IETF Logo Mail Archive

Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-senml-14: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Tue, 08 May 2018 19:02 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93E0E127978; Tue, 8 May 2018 12:02:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJla-bYoCK25; Tue, 8 May 2018 12:02:10 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D596112D77C; Tue, 8 May 2018 12:02:04 -0700 (PDT)
X-AuditID: 12074422-601ff70000000aba-d2-5af1f429e0a1
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 55.B3.02746.A24F1FA5; Tue, 8 May 2018 15:02:03 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id w48J1vsO028610; Tue, 8 May 2018 15:01:58 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w48J1qE3011343 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 8 May 2018 15:01:54 -0400
Date: Tue, 08 May 2018 14:01:52 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Ari Keränen <ari.keranen@ericsson.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-core-senml@ietf.org" <draft-ietf-core-senml@ietf.org>, Jaime Jiménez <jaime.jimenez@ericsson.com>, "core-chairs@ietf.org" <core-chairs@ietf.org>, core <core@ietf.org>
Message-ID: <20180508190151.GF84491@kduck.kaduk.org>
References: <152410519508.28821.948642754454286088.idtracker@ietfa.amsl.com> <84E57656-B191-4DB4-B7EC-97059D5B19DE@ericsson.com> <20180508000154.GY84491@kduck.kaduk.org> <3C160A2B-D307-4504-A20C-082F5953952C@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <3C160A2B-D307-4504-A20C-082F5953952C@ericsson.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsUixG6nrqv95WOUQc9DXotr1/6zWWzbeIHN Yt/b9cwWP98tYbaY8Wcis8XHvomsDmwev75eZfNYsuQnUwBTFJdNSmpOZllqkb5dAldG94v9 jAVHtSu6N09mamDsUO5i5OSQEDCR6Fq3mr2LkYtDSGAxk8SWv59ZIZwNjBLXmt5DZa4wSTza foAdpIVFQEXi/enZYDYbkN3QfZm5i5GDQ0TAVuL14TqQemaBf4wSt/feYwWpERaIl9h7rxGs nhdoXdPJbjaIoY8ZJbbO2sACkRCUODnzCZjNLKAjsXPrHTaQocwC0hLL/3FAhOUlmrfOZgax OQUcJJZdmwlmiwooS+ztO8Q+gVFwFpJJs5BMmoUwaRaSSQsYWVYxyqbkVunmJmbmFKcm6xYn J+blpRbpmurlZpbopaaUbmIER4CL0g7Gif+8DjEKcDAq8fBK7PwYJcSaWFZcmXuIUZKDSUmU 1+cDUIgvKT+lMiOxOCO+qDQntfgQowQHs5IIr7IsUI43JbGyKrUoHyYlzcGiJM4ruPlDlJBA emJJanZqakFqEUxWhoNDSYL39yegRsGi1PTUirTMnBKENBMHJ8hwHqDhgp9BhhcXJOYWZ6ZD 5E8xKkqJ87aDJARAEhmleXC9oAQlkb2/5hWjONArwryPQVbwAJMbXPcroMFMIIMfvAcZXJKI kJJqYJTfKhvUWZATZWHn+Uki9P3JzF0fLTddCW14uGZVveUMVTOWer6WnqbtfCfW6/s3H96w X8jIz7+n5tv8n3O5O+c/flXhErS3s0f1TsiSA5U696ZdXadu63tDvqBdNyzaJySwZPrqt+1M +ZNXBP6X4+zcfzsh2bzN6sE1o9azv2wSjv4SDHS9q8RSnJFoqMVcVJwIAJz0y5orAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/eZhPVCRywWCm7JK4QY49a4mtpYE>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-senml-14: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 19:02:13 -0000

On Tue, May 08, 2018 at 06:57:12PM +0000, Ari Keränen wrote:
> 
> 
> > On 8 May 2018, at 3.01, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > 
> > On Mon, May 07, 2018 at 05:55:59PM +0000, Ari Keränen wrote:
> >> 
> >> We have now submitted a new revision of the SenML draft that addresses all the IESG review comments:
> >> https://tools.ietf.org/html/draft-ietf-core-senml-15
> >> 
> >> For answers to your review comments, please see below.
> > 
> > Thanks for the updates, they are definitely improvements!  A few
> > comments inline.
> 
> Thank you for your fast reply Ben! 
> 
> I'll answer now below (mostly) just on my behalf (it takes always a bit of extra time to get consensus across multiple authors in multiple time zones and with busy schedules).

Understood.

> >>> On 19 Apr 2018, at 5.33, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> >>> 
> >>> ----------------------------------------------------------------------
> >>> DISCUSS:
> >>> ----------------------------------------------------------------------
> >>> 
> >>> I agree with Ben's DISCUSS.
> >> 
> >> This was addressed in the updated security considerations text:
> >> https://github.com/core-wg/senml-spec/pull/106/commits/b911090ce2d12d394d243658f636522bb3dcc335
> >> 
> >> https://tools.ietf.org/html/draft-ietf-core-senml-15#section-13
> > 
> > I would of course like to hear from Ben as well, but it would
> > probably be good to say a bit more about what "proper security
> > mechanisms" are, perhaps that they are use "to provide data
> > integrity, confidentiality, and source authentication as appropriate
> > for the usage".
> 
> This sounds good to me. I made a simple PR for this:
> https://github.com/core-wg/senml-spec/pull/126/files
> 
> I added "e.g." to point out these are not the only considerations and Cullen also pointed out that this could be better without "source" in "source authentication" since also other authentication could be important. I agree with Cullen here; is that OK change to you too?

Yes, thanks.

> >>> Additionally, I have serious reservations about introducing the
> >>> concept of "base fields" that apply to subsequent array elemnets
> >>> unless overridden.  It seems to violate an abstraction barrier for
> >>> at least some of the serialization formats, and prevents snippets
> >>> from being composable and commutable absent the
> >>> resolution/normalization process.  It does not seem like the markup
> >>> language and the document contain suffient safeguards against misuse
> >>> to prevent security holes (both sensor data and commands could be
> >>> misinterpreted).  It seems that some substantially expanded text
> >>> should be added on the hazards of the non-resolved format and giving
> >>> guidance on when resolution/normalization must be performed in order
> >>> to avoid correctness and security issues.
> >> 
> >> The base values feature is something that the WG decided is important to have. We added now text about the security implications and remedies, also taking into account Alexey's follow-ups in this thread: https://github.com/core-wg/senml-spec/pull/109/files
> > 
> > The text about use outside of a Pack is probably the minimal change
> > needed on this issue (though of course I would not object if more
> > text was added, perhaps noting that "the smallest functional quantum
> > for non-resolved SenML Records is the Pack, that provides the needed
> > context for the Base Values").  But please use your judgment on what
> > volume of discussion is appropriate given the intended usage and
> > audience.
> 
> I think the last part of the updated (in -15) security section now essentially says that:
> 
>    SenML Records are intended to be interpreted in the context of any
>    applicable base values.  If records become separated from the record
>    that establishes the base values, the data will be useless or, worse,
>    wrong.  Care needs to be taken in keeping the integrity of a Pack
>    that contains unresolved SenML Records (see Section 4.6).
> 
> (https://tools.ietf.org/html/draft-ietf-core-senml-15#section-13)

Okay.  (Now I have forgotten if I actually said or only intended to
say, do you want to have a note about how when the streaming media
type is used, the underlying transport must be reliable?)

> > The existing text seems to be pretty clear that the base time and
> > (non-base) time are first added, and then the special semantics for
> > positive and non-positive values are applied.  Things could
> > potentially get exciting in some scenarios, though, as a collection
> > of Records (whether Pack or streaming) could cross over the
> > discontinuity.  Consider, for example, a small negative base time,
> > and a series of records with increasing time values, that cross the
> > zero threshold and suddenly appear decades in the past.  Do we need
> > to say more to warn about this possibility, or is it perhaps better
> > to only give the special semantics to one of the (base time, time)
> > values and not their sum?  (I guess it would have to be something a
> > little complicated like "if base time is present, it gets the
> > special semantics and time is added to it, but if base time is not
> > present then time gets special semantics".)
> 
> Good point with the discontinuity. It seems like worth pointing out the risk or making best use of it.
> 
> I'll have a look how to best address this.

Sure, I expect it to require some thought to figure out what's best.

-Benjamin

v2.23.0 | Report a Bug | By Email