[core] Publish draft-mattsson-core-coap-actuators as a companion document to draft-ietf-core-echo-request-tag

John Mattsson <john.mattsson@ericsson.com> Wed, 12 May 2021 09:23 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A928D3A0AEE for <core@ietfa.amsl.com>; Wed, 12 May 2021 02:23:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mEYceFVxSO52 for <core@ietfa.amsl.com>; Wed, 12 May 2021 02:23:46 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0628.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAD433A0AF7 for <core@ietf.org>; Wed, 12 May 2021 02:23:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a+3A2pyZhpwT9jkgzm41yjAI29/TcQc06g5U9xC/ikY0ffZIQ5gPbzuhjaimV/fPmg6q2xk2ucIIv6rc1Hu5FOGobQjWQwm5oMqqO/j4Nw3OyQJ06HrmaayGzsd3aCIvQV457msg9KOaiPZLOh4BSDLRmArOmKXoAzxtjftSUyHewA//eBxCkTTi2Mlq6Ng0ftO1BVEgXP2l1o3OUhIE598sIEajJtOrTYNvmW0vnOxl7KQNlJL2PS2KLvGQnE9UliJPCMTVz9B7+GCkEdG79YafTDxkKBkc5AjjVry1lCORTb/KSNCHMjjUotjeXoaui07ff5vhX6f4sW1E02jzYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HlohaM38joqCHR5ymITmBYGeCdxekKG84adL07W2efE=; b=JjJSFSqQK5MCIcBPn+g/yCgsQs0fa2ihINE2vGuNz5fZyaR44Qu1LtsgJdo2/z/VZ4uRIFGcqCBVgVVZUN5TfvcjXkr2n2sAwNDUBb2kcSo2llkGiZ4Ty1rCv8tvMZiSZMQp+z6QnSmUnxLz8IJalBhSCl1XdjEfgOw/vyaufAgGHBiYPvYXy43N9RkCZRFPlFj6NaOkdgjwZ3G3jmzy5z9HVP2TB+xAxvKqFZ01z4Yieggrbi+oSgdYDh9NQYKtFXNh1Usk+SGuldAl1kqNKZT10ajXLmzyHk262kj5fwvS6NBb8Y7OlNkzReW+53vqb3c0+tEiSzU5WVAPsiA9pA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HlohaM38joqCHR5ymITmBYGeCdxekKG84adL07W2efE=; b=FTqwN0FBi4ghXOwhJGATekAjmKd++rJKT0+BK/soGRHfhBP8kkLmSOSUiPmY+L1Wac/Z2CUC29xKRKu8SNmVoP1JaMzGlUdd48jW0A0rd7JNMWqJqENLMSfl+KdgKRvJexse9OgsyuZJWEKb1ASgxWKuQnaVO1pYmc4g7iuYlhA=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2937.eurprd07.prod.outlook.com (2603:10a6:3:56::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.12; Wed, 12 May 2021 09:23:42 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4129.026; Wed, 12 May 2021 09:23:41 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "core@ietf.org" <core@ietf.org>
CC: Benjamin Kaduk <kaduk@mit.edu>, Roman Danyliw <rdd@cert.org>
Thread-Topic: Publish draft-mattsson-core-coap-actuators as a companion document to draft-ietf-core-echo-request-tag
Thread-Index: AQHXRxB/w18uKlZ79kGgJ3Jg60mKSQ==
Date: Wed, 12 May 2021 09:23:41 +0000
Message-ID: <8DECAD2F-F175-4405-BED7-0B6C95665231@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: af7602ad-2bd6-41c2-44ad-08d91527a244
x-ms-traffictypediagnostic: HE1PR0701MB2937:
x-microsoft-antispam-prvs: <HE1PR0701MB29379087136B4F5456B0F97889529@HE1PR0701MB2937.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HYQKxYaRBMbLZjOBL5YPrdOqFrDcoPnUadAmXBzjWw9qElzIeoReBZyvL/YpGTDAvDkME2LkAqxwR0wgIGHxaTMn4BkeBkQ/19LAOTFGDCKUa1y/ZR/UCcfX1XBONvH3ZhzKoe0R2yIRF8ZnJBcXQREewjJ2ofCzUIJkA4Y0uCmH37ByqbKOwHmWzNQbV7ZCbi7ctltSDzpwBIneiO9EARH/kR7aP1iHOo8DEVrX5J5UQhiIzWa7WsdCd3wtlDkC1ABqm4N2bKc3oqzUhljbsFkz/Ro3ZpVVG5KeVFLpHqJLJAXZXaFq7K43QXSAzI6MgfoRrvNTW/9tMn1ANJv1+5Fwvs/dH257obz9bl2oDnDTcg9ReA/M3yMGf7L2ztyvm6TrkX2gSiFhhPPXGxVB5zzMg4BLCOUd9JVOzOck7KWr7XYVe4+wD4M5SiZWn+Ted/kOSf/2+yY8Lex6yRwv+WP2IVgY/7NllBaQ/gFXr/wSryNm3HNt8MiOaz1KX0n01FztvsOxuk+3I/wJdcCjwcc200wqEnQpU+MikBMX2dVN2HkiyMtbAcVtyjsSHyUEcjJwiLo3IxTlX8bPbEDpR7sMPTrKINukrH23C939wmoRpYENuFhg4UGjYCtAcGC5jhT33Ty4aidNUM7fRPjB/dkq3ZRn1lqJNn0VwYa6lBm+Gv/O6LLOfq0tfC/GyiqDuoVE8ArMWRs/hkr1idBrePINPndTH/WpG+TeuFFWhfRScjIaLxUqrPDuknL2FZyU/Olw8fh6qupgjEIWNpQx1g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(396003)(366004)(39860400002)(346002)(316002)(2616005)(38100700002)(186003)(83380400001)(6916009)(6506007)(6512007)(966005)(122000001)(8936002)(86362001)(5660300002)(44832011)(26005)(54906003)(36756003)(64756008)(66446008)(4326008)(2906002)(6486002)(71200400001)(33656002)(66946007)(478600001)(66476007)(66556008)(76116006)(8676002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?c2tnRHQwVUh1R3FMZ01sS01yMEVUdzd0VG1GMXd5VHBFQ0pqT3pSOGZSYVF5?= =?utf-8?B?SU1QQVFaN1M0QS9wMHEwMXQ0eERNdHBWYk9oS2oraGlhZWk4NWg2SzNBRm1i?= =?utf-8?B?T09mYy9adVRPVXJzU0FTWEFIN296OW4vTHNSWmlLZmFOUS9rU3BYNnRlc3Rk?= =?utf-8?B?TjJBTkpIT1BNckdFY1lNYTlzWWR1bllPQXFXRFUxTGlPYk9EclcwT3QrbDln?= =?utf-8?B?UWZTeVRmWDRXaVdCOEpmUE9LSDMxY3h0QkZQWW1DcWVKajJ5d1I0K3RleHIr?= =?utf-8?B?SW1wekRXUkhSRTZ2WXZiakJzK2dxRk9JSUVYdUZ0R1F2cHkzTmQya2lCeDdF?= =?utf-8?B?U25kQk15SU10WTVZRm5XOEtXaXJWY3hZdmVSRzJ3NEYzUlkwTU9XSUV0MHIx?= =?utf-8?B?VDVzV1EyZXhoNjBwYzJVY09rYiszMkNSdGlQQjdiZ0YzSFZ0QmdvWjZHaHg1?= =?utf-8?B?MVZGQWV5VlQ3bVZFQW55K04yVDdGV0k3TGl3ZG10WTQzWndpVzkzSGlKMFVX?= =?utf-8?B?N1k0OEtBSnh1cGZpam9oRHpwSi9JVFYySUw1TWF5TWN3WHNiUmZId1NjTjI1?= =?utf-8?B?VkpoS3YxQkZRUWZXNjBiOVZxVy9SZ0lFNlJvTGt4eGtIVEo2R01TeXJYeHNs?= =?utf-8?B?WmJiSk9NdGxqTDMzUHo2blc2Yk9UZU5mSHBucTY1YVhWd2hMbFUwUkdvMEJj?= =?utf-8?B?VzFXZU4ySUxTSFcvZ3RpQkR2U0JPUWtiWGdIMUtVaW5ZN2RzelV4dGx4U0tC?= =?utf-8?B?Tk5LeVg2b1oyWGpVM2VwblBCbC9FTHVwbWpHMzBFOFlGU29nb0NOWEJNdXlH?= =?utf-8?B?L3RpT1ZQQXY4VENiUVJVdmExQ0IzbG1FdUJSVzdtK2R1bTN5UnVaTnVLVWlS?= =?utf-8?B?MXRSdnIzK0ZDTFd3QUJFTGhzVnd1aVp2OU83SFdZTDVZaUZBVzNJVnVsb1hT?= =?utf-8?B?ZnZIMW5iVWQ0bzNUaU01b2NtV3o1aVNZNVNQcG1YaFY2K3BqK1FxS1czVllk?= =?utf-8?B?QURyWXJQRnRFUDRIOFZCd0xvWFhXcEk2UytYdHFrdGtqMW14RGRJQkVQU0ZE?= =?utf-8?B?M3N2MUVuV3dUVjdCTURmUnQwT3dLcW01YjR1RVA2K1Z4WWtNUGNGeG5jaFRH?= =?utf-8?B?VmtDRmxrUmsyWFJsUjJYUFNpMVRmd3djbnFlSm91WHdzWk54KzdZVHBKQjU1?= =?utf-8?B?SXRBMDVNd243V3E0SmtlL0YvL2FIRHN3U2NCUG10TlRTdzhPSURwUDNJaXdT?= =?utf-8?B?dlVyMkk1V291M0JGU1VieGp6TktnWkl1TmN6TlJ1MkZsc3YyemN5WFd6c0FR?= =?utf-8?B?dGk4eDhHQ050SXVONTdsTG1LR2pNVnNhRWs5VEVmenlndUttTDBpelZ0TTdI?= =?utf-8?B?d1lxSFVQbUlYNVVZY1MyMEdmMks3YlBvZkVFOUlwWFFSL1VnV0I5MzZlVXBm?= =?utf-8?B?RDIxaDJNell0VDdLakI2MEV4bDhYa2VMOGN0VVNOaEQ2ODl5dUVIcnNkM1hC?= =?utf-8?B?U29vQUpkZDdqRGpEOGM4TldGSnp4clltU2hQUThsNTFVb25qVlFqT3VDaVNh?= =?utf-8?B?WmNrdCtMakRKT2cvNHJUV0ZTUlJmOVBjN3pkS04zdUx3QmNOSGxWVTRKSHRU?= =?utf-8?B?TFVjd0hDZ3Uwa0JMdUFSeVhBMzNBNGhaKzg2N3VvTTVtSmhoSnk0NWV0VDJt?= =?utf-8?B?WFEvQm1Oa0RUcDM5SkZ0VFBnQkN4RmI1UWhPNDVMb3ZwNC92Qlc1UnRGOTNw?= =?utf-8?Q?Qhtwn8FBVnEwK3Z8ssydSgaGf5cc6kesrkYY7nL?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <77E05890D453314B8314B5A1AA229BA6@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af7602ad-2bd6-41c2-44ad-08d91527a244
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2021 09:23:41.8207 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: i2ljUjnavHjSNaaZd2eo8DevP04Hgy/dUPX4wVlUbFNkO5+tiYJpsD2WOhtAwbzsEEc/Qp/Mp1mVvccKHQTHagGvxY7XqZ4vDtsG1cqig5g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2937
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/i6bf9C0ObT5FIplkHPms9gaC47U>
Subject: [core] Publish draft-mattsson-core-coap-actuators as a companion document to draft-ietf-core-echo-request-tag
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 09:23:52 -0000

Hi,

In their IESG review of draft-ietf-core-echo-request-tag, both security ADs mentions and references draft-mattsson-core-coap-actuators.

Ben seems to suggst that it would be good to publish draft-ietf-core-echo-request-tag as an informative RFC:

"I note that draft-mattsson-core-coap-actuators is referenced from
several locations (for useful additional discussion, to be clear), but
it is only an individual draft that expired almost two years ago.  Is
there any likelihood that it will ever progress to an RFC?"

I tend to I agree, now when we have mitigations for the security problems described in draft-mattsson-core-coap-actuators, I think it would make sense to document it as a informative RFC to complement draft-ietf-core-echo-request-tag. I think draft-mattsson-core-coap-actuators is in a pretty good shape already. It should probably be expanded with a description of DoS attacks which is something the Echo option in draft-ietf-core-echo-request-tag is a solution for but which is not documented in draft-mattsson-core-coap-actuators. Coap and DDoS attacks have recently gotten quite a lot of media attention.

https://medium.com/nsc42/what-is-coap-and-is-it-the-next-ddos-for-iot-de8ee97e57e6

https://www.zdnet.com/article/the-coap-protocol-is-the-next-big-thing-for-ddos-attacks/

Cheers,
John