Re: [core] Last Call: <draft-ietf-core-block-18.txt> (Block-wise transfers in CoAP) to Proposed Standard
Carsten Bormann <cabo@tzi.org> Fri, 29 January 2016 07:36 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17E091A0217; Thu, 28 Jan 2016 23:36:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWIQ5mOaua0i; Thu, 28 Jan 2016 23:36:20 -0800 (PST)
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [IPv6:2001:4b98:c:538::195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CD41A0211; Thu, 28 Jan 2016 23:36:20 -0800 (PST)
Received: from mfilter46-d.gandi.net (mfilter46-d.gandi.net [217.70.178.177]) by relay3-d.mail.gandi.net (Postfix) with ESMTP id 8E83EA80AA; Fri, 29 Jan 2016 08:36:18 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mfilter46-d.gandi.net
Received: from relay3-d.mail.gandi.net ([IPv6:::ffff:217.70.183.195]) by mfilter46-d.gandi.net (mfilter46-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id eLgvhgM5R9Tc; Fri, 29 Jan 2016 08:36:16 +0100 (CET)
X-Originating-IP: 93.199.254.229
Received: from nar.local (p5DC7FEE5.dip0.t-ipconnect.de [93.199.254.229]) (Authenticated sender: cabo@cabo.im) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 4C49EA80F1; Fri, 29 Jan 2016 08:36:16 +0100 (CET)
Message-ID: <56AB166F.9040404@tzi.org>
Date: Fri, 29 Jan 2016 08:36:15 +0100
From: Carsten Bormann <cabo@tzi.org>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Jim Schaad <ietf@augustcellars.com>
References: <20151120213250.32473.53283.idtracker@ietfa.amsl.com> <D27C68A8.3F21C%goran.selander@ericsson.com> <063a01d15a22$24099250$6c1cb6f0$@augustcellars.com>
In-Reply-To: <063a01d15a22$24099250$6c1cb6f0$@augustcellars.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/core/X59X-AhlavtNRXp64lnzZzpb_TU>
Cc: ietf@ietf.org, core@ietf.org
Subject: Re: [core] Last Call: <draft-ietf-core-block-18.txt> (Block-wise transfers in CoAP) to Proposed Standard
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 07:36:23 -0000
Hi Jim, great discussion, thank you. Retroactively adding security over insecure channels to CoAP is not an area with easy answers. A couple of random observations: -- indeed, block is meant to help getting larger messages through the network. The individual blocks are generally not really worth individual protection. I think the biggest remaining question with this is what to do against an attacker polluting a cache with a bad block (creating a problem for availability, not integrity). (In RFC7252's security model, DTLS prevents that from happening.) -- in CoAP, options are given option numbers that expose some of their characteristics, e.g., critical/elective, safe-to-forward, cache-key, so some operations are possible on options that the system handling them doesn't know. We didn't think to have bits in the option number for the security properties of the option. Can we possibly derive everything we need from the existing bits? Do we maybe have to carry that information separately with a message secured at the CoAP level? -- A small group is working on classifying the desirable security objectives for the existing CoAP options. That is not an easy project, but I hope we will have something to look at for Buenos Aires. -- As a random coincidence, have a look at the new https://tools.ietf.org/html/draft-thomson-http-mice-00 Grüße, Carsten
- [core] Last Call: <draft-ietf-core-block-18.txt> … The IESG
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Göran Selander
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Carsten Bormann
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Göran Selander
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Jim Schaad
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Carsten Bormann
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Jim Schaad
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Göran Selander
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Jim Schaad
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Göran Selander
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Jim Schaad
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Carsten Bormann
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Ludwig Seitz
- Re: [core] Last Call: <draft-ietf-core-block-18.t… Göran Selander