Re: [core] Security aspects in CoAP over TCP
Göran Selander <goran.selander@ericsson.com> Fri, 18 November 2016 06:52 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A2212964B for <core@ietfa.amsl.com>; Thu, 17 Nov 2016 22:52:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3nghoJg416VT for <core@ietfa.amsl.com>; Thu, 17 Nov 2016 22:52:23 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D68129457 for <core@ietf.org>; Thu, 17 Nov 2016 22:52:22 -0800 (PST)
X-AuditID: c1b4fb2d-0bbff70000000994-12-582ea524757d
Received: from ESESSHC001.ericsson.se (Unknown_Domain [153.88.183.21]) by (Symantec Mail Security) with SMTP id BF.3C.02452.425AE285; Fri, 18 Nov 2016 07:52:20 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.133]) by ESESSHC001.ericsson.se ([153.88.183.21]) with mapi id 14.03.0319.002; Fri, 18 Nov 2016 07:52:20 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "core@ietf.org WG" <core@ietf.org>
Thread-Topic: [core] Security aspects in CoAP over TCP
Thread-Index: AQHSQVDVKXAjH/oMEkW4JprTES+sPKDeTfkA
Date: Fri, 18 Nov 2016 06:52:20 +0000
Message-ID: <D4544983.6CF40%goran.selander@ericsson.com>
References: <f52a8bc2-a177-b5b5-df8c-d9b902a18ebd@gmx.net>
In-Reply-To: <f52a8bc2-a177-b5b5-df8c-d9b902a18ebd@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="utf-8"
Content-ID: <0280FC2A8043034F92C646AC69685884@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIIsWRmVeSWpSXmKPExsUyM2K7qK7KUr0Ig2m3dSz2vV3PbLF05z1W ByaPxZv2s3ksWfKTKYApissmJTUnsyy1SN8ugStj+rXpzAXPLCvOnl7H1sC4wqKLkZNDQsBE YvfyTYxdjFwcQgLrGCUuvmtlg3CWMEq0991jBaliE3CReNDwiAnEFhEIl7j2fBZYXFjAVOLw r90sXYwcQHEziYkvLSFKjCQ+PD4OVs4ioCqxZv1zNhCbV8BC4sOJy2CtQgJWEud2ngKLcwpY S/R1vwWrZxQQk/h+ag2YzSwgLnHryXwmiEMFJJbsOc8MYYtKvHz8jxVkraiAnsSa+2EQYSWJ tYe3g13DLKApsX6XPsQUa4kFW5YwQ9iKElO6H7JDXCMocXLmE5YJjGKzkCybhdA9C0n3LCTd s5B0L2BkXcUoWpxaXJybbmSsl1qUmVxcnJ+nl5dasokRGFEHt/zW3cG4+rXjIUYBDkYlHl6D f7oRQqyJZcWVuYcYJTiYlUR4Zy/QixDiTUmsrEotyo8vKs1JLT7EKM3BoiTOa7byfriQQHpi SWp2ampBahFMlomDU6qBUbch/++fpb+69ZsW8Qfv8vrSbzZ7MVf37/Zyq7ViK0+J7+p943fR 5P5VpqjVy/xeLLQs/HNKlMlG8/6hotO7e1zXlXOukVkgcffLZ8F/jnctE+aLTWCSW7Xg39Kq vy+3LRJ/MCfRu7zcSlt5P6O5PlsZ16061rMiK5iPKCy/vrRI5oVf2amGP0osxRmJhlrMRcWJ APM0WXGkAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/oisT-b7g1tesEapKOi0XBAQaLfw>
Subject: Re: [core] Security aspects in CoAP over TCP
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 06:52:25 -0000
Hi Hannes and all, I find the CoAP over TCP work very valuable also outside the use case you present. Although this draft may be an intermediate solution in that use case, I believe it will be useful in many other contexts. For this reason we should be careful to avoid unnecessary limiting the security protocols that may be used with it. I don’t see any reason to stall the progress of this draft, what is requested is nothing more than what is in RFC7252. I didn’t participate in the Thursday breakfast meeting on the topic but I know there is some proposed alternative text snippet being drafted for discussion on the list. As for deployment of OSCOAP, the draft has just recently become stable and so only a few applications are considered so far, for example: https://tools.ietf.org/html/draft-vucinic-6tisch-minimal-security-00 Although OSCOAP was designed for the most constrained settings where UDP is a natural transport protocol, by being an in-layer protocol, i.e. only relying on CoAP, it works equally well over TCP. So whereas we at this moment can’t demonstrate any concrete applications of OSCOAP over TCP, I hope it is possible to see the value of being able to do end-to-end security of a CoAP exchange from a client making a TCP request through one or more proxies to a server only running UDP (or no transport protocol at all such as with https://tools.ietf.org/html/draft-bormann-6lo-coap-802-15-ie-00). As for your scepticism of OSCOAP, it would be very helpful if you or someone else familiar with the issues of HTTP signing could review the draft and provide some comments on concrete issues rather than making sweeping remarks. Also, we requested in the WG for a CoAP/REST expert to do a review to address possible similar concerns (don’t worry Klaus, no one is looking at you J). But, again, the discussion here should not be about OSCOAP, it is about allowing other security protocols for CoAP in the same way as RFC7252 does. Göran On 2016-11-18 05:03, "core on behalf of Hannes Tschofenig" <core-bounces@ietf.org on behalf of hannes.tschofenig@gmx.net> wrote: >Hi all, > >we had a somewhat inconclusive discussion in the CORE working group this >week about the security aspects of CoAP over TCP. > >I thought I should write down my thoughts about this topic again in the >hope that we can find a solution relatively quickly. > >When we started the CoAP over TCP work we were under the impression that >we can get it done fast since it related to a deployment artifact when >using CoAP in enterprise environments where UDP traffic gets blocked. > >We have an implementation already and so does Microsoft. >We both use TLS to secure the communication. > >Our intention was to document what we were doing already and to get >moving forward. > >With the work in the group we had to make a compromise and had to add >stuff that does not necessarily have anything to do with what we are >implementing and deploying today. An example of that functionality is >Websocket. > >We lost that battle and as a consequence the document is more verbose >than we had initially envisioned and took much longer to finalize. > >CoAP over TCP/TLS is, however, not necessarily the long-term goal. >Instead of adding various features to CoAP in a step-by-step fashion we >could as well in the long run go to HTTP/2, for example, instead. Hence, >I see it as an intermediate approach to deal with deployment challenges, >get it done as quickly as possible, and then to move on. > >The discussion about application layer security for CoAP goes into a >direction that I am not necessarily comfortable with. In our deployment >model the interaction of the IoT device with the server-side >infrastructure is currently CoAP over DTLS/TLS. Then, we use HTTPS to >connect with other application-based services. > >Funny enough, we can neither re-use the work on >draft-ietf-core-http-mapping nor can we use the OSCOAP work in our >current deployment. I hope there are deployments out there that are very >different from what we are doing. It could, however, well be that there >is a lack of deployment experience and we do the "sounds good"-type of >standardization instead. In the CORE-HTTP-MAPPING case, for example, we >are not just relaying CoAP (or HTTP) requests but the server-side is >actually providing some functionality that changes the nature of the >protocol interaction on the HTTP side. The experience with HTTP signing >in OAuth also shows me that there are lots of problems when securing >RESTful API interactions in general. I expect to see the same problems >with the OSCOAP work in practice. I would go as far as saying that >RESTful APIs are very difficult (if not impossible) to secure end-to-end >in any practical multi-protocol environment. > >In a nutshell, I prefer a solution for CoAP over TCP that allows us > * to move the document forward as soon as possible, and > * to document what we are doing today. > >On the question about what credentials are being used with TLS I believe >the discussion at the meeting was a bit misleading since the arguments >on why some people prefer to use pre-shared secrets was actually not >related to TLS. Maybe it is possible to leave this issue open and >instead refer to RFC 7925. > >Ciao >Hannes >
- [core] Security aspects in CoAP over TCP Hannes Tschofenig
- Re: [core] Security aspects in CoAP over TCP Göran Selander
- Re: [core] Security aspects in CoAP over TCP Hannes Tschofenig
- Re: [core] Security aspects in CoAP over TCP Ludwig Seitz