[core] OSCORE Inner/Outer duplication
Michael Richardson <mcr+ietf@sandelman.ca> Sat, 28 April 2018 17:35 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 661751242F7 for <core@ietfa.amsl.com>; Sat, 28 Apr 2018 10:35:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id soiJ_2yKNwM4 for <core@ietfa.amsl.com>; Sat, 28 Apr 2018 10:35:05 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 856DB1200B9 for <core@ietf.org>; Sat, 28 Apr 2018 10:35:05 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1F5E120090 for <core@ietf.org>; Sat, 28 Apr 2018 13:46:16 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 84BA62645; Sat, 28 Apr 2018 13:34:55 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 82A8D2644 for <core@ietf.org>; Sat, 28 Apr 2018 13:34:55 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: core@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sat, 28 Apr 2018 13:34:55 -0400
Message-ID: <29840.1524936895@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/dlf5q4eaANPSL8SC0b25TB2hsCQ>
Subject: [core] OSCORE Inner/Outer duplication
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2018 17:35:07 -0000
section 4.0 of draft-ietf-core-object-security ends with: An OSCORE message may contain both an Inner and an Outer instance of a certain CoAP message field. Inner message fields are intended for the receiving endpoint, whereas Outer message fields are used to enable proxy operations. Inner and Outer message fields are processed independently. In Outer instance of a CoAP message field will be integrity protected if it's in the class I message area. Changes to it would cause the integrity check to fail and the entire message to be rejected. Such a message field is effectively read-only to proxies. If the message field instance is in the class U bucket, then it could be modified by proxies. If an instance also exists in the E or I buckets, then a receiver could determine if the copy in U bucket had been modified, assuming it is reasonable for the message fields to be the same! I think that the above text in section 4.0 should indicate that the two occurances of the fields (Inner and Outer) are semantically different, and receivers SHOULD NOT attempt to make sure they are identical. OSCORE uses this in 4.1.3.5. No-Response in different ways, for instance. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [core] OSCORE Inner/Outer duplication Michael Richardson
- Re: [core] OSCORE Inner/Outer duplication Göran Selander