IETF Logo Mail Archive

Re: [core] Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14)

Christian Amsüss <christian@amsuess.com> Wed, 14 September 2022 16:06 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC8FC14CF1E; Wed, 14 Sep 2022 09:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eo13Ce_LktEQ; Wed, 14 Sep 2022 09:06:45 -0700 (PDT)
Received: from smtp.akis.at (smtp.akis.at [IPv6:2a02:b18:500:a515::f455]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE96EC14CF1C; Wed, 14 Sep 2022 09:06:41 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by smtp.akis.at (8.17.1/8.17.1) with ESMTPS id 28EG6aQQ088122 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Sep 2022 18:06:36 +0200 (CEST) (envelope-from christian@amsuess.com)
X-Authentication-Warning: smtp.akis.at: Host 095129206250.cust.akis.net [95.129.206.250] claimed to be poseidon-mailhub.amsuess.com
Received: from poseidon-mailbox.amsuess.com (poseidon-mailbox.amsuess.com [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 84B67F6D0; Wed, 14 Sep 2022 18:06:35 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::907]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 4CF2311C21; Wed, 14 Sep 2022 18:06:35 +0200 (CEST)
Received: (nullmailer pid 3413968 invoked by uid 1000); Wed, 14 Sep 2022 16:06:35 -0000
Date: Wed, 14 Sep 2022 18:06:35 +0200
From: Christian Amsüss <christian@amsuess.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Carsten Bormann <cabo@tzi.org>, Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>, draft-ietf-anima-constrained-join-prox@ietf.org
Message-ID: <YyH8C73McJ/DHKRy@hephaistos.amsuess.com>
References: <91614672-0629-f10f-9bcc-ad922d4045be@ri.se> <483507C3-9E25-4450-99D4-6FE7FA56266E@tzi.org> <22189.1663100544@dooku>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ix29bZNe33RicqDU"
Content-Disposition: inline
In-Reply-To: <22189.1663100544@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Q0N9qXr2XYf4kaec9OEDjesA-nY>
Subject: Re: [core] Join-proxy information in the RD (Re: CoRE WG Virtual Interim 2022-09-14)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2022 16:06:49 -0000

Hello Michael, CoRE, and join-proxy authors,

On Tue, Sep 13, 2022 at 10:22:24PM +0200, Michael Richardson wrote:
> thank you for bringing this up again.

I've had a few comments around this which I somehow failed to deliver to
the right people -- this was primarily assembled in the context
reviewing the use of rt=, but the comments necessitated widening the
scope. Some questions embedded, answering which might help getting
progres here.

---

There are some aspects about both rt= that make me concerned:

* <coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp

  This indicates that there is a resource at the given URI that can be
  interacted with in some way described by this resource type. But while
  there may be also a resource there (in particular, the `/` resource of
  the forward target), that's not what this line is making a statement
  about. This line is making a statement about the transport endpoint
  associated with the URI (which is a bit of a hack but does not disturb
  the semantics of the remaining URI metadata ecosystem; at [1] I'm
  developing terminology for that).

  At the minimum, I think this should use a dedicated target attribute
  rather than the rt=, as Resource Type semantics are (in all their
  vagueness) still about a concrete resource and not about the protocol
  endpoint identified with that URI. However, see below around coaps+jpy
  for additional suggestions that'd make this obsolete.

* Similarly, the query for ?rt=brski.jp returns a resource, when it is
  actually asking for a transport endpoint. Moreover, there *are*
  resources available that the pledge likely will need to discover (any
  of the brski.rv/vs/es). Before I can make any good statements or
  suggesions here, how is it currenlty envisioned that the pledge will
  find these resources?

* Only partially related, the whole coaps+jpy scheme (which looks to me
  really more like a generic semi-unidirectional UDP tunnel than
  anything CoAP related) might not need registration at all.

  The relevant metadatum which is transported in this (AIU) is that for
  some UDP port (eg. [2001:db8:0:abcd::52]:5684), there is an additional
  UDP port (currently advertised as
  `<coaps+jpy://[2001:db8:0:abcd::52]:7634>;rt=brski.rjp`) that has
  equivalent destination semantics but does all the state-keeping and
  unwrapping. Given that this only works locally (if it were run
  separately, that separte entity would need to keep state, whereas the
  local service can take shortcus and only keep state after DTLS got
  established), might it not be a better option to just advertise that
  the CoAPS port has a an additional way in, say,
  `<coaps://[2001:db8:0:abcd::52]/>;jpy-port=7634` (abbreviated as
  `</>;jpy-port=7634`)?

  There is a downside compared to the current approach -- the
  `?rt=brski*` does not offer all relevant information any more.
  However, the registrar may still offer the `</>;jpy-port=7634` the
  line even when it does not match the filters, given that query
  filtering is generally optional, or offer it on any of the brski.*
  lines reported.

* In unrelated comments, I find it odd that the JP MUST implement both
  and the registrar only SHOULD do stateless. I can well imagine a JP
  that doesn't gain anything from stateless (because its platform only
  provides an `accept()` based API that has per-ciient state anyway),
  but if I implemented an embedded JP, I'd very much prefer to only do
  stateless mode (to keep code size small and testable), violating the
  MUST on implementing both and moreover depending on the JR to
  implement the SHOULD.

  I think that "JP may implement either, JR MUST support both" would be
  better..

[1]: https://www.ietf.org/archive/id/draft-ietf-core-transport-indication-01.html#name-using-uris-to-identify-prot

BR
c

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom

v2.23.0 | Report a Bug | By Email