IETF Logo Mail Archive

Re: [core] Endpoint Client Name / Endpoint Name in RD draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 23 April 2018 03:08 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE8B1243FE for <core@ietfa.amsl.com>; Sun, 22 Apr 2018 20:08:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJ05XRgJN47N for <core@ietfa.amsl.com>; Sun, 22 Apr 2018 20:08:34 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40048.outbound.protection.outlook.com [40.107.4.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E32D124B0A for <core@ietf.org>; Sun, 22 Apr 2018 20:08:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QZwlOftAR8NApjppApTzQ4AJWbCi4MVW7hfR1Q/szTs=; b=onXwo+ktwlIkgT8jGc2P11v7ja1xSSN5RqdjSiLUk4OYUMAvWEF9EtYyUknvEBEFufZ7NgqlAC+M3Av+Jw4xs6RNY+IrZWoMy+XuWI+/5yIUn8uGxTWroWgrEmZO3vhkaYZ809hQwc6h8BfKOyQy1X0kpSzZYZtbxXpuYEqCpDE=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1341.eurprd08.prod.outlook.com (10.167.197.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Mon, 23 Apr 2018 03:08:30 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644%17]) with mapi id 15.20.0696.017; Mon, 23 Apr 2018 03:08:30 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>
CC: Jaime Jiménez <jaime.jimenez@ericsson.com>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Endpoint Client Name / Endpoint Name in RD draft
Thread-Index: AdPMGk8Ajq5nOeuWRv+BrgbskCDzwf//7S4A//+qDBCAALM9gP//8agggADTwQD//7rfYADWabOA/+pTH0A=
Date: Mon, 23 Apr 2018 03:08:30 +0000
Message-ID: <VI1PR0801MB21126DE7C4287563D1598E86FA890@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112B52094B182F5D44C4F64FAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <A484D917-677C-4B29-BBAD-DDDE34B50303@ericsson.com> <VI1PR0801MB21128EA2B70DEEE7C5775A62FAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <070801d3cc3f$8d59e0c0$a80da240$@augustcellars.com>, <VI1PR0801MB2112FB25797DCB8F546C148DFAA40@VI1PR0801MB2112.eurprd08.prod.outlook.com> <7BA9B091-F489-4ED4-B6EC-5AD7D971D6F7@ericsson.com> <VI1PR0801MB2112A692CB307D213A89DFC8FABB0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ca2b6038e911d93e15e57763836a1d09@xs4all.nl>
In-Reply-To: <ca2b6038e911d93e15e57763836a1d09@xs4all.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vanderstok.org; dkim=none (message not signed) header.d=none;vanderstok.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [103.40.135.62]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1341; 7:qdf9D2jGmT8ys2VVnQBREwy3cYfvBy2AMPa9HByINGIFP7x2rQ9bHLOGG3DQsY+ro/qohQNoC7LRLxhNu98SiOJrwQh9b9BBADAh4krcowMmJpDMEwdyG3yrts9JeJs6P5lcpoZT+R9hg985Y/5tWfv+yTZTLTjiqPnfb/+Xll3JUQIqQFDFtcvIyvJ6OfAZRO1+dBEmdRaEf2n2WWqmsH7fd7dJ9Qh5vHq8zY+nB671v5DcozwDLnZvrcgtUDjW
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1341;
x-ms-traffictypediagnostic: VI1PR0801MB1341:
x-microsoft-antispam-prvs: <VI1PR0801MB1341BF31629BCC4A994415EFFA890@VI1PR0801MB1341.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231232)(944501410)(52105095)(3002001)(93006095)(93001095)(6055026)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:VI1PR0801MB1341; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1341;
x-forefront-prvs: 06515DA04B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(39380400002)(346002)(39850400004)(396003)(13464003)(316002)(9686003)(5890100001)(55016002)(26005)(5640700003)(5250100002)(2501003)(54906003)(33656002)(8936002)(1730700003)(59450400001)(76176011)(93886005)(7696005)(2351001)(5660300001)(8676002)(102836004)(81166006)(6436002)(66066001)(3846002)(7736002)(6506007)(53546011)(6116002)(229853002)(6916009)(74316002)(3660700001)(2900100001)(53936002)(6246003)(3280700002)(305945005)(186003)(72206003)(4326008)(446003)(86362001)(11346002)(478600001)(2906002)(25786009)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1341; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; MLV:sfv;
x-microsoft-antispam-message-info: Sls8NXROOsjO5fEydv8Zqv4HbbQrPPilmGCBbLCQ+U7dMJ2wprBWDUSGIU/9aeuPo2Zsk2XGyqZ3sCBvr+XkdQjcaOuLaqtVKdMbU340wQXQWRS62oYqPQ4S7V9qXe+tBJk8kzv+ZO96eg92Itl37kvMrGPdupBQyNOePe03026udQ4U82xxYPNo6A3/FDU/
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 2aabca4e-f17b-42bd-2f4f-08d5a8c77d99
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2aabca4e-f17b-42bd-2f4f-08d5a8c77d99
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2018 03:08:30.1005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1341
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Ou-ya2P9YOen1jjLbJLhwnHg4Ik>
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 03:08:37 -0000

Hi Peter,

The mailing list discussion reconfirms my worry that people will get this wrong and will introduce security vulnerabilities.

I am saying that the security protocol used to protect the communication will have an authenticated identifier and this identifier then has to be used for identification of the IoT device. This identifier will then also be used for lookups .

I am furthermore arguing that the multiple IoT device cannot share the same identifier. I agree with Jim that for third party registrations we cannot completely get rid of the endpoint client name/endpoint name functionality but for the third party registration you are most likely using a different approach anyway. I am not sure anyone using the RD specification for commissioning tool functionality today since the main purpose of the RD document is for something entirely different.

Ciao
Hannes

-----Original Message-----
From: peter van der Stok [mailto:stokcons@xs4all.nl]
Sent: 09 April 2018 15:04
To: Hannes Tschofenig
Cc: Jaime Jiménez; core@ietf.org
Subject: Re: [core] Endpoint Client Name / Endpoint Name in RD draft

>
> I am curious what we lose if we remove this identifier altogether. The
> only thing that comes to my mind is a debugging capability where you
> might want to test your system without any security protocol.
Hi Hannes,

Probably, I completely misunderstand your suggestion.
Registrations in the RD need identification so that they can be changed, removed , updated, etc...
Registrations are identified by the (ep, d) pair, unique within a given RD.
Removing ep identifier will force you to find another identifier for a registration.........
and you are back to square 1 it seems.


Peter
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email