Re: [core] 🔔 WG Call for Adoption on draft-tiloca-core-multicast-oscoap
Marco Tiloca <marco.tiloca@ri.se> Mon, 05 March 2018 22:18 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9D912008A for <core@ietfa.amsl.com>; Mon, 5 Mar 2018 14:18:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-WtIrFrtXy3 for <core@ietfa.amsl.com>; Mon, 5 Mar 2018 14:18:28 -0800 (PST)
Received: from se-out1.mx-wecloud.net (se-out1.mx-wecloud.net [89.221.255.93]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F4EF126D05 for <core@ietf.org>; Mon, 5 Mar 2018 14:18:20 -0800 (PST)
Received: from sp-mail-2.sp.se (unknown [194.218.146.197]) by se-out1.mx-wecloud.net (Postfix) with ESMTPS id 8AF64205109; Mon, 5 Mar 2018 22:18:16 +0000 (UTC)
Received: from [192.168.0.65] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.35; Mon, 5 Mar 2018 23:18:17 +0100
To: Esko Dijk <esko.dijk@philips.com>, Jaime Jiménez <jaime.jimenez@ericsson.com>, "core@ietf.org WG (core@ietf.org)" <core@ietf.org>
References: <DE46411C-EFE7-4D30-B0EC-6FBF6311D1D7@ericsson.com> <DB6P121MB0038392B7975FF42A646FDCC9B3C0@DB6P121MB0038.EURP121.PROD.OUTLOOK.COM>
From: Marco Tiloca <marco.tiloca@ri.se>
Message-ID: <ae50e98d-bfba-c07c-10d2-69c92e1aef33@ri.se>
Date: Mon, 05 Mar 2018 23:18:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <DB6P121MB0038392B7975FF42A646FDCC9B3C0@DB6P121MB0038.EURP121.PROD.OUTLOOK.COM>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="8FUbQ422YuUNv6I4Dqs6pOXgoVycUeEwB"
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.2 cv=cdiiljLM c=1 sm=1 tr=0 a=L5DDne6A+dD0FbDkt2Fblw==:117 a=L5DDne6A+dD0FbDkt2Fblw==:17 a=sZ8rJzgPlrQA:10 a=v2DPQv5-lfwA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=48vgC7mUAAAA:8 a=xPT6tdSuAAAA:8 a=T-so6kaxz5RBB1ExsiAA:9 a=PWQcVS_gFDwuQD_L:21 a=JEaEsvG0ce9qI4ja:21 a=QEXdDO2ut3YA:10 a=UqCG9HQmAAAA:8 a=VTINOrHo9nOQEdvltRcA:9 a=uZN14KWFS1839jFZ:21 a=OxQg_4DK8WxHTRwx:21 a=JWjjDCEsxlVRG9bD:21 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=PG1v3UBYGiaZf4S919wA:9 a=ONNS8QRKHyMA:10 a=w1C3t2QeGrPiZgrLijVG:22 a=80PJfYVSYmV_jLpvUEnt:22
X-Virus-Scanned: clamav-milter 0.99.3 at MailSecurity
X-Virus-Status: Clean
X-MailSecurity-Status: 0
X-Scanned-By: WeCloud MailSecurity
X-MailSecurity-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/XPFQ7eNDuKJPge5VFOmFiseeDXw>
Subject: Re: [core] 🔔 WG Call for Adoption on draft-tiloca-core-multicast-oscoap
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 22:18:37 -0000
Hello Esko, Thanks for your support and comments, we have considered them when producing the latest version of the draft [1]. Please, find in line some answers to your comments. Best, /Marco [1] https://tools.ietf.org/html/draft-ietf-core-oscore-groupcomm-01 On 2017-12-04 14:35, Esko Dijk wrote: > > I also support the adoption of this draft as a work item for CoRE. > Below are the results of a quick review, also. > > > > Best regards > > Esko Dijk > > > > > > Overall comments – or work that the WG could take up next > > · Detailed example with message sizes would be useful. Since > it’s important for multicast over 6lowpan performance that the IPv6 > packets stay small enough (one 802.15.4 frame). At this moment, I > can’t judge that yet easily based on the draft. > [MT] We have now included detailed examples in Sections 3.1 (Request) and Section 3.2 (Response). > · Normally, for applications (e.g. Building automation and > lighting) groups do need a stable and non-random group ID, that > identifies the group over time even as changes occur, e.g. members > added/removed. The “Gid” in the draft however changes. There could be > some text added to explain how Gid is linked to a stable ID. E.g., > this could be configured by the Group Manager. The stable group ID is > then not used over-the-wire for multicast OSCORE. > [MT] It is true that the Gid in this draft changes over time, especially upon renewing the group keying material, and the Group Manager is the only responsible for managing its value update. However, this Gid has to be intended as the identifier of the OSCORE “security group”, including as members the endpoints that share the same Common Security Context. [MT] As you say, applications do rely on a stable and non-random group ID, which is not used over-the-wire for group OSCORE, and instead identifies an “application group” having as members the endpoints that participate in a same group application. There is no relation between this application-level group ID and the OSCORE Gid defined in this draft. However, one may possibly map multiple “application groups” to the same “security group”. [MT] In order to clarify this point, we included also a definition of “Group” and “Group ID” in Section 1.1. > · There is normative text in the Appendices; it could be > clarified what the status of this is. E.g. only normative if one > chooses to implement the optional element described in the Appendix?I > have a preference for avoiding normative text in the Appendices, but > I’m curious to hear what others think. > [MT] We relaxed the text in Appendices to avoid normative references, with the exception of a “NOT RECOMMENDED” in current Appendix F “No Verification of Signatures”. > · The text sometimes suggests that a secure group context is > linked to one and only one multicast IP address. In practice, there > may be more variety – e.g. one multicast IP address plus one or more > unicast IP addresses to which the group message is subsequently > delivered. E.g. repeat of the group message to members which did not > get it yet. The proposed solution could be reviewed with that view in > mind, that there may be multiple (multicast/unicast) IP destination > addresses to which a group message will be sent. I did not do that > yet; can do so in a future in-depth review. > [MT] Thanks, that’s a very good comment. We’ll think more on the possible view you propose. It should be fine as long as a recipient is able to retrieve the right group Security Context, by using the Gid. > > > Section 2.1 > > Some things here are listed as out of scope, but they do come back > later in the doc – such as forward security and backward security , > which are addressed I think – certainly not out of scope. > [MT] Group OSCORE does not ensure forward security and backward security itself. Instead, they are entrusted to the specifying group rekeying protocol enforced by the Group Manager. The specific rekeying protocol if out of scope for Group OSCORE, which however recommends the use of one able to ensure backward and forward security in the group. > > > Section 3 > > " Gid MUST be random " -> seems to contradict Appendix B which uses an > Epoch counter in the Gid. Should it say “MUST have a random component” ? > [MT] Right, now fixed (in current Appendix C). > > > Appendices > > * Appendix B, a concrete example instance is missing. E.g. > “w3fj90f0a_0042” or its bstr equivalent (just guessing here to > the format) > [MT] We added an example, in current Appendix C. > * > > > > * Appendix C, is this an example blueprint of how to do it – fully > optional to follow or not follow this? > [MT] We relaxed the text in current Appendix D, as for the time being it is intended to be a guideline example. > * > > > > Minor > > * ligthing -> lighting > * enpoint -> endpoint > * Pg 25 , [I-D.ietf-ace-dtls-authorize] reference breaks across line > and as such becomes non-searchable in the browser. And I like > these refs to be searchable 😉 > > > > > > > > > > > > *From:* core [mailto:core-bounces@ietf.org] *On Behalf Of *Jaime Jiménez > *Sent:* Thursday, November 23, 2017 17:59 > *To:* core@ietf.org WG (core@ietf.org) <core@ietf.org> > *Cc:* ji-ye.park@uni-due.de > *Subject:* [core] 🔔 WG Call for Adoption on > draft-tiloca-core-multicast-oscoap > > > > Dear all, > > > > The draft on "Secure group communication for CoAP" > ( draft-tiloca-core-multicast-oscoap > <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap/> ) > had in room consensus for adoption during IETF99 already, now we are > clear to confirm it on the mailing list. > > > > Please reply to the list with your comments, including although > not limited to whether or not you support adoption. Non-authors are > especially encouraged to comment. > > > > Target to end the WGA is 14th of December. > > > > Ciao, > > - - Jaime Jiménez > > > > > ------------------------------------------------------------------------ > The information contained in this email may be confidential and/or > legally protected under applicable law. The message is intended solely > for the addressee(s). If you are not the intended recipient, you are > hereby notified that any use, forwarding, dissemination, or > reproduction of this email is strictly prohibited and may be unlawful. > If you are not the intended recipient, please contact the sender by > return e-mail and destroy all copies of the original email. > > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core -- Marco Tiloca, PhD Research Institutes of Sweden RISE ICT/SICS Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.sics.se The RISE institutes Innventia, SP and Swedish ICT have merged in order to become a stronger research and innovation partner for businesses and society. SICS Swedish ICT AB, has now changed name to RISE SICS AB.
- [core] 🔔 WG Call for Adoption on draft-tiloca-cor… Jaime Jiménez
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… peter van der Stok
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Rahul Jadhav
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Beck, Stefan
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Jim Schaad
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Esko Dijk
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Michael Koster
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Jaime Jiménez
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Marco Tiloca
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Esko Dijk
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Göran Selander
- Re: [core] 🔔 WG Call for Adoption on draft-tiloca… Esko Dijk