IETF Logo Mail Archive

Re: [core] Update on coap-tcp-tls

Brian Raymor <Brian.Raymor@microsoft.com> Thu, 02 February 2017 21:04 UTC

Return-Path: <Brian.Raymor@microsoft.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3813129576 for <core@ietfa.amsl.com>; Thu, 2 Feb 2017 13:04:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.157
X-Spam-Level:
X-Spam-Status: No, score=-3.157 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.156, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1oOxp5aE5qB for <core@ietfa.amsl.com>; Thu, 2 Feb 2017 13:04:26 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0139.outbound.protection.outlook.com [104.47.38.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 313A612954C for <core@ietf.org>; Thu, 2 Feb 2017 13:04:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GFCJ0GfMo1KekHEJPtSfiKRveKeJcIcidKmvQoz4CQg=; b=h3IqQWxEX4I0o1RBHYQFDqKVVmM95h8GObaAakJFWtZQk7dlN2wipn457rV/FjtfLL9cX/CmD0UPklX/Wio/1uQxLNWkAhxs4OILV9BTSDOtaMYJP0dBzgi+8OmazKrGYD5uOv10OtrPRyhvI0XYXl9rvQgX2SsmgdNCOxCJIa0=
Received: from CY1PR03MB2380.namprd03.prod.outlook.com (10.167.8.6) by CY1PR03MB2377.namprd03.prod.outlook.com (10.166.207.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.860.13; Thu, 2 Feb 2017 21:04:22 +0000
Received: from CY1PR03MB2380.namprd03.prod.outlook.com ([10.167.8.6]) by CY1PR03MB2380.namprd03.prod.outlook.com ([10.167.8.6]) with mapi id 15.01.0860.027; Thu, 2 Feb 2017 21:04:22 +0000
From: Brian Raymor <Brian.Raymor@microsoft.com>
To: "core@ietf.org WG" <core@ietf.org>
Thread-Topic: Update on coap-tcp-tls
Thread-Index: AdJxScsC6iI1fqrBQMWxOzkXD5og6wMSjYyA
Date: Thu, 02 Feb 2017 21:04:22 +0000
Message-ID: <CY1PR03MB2380030B363CB75EDBBDADA2834C0@CY1PR03MB2380.namprd03.prod.outlook.com>
References: <CY1PR03MB2380E0AFC872AB2FAAB1CF08837F0@CY1PR03MB2380.namprd03.prod.outlook.com>
In-Reply-To: <CY1PR03MB2380E0AFC872AB2FAAB1CF08837F0@CY1PR03MB2380.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brian.Raymor@microsoft.com;
x-originating-ip: [174.61.159.182]
x-ms-office365-filtering-correlation-id: dd7c0e04-7196-4271-4cf2-08d44baf1024
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY1PR03MB2377;
x-microsoft-exchange-diagnostics: 1; CY1PR03MB2377; 7:11giA/fABrP0VyKTU8BsXmi+ZdhMO4WOGpnOh0ZSGEpO9B08Y/TjyQtrh9nlCr4uYcSlBxcF/7eNU/0ZMBUF3cAAZlbZ0XcEirfmlv49NTGDhL5D2HeT6Y/zz+l8d4eu0Ui/CgaLCeqXyi01VcV2ha00a/Y+HuSl8SAgPbsxVPPBvnNlyfIdO/VIDSImpt8JIETRocO3aMpAWJpU6kBg1laYVWoXTLOg8X6waUB3mT77V4luNSKzq3GpCMtcEmPqnkYhxEo3nKrgv/Yd6ZXoDObpzJVMyhHt3dMoZTDmcJtUmjmE2CwpCtntl201l1jyvZchwEVvgVjQZ5zmVKFE5t+66c5CDk5LGE6q2oHg2wv8r/te/5aXBqPhL241J52EM7CMVr1V6sprEZ34jbjVulbCbIjlH15SkJdJaE0nNCa2erByWEhOUSKKkqWBvM14hgZdPuBr63uL11yg4odfuFtC22EmIw9KVX9P4/pQ+6YshMOy3myLrvdPzEKPpX9/zkBK2wpjbDQjt/RZarIV09spiP2dLmju2Xz1bSNl7qroKyABlArk59FvT1NYYIah
x-microsoft-antispam-prvs: <CY1PR03MB2377DF31205D1C8665C978AB834C0@CY1PR03MB2377.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(192374486261705)(100405760836317)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123558025)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(6072148)(6042181); SRVR:CY1PR03MB2377; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB2377;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(377454003)(189002)(199003)(99286003)(38730400001)(107886002)(2900100001)(97736004)(74316002)(7906003)(76176999)(50986999)(7736002)(54356999)(189998001)(7110500001)(86612001)(236005)(10090500001)(92566002)(10290500002)(230783001)(5005710100001)(86362001)(790700001)(102836003)(8990500004)(6116002)(3846002)(33656002)(81166006)(101416001)(561944003)(81156014)(229853002)(68736007)(8676002)(3660700001)(8936002)(2950100002)(106356001)(5660300001)(105586002)(6916009)(7696004)(6246003)(110136003)(3280700002)(10710500007)(6506006)(77096006)(66066001)(15650500001)(6306002)(54896002)(2420400007)(9686003)(606005)(55016002)(450100001)(25786008)(6436002)(53936002)(122556002)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB2377; H:CY1PR03MB2380.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR03MB2380030B363CB75EDBBDADA2834C0CY1PR03MB2380namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2017 21:04:22.5084 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2377
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/cu1yAjAddgtBATheZS5GjyREmjU>
Subject: Re: [core] Update on coap-tcp-tls
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 21:04:29 -0000

Jaime and I had a conference call with the draft-bormann-core-coap-sig-02 authors (Carsten, Hannes, Klaus)  to review  https://github.com/core-wg/coap-tcp-tls/issues and a related pull request - https://github.com/core-wg/coap-tcp-tls/pull/103 - related to Signaling.

There were some design proposals from the meeting that I would like to share for WG comment:

https://github.com/core-wg/coap-tcp-tls/issues/82


  There was consensus to remove the Server-Name Option in the upcoming coap-tcp-tls-06. This feature has not been implemented.
  It provided minimal value at the cost of additional security considerations.

  It did offer a mechanism to set the default value for the URI-Host option:

   For TLS, the base value for the Server-Name Option is given by the SNI value.
   For Websockets, the base value for the Server-Name Option is given by the HTTP Host header field.

  Similar text will need to be added to -06 per - https://github.com/core-wg/coap-tcp-tls/issues/108

https://github.com/core-wg/coap-tcp-tls/issues/69

  Changing:

      Upon receipt of a Ping message, a single Pong message is returned with the identical token.

  To [big breath]:

    Upon receipt of a Ping message, the receiver SHOULD return a single Pong message with the identical token as soon as practical, unless
    there is an option with delaying semantics, such as the Custody Option.


...Brian

From: core [mailto:core-bounces@ietf.org] On Behalf Of Brian Raymor
Sent: Tuesday, January 17, 2017 9:21 PM
To: core@ietf.org WG <core@ietf.org>
Subject: [core] Update on coap-tcp-tls


Most (21) of the WGLC issues have been addressed in the editor's draft and closed:
https://github.com/core-wg/coap-tcp-tls/milestone/4?closed=1

7 open issues remain - https://github.com/core-wg/coap-tcp-tls/issues:

Signaling (5)

Could the authors/contributors (Carsten, Hannes, Klaus) of draft-bormann-core-coap-sig-02 help clarify this set of issues -  https://github.com/core-wg/coap-tcp-tls/labels/request-clarification - Let me know if you'd prefer a conference call to address.

The remaining Signaling issue explores whether there are new requirements when responding to a Ping - https://github.com/core-wg/coap-tcp-tls/issues/69. Please review the issue for background and potential solutions. I'd welcome your thoughts.

Securing CoAP issues (2)

The Securing CoAP proposal was reviewed by Göran and Hannes and "baked" on the list. It's ready to be closed:
https://github.com/core-wg/coap-tcp-tls/issues/11

Bill has proposed an amendment for Securing WebSockets. Any WG comments?
https://github.com/core-wg/coap-tcp-tls/issues/102

Thanks,
...Brian

v2.23.0 | Report a Bug | By Email