Re: [core] Last Call: <draft-ietf-core-block-18.txt> (Block-wise transfers in CoAP) to Proposed Standard

Carsten Bormann <cabo@tzi.org> Fri, 29 January 2016 07:36 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17E091A0217; Thu, 28 Jan 2016 23:36:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWIQ5mOaua0i; Thu, 28 Jan 2016 23:36:20 -0800 (PST)
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [IPv6:2001:4b98:c:538::195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CD41A0211; Thu, 28 Jan 2016 23:36:20 -0800 (PST)
Received: from mfilter46-d.gandi.net (mfilter46-d.gandi.net [217.70.178.177]) by relay3-d.mail.gandi.net (Postfix) with ESMTP id 8E83EA80AA; Fri, 29 Jan 2016 08:36:18 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mfilter46-d.gandi.net
Received: from relay3-d.mail.gandi.net ([IPv6:::ffff:217.70.183.195]) by mfilter46-d.gandi.net (mfilter46-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id eLgvhgM5R9Tc; Fri, 29 Jan 2016 08:36:16 +0100 (CET)
X-Originating-IP: 93.199.254.229
Received: from nar.local (p5DC7FEE5.dip0.t-ipconnect.de [93.199.254.229]) (Authenticated sender: cabo@cabo.im) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 4C49EA80F1; Fri, 29 Jan 2016 08:36:16 +0100 (CET)
Message-ID: <56AB166F.9040404@tzi.org>
Date: Fri, 29 Jan 2016 08:36:15 +0100
From: Carsten Bormann <cabo@tzi.org>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Jim Schaad <ietf@augustcellars.com>
References: <20151120213250.32473.53283.idtracker@ietfa.amsl.com> <D27C68A8.3F21C%goran.selander@ericsson.com> <063a01d15a22$24099250$6c1cb6f0$@augustcellars.com>
In-Reply-To: <063a01d15a22$24099250$6c1cb6f0$@augustcellars.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/core/X59X-AhlavtNRXp64lnzZzpb_TU>
Cc: ietf@ietf.org, core@ietf.org
Subject: Re: [core] Last Call: <draft-ietf-core-block-18.txt> (Block-wise transfers in CoAP) to Proposed Standard
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 07:36:23 -0000

Hi Jim,

great discussion, thank you.
Retroactively adding security over insecure channels to CoAP is not an
area with easy answers.

A couple of random observations:

-- indeed, block is meant to help getting larger messages through the
network.  The individual blocks are generally not really worth
individual protection.  I think the biggest remaining question with this
is what to do against an attacker polluting a cache with a bad block
(creating a problem for availability, not integrity).  (In RFC7252's
security model, DTLS prevents that from happening.)

-- in CoAP, options are given option numbers that expose some of their
characteristics, e.g., critical/elective, safe-to-forward, cache-key, so
some operations are possible on options that the system handling them
doesn't know.  We didn't think to have bits in the option number for the
security properties of the option.  Can we possibly derive everything we
need from the existing bits?  Do we maybe have to carry that information
separately with a message secured at the CoAP level?

-- A small group is working on classifying the desirable security
objectives for the existing CoAP options.  That is not an easy project,
but I hope we will have something to look at for Buenos Aires.

-- As a random coincidence, have a look at the new
https://tools.ietf.org/html/draft-thomson-http-mice-00

Grüße, Carsten