-4beb-82f2-08dae4affc98
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ttj0d2UqtVKEjUxLxJ/AF4offgzpP786vYulrhFTtyk2nUzrJDlIe/H9s3fER4aK2USkuFJ5IcBOyw7/SD3iAVvOvzP9F+//sMRjG8hvSVGJ36FA+zfZnTyYVcOT+p7YlDEwNLG/wgnZOOFfujDkvGriv3sOFjWFegDKupl0bW+5F48dYdN/Rfg2w+gl4oh0ethihbNQQtCGw2vey/3aImx4EexSkne3TMYYABjwz+aubmYz1k/HSHr0pjLsTdKL3M0kZu3QNEG2lZGEHDSM4Kq2cNsWk+ayklEtlwWHHcko0oYZgNOKXsAHo5k/ZO4svUqk+FIUR6vGpJnlwDATetgsT1rLozGGfsiME0+okyV3tOQO6UQt2VIabenv/pMqQyN7u7Ku+rkBIZr8C6e19Cbc2n5oKqY5R0nZ6B6aB7lpsIrjHuIwDYYsPnVt5KfG5UsqcaTei1rCjZxEbr/iV8gOnnpGVUHp7w0sjsvcEM6Ks8c4+6KOXmBk5Q5admYTGsjmAaRASNibVkg9j4Cwt5pWoYv5vXDM5J3P7AY0O+9uXj9ejXw0yze8nIwZTkkw6ro/Yz9HOt0Yg6AE7agrudRNe7/0iu0feQBZs/ox29txsHZgoyiRwU4ZcchVa3/eNucesyqLplflhwoh2CfXzOp0wtWOmm0bGadATY3uuiwoyR2BaggDR9Rl8hmE9fUrf8/NlpBZkAb/0te2j+Rdh3flsXCXN7UseUvDEsfzF22riWcQleBTjqGL/Ijbuwag/jum24ezO/j+hZ6d2H/dhQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(396003)(376002)(39860400002)(366004)(346002)(451199015)(71200400001)(82960400001)(38100700002)(7696005)(122000001)(6506007)(53546011)(26005)(186003)(9686003)(66574015)(33656002)(478600001)(966005)(83380400001)(2906002)(52536014)(8936002)(41300700001)(5660300002)(316002)(166002)(4001150100001)(55016003)(66556008)(66946007)(76116006)(38070700005)(66476007)(91956017)(86362001)(8676002)(21615005)(6916009)(64756008)(44832011)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aZ/ZugomaMHaehAQcj6XmbNgZ+tsV8vbTc0Smw3wLj829ZQaqvqf5T2RxwZBfg6Kh3yAxf+wZgNcm5zm6JkKDmMv1cPf6MMhSzp1hFs5MAi7D5b2q41NL8i/gV/aaY8hSQaqm1KWS+9WRGAEm1RqcCEB371k067zWU0X7lOGRyIGjTVwdyKkb+vv1ctBtQqYwvklMwLhIm8CI8prekQljJTXpxJbaxuuI0nqNkJ3PXB7DVQ9xH8wGs3mQcu6TnwM86j21NFcsmYyJfwg935EJgp6SfKs5IQRmOf7IagY2RYyqv4ZlzS3+yeF7ayjBKnUAcFUIx7Cm18t5l/eUrGLebWcAeFWIygE22NstySMfwnW9x9FAZO/v/Iu+20ox9f8IjlgKgJ1922dg+uks2XAODYmobkEAQxyLfy/3/w0e/xZ3nia3PdfPqWypOLFqjAPzZrZWMtorIny4dt0u+B6tvanMvM3IerWVRdEaHs61gXi8bUVJk5XH8nlzSboZUqZIOIi2DpR45i6KqE25QbJ11RVMO3Dwj4GTiKRvAWd/fgGl82bYo/ehkCxX8SbUCMf+OR2DnceEMPx5EebT13B3JOmsulp6UM00GqbC7R4O4eqrHGgqRRldFWtu7O5tUtjB9LkcTy+vmjT2oTq90yzTAG3X7W7cLnory9KI/S7RBDD3uS4KMwqpAo+zYML1ivUITb7OuAcTvIFDfMw2vXWa5JxgQpFaWfq0OJish/OqLk3EpvjmlseWGsWR0pR9c3jClClQhLo0VYItRtQZ1XLHbZiFWBM5GIk8Z8YDXyJ1RHuCAt6Y8EilXsTriSxYLnn7ugjwnpMOtQ+2s71qqy7CuEhImt6AXi7YW9Z4lLe7njiITo8ZZkuuPervTrf19k6llV1/V2dF3N2YM9lzQ8CqHM2GExHOq5ga/3nHYYrgbPzOkn/wkmdD0ryHt1TOVb+fJn+4ccctZdX8MDNGfA8q9J4hgEmP9U26zzwsoT+4r/++XVAkBywvc6YlzbePkQe3h4VPGa3XKmPQ01fXh0ES2evAqsUnhs2g/A0CPM/v6gIJpHKjqXnLPH/yzU2sLwumnG2Dx8AOJBQhsCIqZ6ZMg5ZwQcSqfBaB1k28IRV7Kmyy1QovkZ1Ql0yFkxKVl7h7L86B34sPnQGfFUn4b1fOp8Vtu7NbrUCKDEN2ouVu2aFTqsgYZ5ZTrnJXp2oHHjrdUen4b+/LotgpcFurW2aJb8jpsPZxSsb+F1MfFtOemjGYaSTDe30L4+/6ZBdvI3C9PiYcSbaCrAcv/3y8qKCfEpQRt5MrBE93GJgAxhFjSDLNKvm6uQbi0OjWe/upoEHpPj7GMgDtoQtGgR12xOhbCcGmAViWaM2HEgwJivKz1HeFwDpzFzqVHTEsAcVHAbnjHonFIqlCDbdSDN3BtL0XZFgbwMQAnL2qPjnJppRiUrxZM9MNVe6002IBe+79T6K2dCi/AG84SJWP6cgPiBeCoh1sAdGqIVFl5N2b5WjUgK0rMKfSfMiQ6z+mgHNIZ9LdtDTverfRS9V3aRIdS+YYGYhxm7StTh0FXeCuDye7GHFBKjaW2bBnXJg15SEF5Q4wd5GK7ULzyaESvCzPnHUZNRTjxStFTDQa21b4Rqe948=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30504D4C518AA6CE9941927789E99HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 77ad0ad6-3bfb-4beb-82f2-08dae4affc98
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Dec 2022 06:36:13.3984 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NJDCp6NgBw9h9u4RuuI3jfmFf2q0sYlmT4lbZrvaqcxbM87aQEnrrDql4YMY3pdCP8HKUtREjlIK7MZaFK7Yp4CEUIm/GbDedmQIPFeIixs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB8648
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/OFj-1RpN9OpFMEa7ezUkuL9PHns>
Subject: Re: [core] I-D Action: draft-ietf-core-attacks-on-coap-02.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2022 06:36:27 -0000
Purely editorial update: - Added aasvg and changed figures to look nice in svg. - Updated the obsolete RFC8152 with RFC9052 - Fixed spelling errors Open issues can be found here: https://github.com/core-wg/attacks-on-coap/issues Cheers, John From: core <core-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Friday, 23 December 2022 at 07:32 To: i-d-announce@ietf.org <i-d-announce@ietf.org> Cc: core@ietf.org <core@ietf.org> Subject: [core] I-D Action: draft-ietf-core-attacks-on-coap-02.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Constrained RESTful Environments WG of the IETF. Title : Attacks on the Constrained Application Protocol (CoAP) Authors : John Preuß Mattsson John Fornehed Göran Selander Francesca Palombini Christian Amsüss Filename : draft-ietf-core-attacks-on-coap-02.txt Pages : 19 Date : 2022-12-22 Abstract: Being able to securely read information from sensors, to securely control actuators, and to not enable distributed denial-of-service attacks are essential in a world of connected and networking things interacting with the physical world. Using a security protocol such as DTLS, TLS, or OSCORE to protect CoAP is a requirement for secure operation and protects against many attacks. This document summarizes a number of known attacks on CoAP deployments and show that just using CoAP with a security protocol like DTLS, TLS, or OSCORE is not enough for secure operation. Several of the discussed attacks can be mitigated with the solutions in RFC 9175. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-core-attacks-on-coap/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-core-attacks-on-coap-02.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-core-attacks-on-coap-02 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ core mailing list core@ietf.org https://www.ietf.org/mailman/listinfo/core
- [core] I-D Action: draft-ietf-core-attacks-on-coa… internet-drafts
- Re: [core] I-D Action: draft-ietf-core-attacks-on… John Mattsson