[core] FW: New Version Notification for draft-mattsson-core-coap-attacks-02.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 01 February 2022 09:30 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5D353A1EB4 for <core@ietfa.amsl.com>; Tue, 1 Feb 2022 01:30:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.675
X-Spam-Level:
X-Spam-Status: No, score=-7.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sC8fxyqazaBP for <core@ietfa.amsl.com>; Tue, 1 Feb 2022 01:30:14 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on0603.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::603]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC3A33A1EB5 for <core@ietf.org>; Tue, 1 Feb 2022 01:30:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oKr4R/WzMP+G73dFi6J69aGMgpB5I5B8BDWnzJv9fF3ODscWp5Gd+pZat6k3wJ3sdqi1qEr6Z6G0Gta5ihMiJr3arxvKS26bPPXf9ajh4F4qXaISVk7Ka1nvU1XdqvdWy8Eo8mX9Bi2lvOsYUIkR+UEdoQFro62BMnJKhnAmlsI/vVmXwW//rogGPQRZYdxYu+O51OHlJ88LzqtiaxDBNpHrU9HJ/3wTr+/DpLyKBNJkblrQEkTJGmm0KSkcqzGCEMI6ZvcW7mSf7knLoBbMrTWmha1fWcXhDqhZuFAKOHgohFBnK8ZlBscwpevU1y0UelX9g3mrOg/CVUQP92sHYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XLcSRq+8vgREw5s4uOL7uRQoFhxsKL2E33gK0fhFANE=; b=Enx5DJ1SKQ1VP4wUvryMN8nGOiUf8i2GbaQhLBSUdfRzG/A2ByM8COX7fFr7DsiOQCencBdz2MKzhh6ZwFVnIuGVMOmM5yvFY8hAp4PlFU5tNKgWZyI2PAQAjeP6LafHeeDuHoto/cpwAIEpwPlXgKSIW/dLnXWiE84bcXlOWcLSFH1pLXmrVGaebCiFGGXAMqwvN/GcWSY+uk0uwllLfEGxwJQj0RYudnVfpEU7pbBk7jeKLk/xmI0Fq0hSH4L9yBYHRoybdxIdz3bi8PjDIUXxbOruTtLPsoQymnJrlxnKXMK7JnLZTzBm8XgBw6e2LESiIkqcJMrrJCQ4kjKpyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XLcSRq+8vgREw5s4uOL7uRQoFhxsKL2E33gK0fhFANE=; b=IO1yRowB62XG0rVSN0bXHJqa78g8uldA0dlSBu3b0wdoxxCWSzo+bKKHsAeVFOLCvvgndWSeoI4q3/vu2jI1dDRdC3s5gWKcWaFXkb8/3vwp1piY19YOfwzE/MkC8s7T8MZ3NT3I65SzJti6Q1nuplWfyB6cibJV56GFUkSt1Uc=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by DU0PR07MB8420.eurprd07.prod.outlook.com (2603:10a6:10:354::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4951.7; Tue, 1 Feb 2022 09:30:06 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c%7]) with mapi id 15.20.4951.011; Tue, 1 Feb 2022 09:30:06 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
Thread-Topic: New Version Notification for draft-mattsson-core-coap-attacks-02.txt
Thread-Index: AQHYF0n1JcPl+afQf0+0QyaIhsj8LKx+azIS
Date: Tue, 01 Feb 2022 09:30:06 +0000
Message-ID: <HE1PR0701MB30500AA57A7DD6F3170BB60F89269@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <164370592991.14136.4943780498822971831@ietfa.amsl.com>
In-Reply-To: <164370592991.14136.4943780498822971831@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 30b94900-2bc4-47ee-e50a-08d9e5656f17
x-ms-traffictypediagnostic: DU0PR07MB8420:EE_
x-microsoft-antispam-prvs: <DU0PR07MB8420540C4C306DD41707868089269@DU0PR07MB8420.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zdRC5n5wXOTA7MRx3gWXzOvdNQpeqTmJM7T3YZbm0t8TUijzIjGfOJPFvZqIP4g04CRtGTi5574wcXrJYOX+GxfO/dQPpaseLBr3IBDoHttLuO8opxZjQXaYyOcBMl/ax6WrWJfNJbimIjAD48I4FrvlKPwtfrEQ4SdEShOFNXtbePwl1W1Rof4/Lnoe8f47UVFt/IZS4TP21KDj+4TaC4XVkGYeDZ5rbrp9EbVoujSD0pOE53GFdidwdhbX2ZX9vAj+q4Y4UbLKdEByO8Es940KUkGUvrEMWQ7Flbt4tTMw9/Gyv+TabXIxoNAY3Trb9ea+UpnZ9tIE6X4t2DlPtuU4QkPXNM8CuLNrwenjJTLU3xfKTvj4m7+mmQY5FOClTMQsMWeqyLGKTuxWkgXkJ4CNdby8rISRCV/zl/VlnK5KJngsFaXqkOhRLCkQbd/UAq5QFuk35LdsN/9PdiyDKgD8mV/CwsLjN81x3xrCfeM2oAMSy58yMgCzT5tEZxkc4R/JY0uOBrvoxUjkI1DdPdlU8TkIJFK8F7FueoRAG2iVd8RdGKIGDzO7+Whjc+zS2OL+Ck0/qsYAghmVMX8p9Zs/+Vqkr/QArDOdheP9Hd8KcTV6hz0l8C9kWi8NfOXeEJAMVolTJ5ejYJAMylaBdGxA6wiWppB6kj4pc4eLAex7o/hCacgfAMJJSpjyvlNjfxaPOWi5Ya9ES9m/UfMY5cetdM3eVCQRoeLqqaS4w6o8eNTOtQkHtJMy7Yi6uKFo0PiNYL2xKz0/+iUIN5HSGqYfXhRqNdBNwaE7a7s5ru/KZDHEEmM5bz6RtyiXg7pOidXNrZ/ZFi5pm1bjXuMXtv8FoeL+VM7bh+wk62LjdOhe4+wu0vrvW8FSOcaRLzh0
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66446008)(76116006)(6916009)(66946007)(91956017)(66556008)(33656002)(8936002)(316002)(55016003)(26005)(186003)(8676002)(83380400001)(66476007)(166002)(66574015)(508600001)(38070700005)(53546011)(6506007)(966005)(15650500001)(82960400001)(71200400001)(52536014)(86362001)(9686003)(38100700002)(44832011)(21615005)(2906002)(122000001)(64756008)(5660300002)(7696005)(20210929001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YhlJk+NvN4yU9bAz+rGfhit+RZa/qg0RRMdWzhrLPy9QJP5a8NWp6Wx0oOuPC1qFdoq31XK/Fp1+R7LBGVmgjmCpZIlFH0umOAUdt12rz6REd6ZMLIfjk3TLKNYxCi9lmuvPUzKa/CJ14MHbheFthFtPcfzC6KWM4Bu97v7bGMj7Bk6e0UWFLbs4+bIa+Sh3GlLkD4jaUYAO3ujfWXhAZkE5zzFqnl59Py1khnuOHnpB2VEeUFrlRtUC6qQB0gy46yu14ABwJxxoUS/+huIV7NT+RF8gJ/Qt6IGrDaEVLEuC/3i1Q4xkB77SsPt3xArCxlsUufF8WP/q3C7d03YKm60vISITZRDB9gpLxR6I/6AyU62Ho3akdw9gklKwqE+zUmvW3hh/06h35mFsatJB7834NNcA0mwWCQsRhJfFjeE2AwoZb17UY9wjnzNjiJMoXIVD9AL012GH4RMLUgpJq/OKe8QoPZtxvoNNmaZPm/QD7Y/REvJC+Llffkrk5/ZY2TPqVB5x1C72ltbBG3ejW+xLyiuOSPTU+aYNeyzGFe/IL4bcIbos2aEuw+wHKem2R+yGTGWGIWILorl9X08LzC5v8b7+tgT62F6IzIxLWN8dqO7Nicm6RbCBWtDCD3DSE66yO8AbdQ3kQP/ghyXhNQvru3oIU7/CeL0TA0eDNpKEwyEcboqEfY4lBXMdkhD+5Guu84FTVOFn4lh+ECA58igF8S8iIJqOuSt0ZgKiLPZF7RaTEDTVHY8aBLABPYwbvzMMXPQ2guizMOVWvV457g6DaMFAWwRJ1jv37iHT6kaiHCDs0Tu/+vY+hSt6k5WzXsc8pWAVF9si4+mIwgAtLhmzk3sK0SKQBXMD2wxvzIK/1GHiR9EGoBtwG/JS3FMDF3EzuhCTY699rNwSZfHE7hDBQ53MbuO8mTIqihvh4PHa7ZCYNShJYaV3JwwklIxFu02S3MlX4oeiUzyNY5sMqeOYGvaPa241X1reTvS3JsImRfWruvEMkY1xBGMDXfSz3Uxx481PAmk/AtNc6WzbrKdGb7dF48RA8dXHLIvp6H4iYpSuZKVZBTMOc9M8lgRdHAFqBf1YZXoW0uQ5XRtYfqMDuJi6I7awcBqMluIuToYG9Rs+LjzBLS2LWBfsVnmCqEWueq+4h8fBTOWzlBFQDPK4ohoRD5pTmb1L45bkeemBvlfR4ZbyJIxhJ1iaoFpeYQxKgBLAia83NNlL7MGaQX1Lj7p1+gTl+vOt3wyQ9L2+OPSvG2JapBaPAb5jKuprp0sn/WHMulucNCJiPJJ/TR6AzoifQ1uHWGYL9z/dLALknJY6UKcCt3Brf2fdBdovIktR3fPt3/1017yt4JP2zzXHsKZz2M35/eqe6mi/HUjShdyoIt+WnWQuCoFPZUZI0dusSdqX56+nP9+YyMybJX5WXPHK7ELROMel1b2kGtW0KPZnlqdpen0zqodEiBzHJLr1EUuaDcI/FJRDKvPrEJ6T0S8x3K4+hkBg3F0le52xQwrb/UBpoOOHmJnO7FTLDYB7A0dKxnf67Vw+CNCN9L33lUnvd0PA0iOhHwMtGk9FG3gGbWrPz39Yte8ZOHfj8YPiZjw8ZAO5KW6JcngAE2DJVmWSi7MCJARV3aZIjWAnszWziB9z2cvqX232qUNJqJLETgLpteKuNI3hD9WoaiLuovNoKLAkG1fabYnSCxU=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB30500AA57A7DD6F3170BB60F89269HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 30b94900-2bc4-47ee-e50a-08d9e5656f17
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2022 09:30:06.6680 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5CydejLHlB6XjbH+nNI4HxX/eotiV64xoZl0TZCUaG5QtJh02OjI9zBeHAfbmklFBt/L8sRlN/MlgQzywdM1AM5tFpD8N4zQsuXbkTu2Awk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB8420
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/fHkjIJ72haFlAVTLOCgjWF48PUk>
Subject: [core] FW: New Version Notification for draft-mattsson-core-coap-attacks-02.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2022 09:30:20 -0000
Hi, -02 tries to address almost all received comments on -00 and -01. - A paragraph explaining freshness, replay protection, and sequence numbers has been added. - More references to the soon to be published RFC 9175 (Echo, Request-Tag, and Token Processing) - While RFC2119 terminology is perfectly fine in an informational draft/RFC it is not needed in this document. All RFC2119 terminology has been removed based on a comment from Carsten. - Added more details on which protocols are affected by the attacks and some practical difficulties based on comments from Achim. - Corrected text on OSCORE over TCP. It is TLS-like replay protection that mitigates the attack, not TCP. - Added a sentence on why misbinding attacks do not work on HTTPS. - Changed homeless/hitman/killed to something nicer based on Carsten’ comment. - Smaller editorial changes (several based on comments from Carsten) I think this would be a good time to have an adoption call for the document. Echo, Request-Tag, and Token Processing will soon be published as RFC 9175. It would be good to publish the informational “CoAP Attacks” as a companion document in the not-too-distant future as suggested by the security AD. https://mailarchive.ietf.org/arch/msg/core/i6bf9C0ObT5FIplkHPms9gaC47U/ Cheers, John From: internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Tuesday, 1 February 2022 at 09:59 To: Christian Amsüss <c.amsuess@energyharvesting.at>, Göran Selander <goran.selander@ericsson.com>, John Mattsson <john.mattsson@ericsson.com>, Christian Amsuess <c.amsuess@energyharvesting.at>, Francesca Palombini <francesca.palombini@ericsson.com>, Göran Selander <goran.selander@ericsson.com>, John Fornehed <john.fornehed@ericsson.com>, John Mattsson <john.mattsson@ericsson.com> Subject: New Version Notification for draft-mattsson-core-coap-attacks-02.txt A new version of I-D, draft-mattsson-core-coap-attacks-02.txt has been successfully submitted by John Preuß Mattsson and posted to the IETF repository. Name: draft-mattsson-core-coap-attacks Revision: 02 Title: CoAP Attacks Document date: 2022-02-01 Group: Individual Submission Pages: 25 URL: https://www.ietf.org/archive/id/draft-mattsson-core-coap-attacks-02.txt Status: https://datatracker.ietf.org/doc/draft-mattsson-core-coap-attacks/ Html: https://www.ietf.org/archive/id/draft-mattsson-core-coap-attacks-02.html Htmlized: https://datatracker.ietf.org/doc/html/draft-mattsson-core-coap-attacks Diff: https://www.ietf.org/rfcdiff?url2=draft-mattsson-core-coap-attacks-02 Abstract: Being able to securely read information from sensors, to securely control actuators, and to not enable distributed denial-of-service attacks are essential in a world of connected and networking things interacting with the physical world. This document summarizes a number of known attacks on CoAP and show that just using CoAP with a security protocol like DTLS, TLS, or OSCORE is not enough for secure operation. The document also summarizes different denial-of-service attacks using CoAP. The goal with this document is motivating generic and protocol-specific recommendations on the usage of CoAP. Several of the discussed attacks can be mitigated with the solutions in draft-ietf-core-echo-request-tag. The IETF Secretariat
- [core] FW: New Version Notification for draft-mat… John Mattsson
- Re: [core] New Version Notification for draft-mat… Carsten Bormann
- Re: [core] New Version Notification for draft-mat… John Mattsson
- Re: [core] New Version Notification for draft-mat… Carsten Bormann
- Re: [core] New Version Notification for draft-mat… John Mattsson
- Re: [core] New Version Notification for draft-mat… Achim Kraus
- Re: [core] New Version Notification for draft-mat… Carsten Bormann
- Re: [core] New Version Notification for draft-mat… Achim Kraus
- Re: [core] New Version Notification for draft-mat… John Mattsson