Re: [core] Review of draft-dijk-core-groupcomm-bis-00
Thomas Fossati <Thomas.Fossati@arm.com> Sun, 24 November 2019 22:08 UTC
Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43C5412003E; Sun, 24 Nov 2019 14:08:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=zTtJhzpX; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=BZJubq/L
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07T-GUT9pT5i; Sun, 24 Nov 2019 14:08:28 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140050.outbound.protection.outlook.com [40.107.14.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CF0512004C; Sun, 24 Nov 2019 14:08:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jQI5jfJMKKpWW6sZpXKu6olLpJ+b4aBe+23mXZJLlW0=; b=zTtJhzpXNF/9/oBudUSoudSkxWbMImNbzM8PfxnqO8C1/JvQVwXkvFBQeZfvHBarPvlpca0J5AIhx7XBonvKgxlugCctssZB2L5FVLJQYlUCobioGD/D7WRhPA/50w1hLsImp31brcHiu3nwbLnUEDTKxb8ycm+tkEG6FerjiZQ=
Received: from AM6PR08CA0010.eurprd08.prod.outlook.com (2603:10a6:20b:b2::22) by AM0PR08MB4610.eurprd08.prod.outlook.com (2603:10a6:208:104::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Sun, 24 Nov 2019 22:08:23 +0000
Received: from VE1EUR03FT029.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::204) by AM6PR08CA0010.outlook.office365.com (2603:10a6:20b:b2::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.16 via Frontend Transport; Sun, 24 Nov 2019 22:08:23 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT029.mail.protection.outlook.com (10.152.18.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Sun, 24 Nov 2019 22:08:23 +0000
Received: ("Tessian outbound 512f710540da:v33"); Sun, 24 Nov 2019 22:08:22 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 7cc413c3d4f09397
X-CR-MTA-TID: 64aa7808
Received: from d2d695b0c3a1.2 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.6.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id EBA6DB28-5DDA-45AB-A283-5D6656B4FBDA.1; Sun, 24 Nov 2019 22:08:17 +0000
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02lp2052.outbound.protection.outlook.com [104.47.6.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d2d695b0c3a1.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Sun, 24 Nov 2019 22:08:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YdmiGlruKS+TA3iV7pTW6DlsugOWOD6e7hsW/lF2NnBBs+7K10EdFQuIWM2ghm2Nh/aLxhP8MwOziRV4Dn15d8TyHfAFdiytRO35HZZFlQsALL6mexNv5fmD7DVtsFcFoXObSD1Q2/bW/ACh/UQ4Vx0v9Hzc/bEDdBdaZfHicXqrXC5Zebl5pA8uDQmCbcBc82tO1+7vDP0hFaecG+eXbh/TTBYMowe+GJf8X0aS1To3q4yPl920aAyBPLtH3Ol2ZUR/mBSc9wgOgnBTF2bjqmNrWoQXfg/S+EWQLFWlnd7VQ3WbWC4v7cEZK1WIY2DO3HzHcKtH5lr/lHBE6CN9RA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/jadZ7chCJOXZVc8s7jdHUU0kgkSZlzYmAJZAjfrWVk=; b=DnKc6PLDTEEt/R8H3jjZMroBi2N4CTru4pa3Ftfo6uKLWV4bPtkpvkXgCiKL0DF4rz3niyDGGrQUT2lcKRSjSg5SkuucotQaTAxL2psrx8Cz/HJTXuPubzJexUjaaF8GQY1szH7sFf35cnmmUXclxLiwdcUqtFRLEHi2k+PBAAAaUfVzStxsNqusBev/mqw162XW6t6SqT+F7wSg+F/BJQCEYFLVXZNxavv8m72Ii44Al3iR1lMCtbLYVfdLgmuo9kydToQZDxE4Ys/+LQ9keRexO2vhE3yOD5Tv+rBnt0hI76eWlUoHiAfidheOfEJgAtoBlarFktxax4DB8/i33g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/jadZ7chCJOXZVc8s7jdHUU0kgkSZlzYmAJZAjfrWVk=; b=BZJubq/LLYtswqxfCZYTerIDgO82PMKx2FOC+a5Vp33R4L3G6QhE2SBUSUbnnTFNvHlg/1vU98fZ3KkKtfb8x2sxPY03XCkqf1bQ1y6LWdruYAM3zNahvfsLcFoRR/3fhpw2ET78eORDDr25n04gFn4mzGFYrMFXFtApdqmqR9M=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB4916.eurprd08.prod.outlook.com (10.255.98.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.16; Sun, 24 Nov 2019 22:08:16 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::e8f5:4b6f:34b7:47a4]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::e8f5:4b6f:34b7:47a4%7]) with mapi id 15.20.2474.023; Sun, 24 Nov 2019 22:08:15 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>, "draft-dijk-core-groupcomm-bis@ietf.org" <draft-dijk-core-groupcomm-bis@ietf.org>
CC: "core@ietf.org" <core@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: Review of draft-dijk-core-groupcomm-bis-00
Thread-Index: AQHVIr8jP6uKhGeBB0e+2ld05f5wFqdfthoggAePoICAD43McIAlDlKA
Date: Sun, 24 Nov 2019 22:08:15 +0000
Message-ID: <3B058FDB-2018-4E8D-BFC1-799631E496B1@arm.com>
References: <509FFE7D-1F4E-4E9B-9BA1-DFC82BB3E85B@arm.com> <HE1P190MB028428663DE92D112482998EFD6D0@HE1P190MB0284.EURP190.PROD.OUTLOOK.COM> <77708B1C-50A6-4431-87D9-1D14BB85138A@arm.com> <AM5P190MB0275DDFB87FD95C9679C60BEFD620@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
In-Reply-To: <AM5P190MB0275DDFB87FD95C9679C60BEFD620@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 5d9f5b70-3051-4b43-aece-08d7712ad2c9
X-MS-TrafficTypeDiagnostic: AM6PR08MB4916:|AM6PR08MB4916:|AM0PR08MB4610:
X-MS-Exchange-PUrlCount: 1
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB4610191BFC290568EE4BB40D9C4B0@AM0PR08MB4610.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 02318D10FB
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(136003)(366004)(396003)(39850400004)(51874003)(51914003)(199004)(189003)(3846002)(6116002)(6306002)(6512007)(86362001)(2616005)(446003)(71200400001)(71190400001)(11346002)(53546011)(6246003)(7736002)(2501003)(102836004)(14454004)(4326008)(36756003)(6436002)(8676002)(66476007)(6486002)(25786009)(14444005)(256004)(76116006)(91956017)(305945005)(8936002)(81156014)(81166006)(2906002)(66946007)(966005)(99286004)(186003)(5660300002)(26005)(316002)(54906003)(6506007)(110136005)(58126008)(76176011)(229853002)(30864003)(478600001)(33656002)(66066001)(66556008)(64756008)(66446008)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4916; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Ki7NsvxTrIrZqn3MDpGU7X46ez+IddgY+ekvf/NrWzvBwelUiOnW2ondmntRS8d5otDH5mw6lI0b2BXMy2hP/YWU2az5ufhOA00yusPoNnBWZfMCSCRsRmaRn/20q2RAvzSwxOCJ6l9KB6xGZ1MXb4ZSDM+KCN5k3ROPzcAkVrT0mRCUI8YLuVcvBFhg1ENFG3NPDILPn4SjDwJFqoCE9YRpmda2/R2LsFJFti/5hjU6P1vzTqHGnXLeEaIdRO8H/9vuKhuOfBZNzBfzb/9FvtvbmPBW/IBFm6Unarl3zr4lApiaAL26LDdzQrXR8w/3DmM+VdUGzg4aUDtf2A4uKsO7Gy3Xt6+f/6j1zzZG4D1SdEHA90fgsiYhaxcaepEBorTgFpjHgGxBh7k1unZosfTR2GSBonTseXIhOMWhA5r/ATUSJfwIUGCWLF2BgwShfxGElaaJPNR6EWlkKTOkJIcaKY2iN+VLfg4qCKKSrLc=
Content-Type: text/plain; charset="utf-8"
Content-ID: <EEC811749E2BA442BB51A8D620B0EBCA@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4916
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT029.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(39850400004)(346002)(376002)(199004)(189003)(40434004)(51874003)(51914003)(8936002)(47776003)(8676002)(81166006)(81156014)(5660300002)(76130400001)(70206006)(70586007)(305945005)(7736002)(99286004)(58126008)(2906002)(110136005)(316002)(36906005)(30864003)(66066001)(6116002)(3846002)(2486003)(446003)(5024004)(76176011)(102836004)(450100002)(6246003)(6512007)(11346002)(336012)(6306002)(54906003)(106002)(229853002)(2616005)(436003)(6486002)(50466002)(22756006)(86362001)(2501003)(14454004)(25786009)(33656002)(186003)(26005)(6506007)(53546011)(4326008)(356004)(23676004)(478600001)(966005)(36756003)(26826003)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB4610; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 6ff599c0-7914-4acb-8798-08d7712ace46
X-Forefront-PRVS: 02318D10FB
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: yndRMs83RyYt/cYM799ts7WZrj1ZhGYH46KNdV0cb5bBSPeeN7KFQDg/yinaG7DvTU0vxXbypOu5g0aS0SzXJK4IwIpKVCRf7QCZ1QO1OGomdyjBCOVAM20nJIZDJK+B9Kt+EYwkr55LpBBDFzldiglYC40HjcSHrwmwpsXZZRRMdyhKZrTy3/wAu/J+qLNbw8XnfkVIVZbUWek43zRgqm0DsslBvKS16//GwBSnypWfjyrKka6aQ0nMLl6sYoCTwBHlM4zoywI2DM959RTMHdgqMDiBLWjtq2dH720ZS8BeZ4kvG/pmJGWcITh+tcCjTKf75sLOnYTmSuDgmPK54lamKzx/92AAZDIfS1+aCta5AwuVq39SI8Q4zzAwSwkwTBxpx33ZqMaV8qWvS3aRLWxAO24rEZimTCqV1EaWwnHdIflGGWSq5NYAFUrsWZI/m8S7zoC/iNqF8y5ofUNA52buNID6ym/ABHHyHbgdx4M=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2019 22:08:23.3381 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5d9f5b70-3051-4b43-aece-08d7712ad2c9
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4610
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/TgmEmwhDB2EokFkMCh8UWgOxO8E>
Subject: Re: [core] Review of draft-dijk-core-groupcomm-bis-00
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Nov 2019 22:08:32 -0000
Hi Esko, Marco, Chonggang, On 01/11/2019, 09:46, "Esko Dijk" <esko.dijk@iotconsultancy.nl> wrote: > Our plan is to submit -02 by Monday Nov 4th. Meanwhile you can also have a > look if you want at the current open issues we have in the tracker online > https://gitlab.com/crimson84/draft-groupcomm-bis/issues Other CoRE members > are also invited to raise issues, or comment on issues of course. > > Thanks in advance for your planned -02 review! Thanks for the updates! Clearly *a lot* of serious work has gone into this revision and it looks like all the important topics, the document structure as well as the core concepts and the associated vocabulary are all falling into place nicely. There is obviously more legwork ahead, but I reckon -02 is already in a state that could be considered for adoption. I have left a few comments inline -- as per tradition, grep for '^#' to find them :-) -- and a few merely editorial fixes have been provided in a MR to the Gitlab repo. Cheers, and thanks again for all the great work! =-=-=-=-=-=- 1.1. Scope For group communication, only solutions that use CoAP over UDP/ multicast are in the scope of this document. There are alternative methods to achieve group communication using CoAP, for example Publish-Subscribe [I-D.ietf-core-coap-pubsub] which uses a central broker server that CoAP clients access via unicast communication. The alternative methods may be usable for the same or similar use cases as are targeted in this document. All guidelines in [RFC7390] are imported by this document which replaces [RFC7390] in this respect. # what about the state of the API in 7390 section 2.6.2 ? Furthermore, this document adds: how to provide security by using Group OSCORE [I-D.ietf-core-oscore-groupcomm] as the default group communication security solution for CoAP; an updated request/response matching rule for multicast CoAP which updates [RFC7252]; the multicast use of CoAP Observe which updates [RFC7641]; and an extension of the multicast use of CoAP block-wise transfers, which updates [RFC7959]. Security solutions for group communication and configuration other than Group OSCORE are not in scope. General principles for secure group configuration are in scope. The experimental group configuration protocol in Section 2.6.2 of [RFC7390] is not in the scope of this document; thus, that remains an experimental protocol. Since application protocols defined on top of CoAP often define their own specific method of group configuration, the experimental protocol of [RFC7390] has not been subject to enough experimentation to warrant a change of this status. 2.1.1. Group Definition A CoAP group is defined as a set of CoAP endpoints, where each endpoint is configured to receive CoAP multicast requests that are sent to the group's associated IP multicast address and UDP port. An endpoint may be a member of multiple CoAP groups. Group membership(s) of an endpoint may dynamically change over time. A device sending a CoAP request to a group is not necessarily itself a member of this group: it is only a member if it also has a CoAP server endpoint listening to requests for this CoAP group. For secure group communication, a receiver also requires the security context to successfully decrypt and/or verify group messages in order to be a group member. # Nice characterisation. A picture here would be great :-) A CoAP Group URI has the scheme 'coap' and includes in the authority part either an IP multicast address or a group hostname (e.g., Group Fully Qualified Domain Name (FQDN)) that can be resolved to an IP multicast address. A Group URI also contains an optional UDP port number in the authority part. Group URIs follow the regular CoAP URI syntax (Section 6 of [RFC7252]). Besides CoAP groups, that have relevance at the level of networked devices, there can also be application groups defined. An application group has relevance at the application level - for example an application group could denote all lights in an office room or all sensors in a hallway. There can be a one-to-one or a one-to-many relation between CoAP groups and application groups. 2.1.2. Group Naming For clients, it is RECOMMENDED to use by default an IP multicast address literal in a configured Group URI, instead of a hostname. This is because DNS infrastructure may not be deployed in many # Not sure this deserves an RFC2119 keyword. The configuring entity is # probably in a better position to determine whether DNS is available or # not in the hosting network and therefore take the sensible decision? constrained networks. In case a group hostname is used in the Group URI, it can be uniquely mapped to an IP multicast address via DNS resolution - if DNS client functionality is available in the clients and the DNS service is supported in the network. Some examples of hierarchical group FQDN naming (and scoping) for a building control application are shown in Section 2.2 of [RFC7390]. Application groups can be named in many ways, e.g. numbers, IDs, strings or URIs. An application group identifier, if used, is # I am confused by the "numbers, IDs, strings or URI" part here. How do # they differ (is not a URI a string and also an ID?). typically included in the path component or query component of a Group URI. Appendix A of [I-D.ietf-core-resource-directory] shows registration of application groups into a Resource Directory, along with the CoAP group it maps to. # I guess another strategy to name application groups could built on # the URI-Host component in a "virtual hosting" fashion? 2.1.3. Group Creation and Membership To create a CoAP group, a configuring entity defines an IP multicast address (or hostname) for the group and optionally a UDP port number in case it differs from the default CoAP port 5683. Then, it configures one or more devices as listeners to that IP multicast address, with a CoAP server listening on the group's associated UDP port. These devices are the group members. The configuring entity can be, for example, a local application with preconfiguration, a user, a cloud service, or a local commissioning tool. Also, the devices sending requests to the group in the role of CoAP clients need to be configured with the same information, even though they are not necessarily group members. One way to configure a client is to supply it with a CoAP Group URI, possibly together with the required security material in case communication is secured in the group. # What about dynamic discovery? For unsecure group communication, any CoAP endpoint may become a group member at any time: there is no (central) configuring entity that needs to provide the security material for the group. This means that group creation and membership cannot be tightly controlled. # Correct, but something can be done still (e.g., white-listing senders) The IETF does not define a mandatory, standardized protocol to accomplish these steps. [RFC7390] defines an experimental protocol for configuration of group membership for unsecured group communication, based on JSON-formatted configuration resources. This protocol remains experimental. For secure group communication, the part of the process that involves secure distribution of group keys MAY use standardized communication with a Group Manager as defined in Section 4. The configuration of groups and membership may be performed at different moments in the lifecycle of a device; for example in the factory, at a reseller, on-site during first deployment, or on-site during a system reconfiguration operation. 2.2.1. Request/Response Model A CoAP client is an endpoint able to transmit CoAP requests and receive CoAP responses. Since the underlying UDP supports multiplexing by means of UDP port number, there can be multiple independent CoAP clients operational on a single host. On each UDP port, an independent CoAP client can be hosted. Each independent CoAP client sends requests that use the associated endpoint's UDP port number as the UDP source port of the request. All CoAP requests that are sent via IP multicast MUST be Non- confirmable (Section 8.1 of [RFC7252]). The Message ID in an IP multicast CoAP message is used for optional message deduplication by both clients and servers, as detailed in Section 4.5 of [RFC7252]. A server sends back a unicast response to the CoAP group communication request - but it MAY suppress this response if selected # Maybe just "CoAP group request"? so by the server application and if permitted by the rules in this document. The unicast responses received by the CoAP client may be a mixture of success (e.g., 2.05 Content) and failure (e.g., 4.04 Not Found) codes, depending on the individual server processing results. Response suppression controlled by a server SHOULD be performed in a consistent way, such that if a first request leads to a response that is not suppressed, then a second similar request on the same resource that leads to the same response code is also not suppressed. The CoAP Option for No Server Response [RFC7967] can be used by a client to influence the response suppression on the server side. It is RECOMMENDED for a server to implement this option only on selected resources where it is useful in the application context. A CoAP client MAY repeat a multicast request using the same Token value and same Message ID value, in order to ensure that enough (or all) group members have been reached with the request. This is useful in case a number of group members did not respond to the initial request. However, in case one or more servers did receive the initial request but the response to that request was lost, this repeat may not help to retrieve the lost response(s) if the server implements the optional Message ID based deduplication. A CoAP client MAY also repeat a multicast request using the same Token value but a different Message ID, in which case all servers that received the initial request will again process the repeated request. This is useful in case a client needs to collect more, or even all, responses from group members. # What is the use case for this mechanism? Is this for when the client # suspects some responses were lost? In any case, please make it # explicit. The CoAP client can distinguish the origin of multiple server responses by the source IP address of the UDP message containing the CoAP response and/or any other available application-specific source identifiers contained in the CoAP response. # Which "application-specific source identifiers" do you have in mind? # Besides, in a secure group that provides origin authentication the # receiver should in principle use crypto to determine who's the sender. While processing a response, the source endpoint of the response is not exactly matched to the destination endpoint of the request, since for a multicast request these will never match. This is specified in Section 8.2 of [RFC7252]. In case a single client has sent multiple group requests and concurrent CoAP transactions are ongoing, the responses received by that client are matched to a request using the Token value. Due to UDP level multiplexing, the UDP destination port of the response MUST match to the client endpoint's UDP port value, i.e. to the UDP source port of the client's request. For multicast CoAP requests, there are additional constraints on the reuse of Token values at the client, compared to the unicast case. In the unicast case, receiving a response effectively frees up its Token value for reuse, since no more responses to the same request will follow. However, for multicast CoAP, the number of responses is not bound a priori. Therefore, client cannot use the reception of a response as a trigger to "free up" a Token value for reuse. Moreover, reusing a Token value too early could lead to incorrect response/request matching on the client, and would be a protocol error. Therefore, the time between reuse of Token values used in multicast requests MUST be greater than: NON_LIFETIME + MAX_LATENCY + MAX_SERVER_RESPONSE_DELAY where NON_LIFETIME and MAX_LATENCY are defined in Section 4.8 of [RFC7252]. This specification defines MAX_SERVER_RESPONSE_DELAY as in [RFC7390], that is: the expected maximum response delay over all servers that the client can send a multicast request to. This delay includes the maximum Leisure time period as defined in Section 8.2 of [RFC7252]. However, CoAP does not define a time limit for the server response delay. Using the default CoAP parameters, the Token reuse time MUST be greater than 250 seconds plus MAX_SERVER_RESPONSE_DELAY. A preferred solution to meet this requirement is to generate a new unique Token for every new multicast request, such that a Token value is never reused. If a client has to reuse Token values for some reason, and also MAX_SERVER_RESPONSE_DELAY is unknown, then using MAX_SERVER_RESPONSE_DELAY = 250 seconds is a reasonable guideline. The time between Token reuses is in that case set to a value greater than 500 seconds. Another method to more easily meet the above constraint is to instantiate multiple CoAP clients at multiple UDP ports on the same host. The Token values only have to be unique within the context of a single CoAP client, so using multiple clients can make it easier to meet the constraint. Since a client sending a multicast request with a Token T will accept multiple responses with the same Token T, there is a risk that a same server sends multiple responses with the same Token T back to the client. For example, this server might not implement the optional CoAP message deduplication based on Message ID, or it might be a malicious/compromised server acting out of specification. To mitigate issues with multiple responses from one server bound to a same multicast request, the client has to ensure that, as long as the the CoAP Token used for a multicast request is retained, at most one response to that request per server is accepted, with the exception of Observe notifications [RFC7641] (see Section 2.2.5). To this end, upon receiving a response corresponding to a multicast request, the client MUST perform the following actions. First, the client checks whether it previously received a valid response to this request from the same originating server of the just-received response. If the check yields a positive match and the response is not an Observe notification (i.e., it does not include an Observe option), the client SHALL stop processing the response. Upon eventually freeing up the Token value of a multicast request for possible reuse, the client MUST also delete the list of responding servers associated to that request. 2.2.2. Port and URI Path Selection A CoAP server that is a member of a group listens for CoAP messages # Maybe "A server that is a member of a CoAP group ..." instead? Here as # well as in the following. It seems more coherent with 2.1.1. on the group's IP multicast address, usually on the CoAP default UDP port 5683, or another non-default UDP port if configured. Regardless of the method for selecting the port number, the same port number MUST be used across all CoAP servers that are members of a group and across all CoAP clients performing the group requests to that group. # s/group request/request/ The URI Path used in the request is preferably a path that is known to be supported across all group members. However there are valid use cases where a request is known to be successful for a subset of the group and those group members for which the request is unsuccessful either ignore the multicast request or respond with an error status code. Using different ports with the same IP multicast address is an efficient way to create multiple CoAP groups in constrained devices, # "efficient" is not the best way to characterise this method -- in # fact the reason why this is not the case is explained below. Maybe just # drop "efficient" and say "A way to create multiple CoAP groups [...] # is using different ports [...]", and later: "However, [...]" in case the device's stack only supports a limited number of IP multicast group memberships. However, it must be taken into account that this incurs additional processing overhead on each CoAP server participating in at least one of these groups: messages to groups that are not of interest to the node are only discarded at the higher transport (UDP) layer instead of directly at the network (IP) layer. Port 5684 is reserved for DTLS-secured CoAP and MUST NOT be used for any CoAP group communication. For a CoAP server node that supports resource discovery as defined in Section 2.4 of [RFC7252], the default port 5683 MUST be supported (see Section 7.1 of [RFC7252]) for the "All CoAP Nodes" multicast group. 2.2.3. Proxy Operation CoAP (Section 5.7.2 of [RFC7252]) allows a client to request a forward-proxy to process its CoAP request. For this purpose, the client specifies either the request group URI as a string in the Proxy-URI option or alternatively it uses the Proxy-Scheme option with the group URI constructed from the usual Uri-* options. This approach works well for unicast requests. However, there are certain issues and limitations of processing the (unicast) responses to a CoAP group communication request made in this manner through a proxy. A proxy may buffer all the individual (unicast) responses to a CoAP group communication request and then send back only a single (aggregated) response to the client. However, there are some issues with this aggregation approach: o Aggregation of (unicast) responses to a CoAP group communication request in a proxy is difficult. This is because the proxy does not know how many members there are in the group or how many group members will actually respond. Also, the proxy does not know how long to wait before deciding to send back the aggregated response to the client. o There is no default format defined in CoAP for aggregation of multiple responses into a single response. Such a format could be defined based on the multipart content-format [I-D.ietf-core-multipart-ct] but is not standardized yet currently. # This document looks to me like the right place to fix this gap? Alternatively, if a proxy does not aggregate responses and follows the CoAP Proxy specification (Section 5.7.2 of [RFC7252]), the proxy would forward all the individual (unicast) responses to a CoAP group communication request to the client. There are also issues with this approach: o The client may be confused as it may not have known that the Proxy-URI contained a group URI target. That is, the client that sent a unicast CoAP request to the proxy may be expecting only one (unicast) response. Instead, it receives multiple (unicast) responses, potentially leading to fault conditions in the application. # Could this be solved by means of proxy-client Option signalling # to be specified here? o Each individual CoAP response will appear to originate (based on its IP source address) from the CoAP Proxy, and not from the server that produced the response. This makes it impossible for the client to identify the server that produced each response, unless the server identity is contained as a part of the response payload. # This and the above look like they could be addressed by one "Forwarded" # Option? Due to the above issues, a CoAP Proxy SHOULD NOT support processing an IP multicast CoAP request but rather return a 501 (Not Implemented) response in such case. # I'm not sure the above SHOULD NOT is the optimal conclusion: you do a # very good job at working out all the gaps and it looks like # the current CoRE toolbox should have all the pieces needed to assemble # the missing mechanics. Why not going a step further and put together # the actual signalling protocol? The exception case here (i.e., to support it) is when all the following conditions are met: o The CoAP Proxy MUST be explicitly configured (whitelist) to allow proxied IP multicast requests by specific client(s). o The proxy SHOULD return individual (unicast) CoAP responses to the client (i.e., not aggregated). If a (future) standardized aggregation format is being used, then aggregated responses may be sent. o It MUST be known to the person/entity doing the configuration of the proxy, or otherwise verified in some way, that the client configured in the whitelist supports receiving multiple responses to a proxied unicast CoAP request. The operation of HTTP-to-CoAP proxies for multicast CoAP requests is specified in Section 8.4 and 10.1 of [RFC8075]. In this case, the "application/http" media type can be used to let the proxy return multiple CoAP responses - each translated to a HTTP response - back to the HTTP client. Of course, in this case the HTTP client needs to be aware that it is receiving this format and needs to be able to decode from it the responses of multiple servers. The above restrictions listed for CoAP Proxies still apply to HTTP-to-CoAP proxies: specifically, the IP address of the sender of each CoAP response cannot be determined from the application/http response. 5.2.3. Counteraction of Attacks # I guess this section needs some TLC -- maybe starting from the title :-) # One way to reorganise this material would be to describe which OSCORE # properties are relevant in the multicast case and what security (in # terms of resilience to certain attacks they provide. (Just a # suggestion...) Group OSCORE addresses security attacks mentioned in Sections 11.2-11.6 of [RFC7252], with particular reference to their execution over IP multicast. That is: it provides confidentiality and integrity of request/response data through proxies also in multicast settings; it prevents amplification attacks carried out through responses to injected requests over IP multicast; it limits the impact of attacks based on IP spoofing; it prevents cross-protocol attacks; it derives the group key material from, among other things, a Master Secret securely generated by the Group Manager and provided to CoAP endpoints upon their joining of the OSCORE group; countersignatures assure source authentication of exchanged CoAP messages, and hence prevent a group member to be used for subverting security in the whole group. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [core] Review of draft-dijk-core-groupcomm-bis-00 Thomas Fossati
- Re: [core] Review of draft-dijk-core-groupcomm-bi… Esko Dijk
- Re: [core] Review of draft-dijk-core-groupcomm-bi… Thomas Fossati
- Re: [core] Review of draft-dijk-core-groupcomm-bi… Esko Dijk
- Re: [core] Review of draft-dijk-core-groupcomm-bi… Thomas Fossati
- Re: [core] Review of draft-dijk-core-groupcomm-bi… Esko Dijk