Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-multipart-ct-03: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Wed, 04 September 2019 03:32 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C2E312008F; Tue, 3 Sep 2019 20:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I73Nsy2wJS0I; Tue, 3 Sep 2019 20:32:12 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05DDE120072; Tue, 3 Sep 2019 20:32:11 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x843W1kV012075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 3 Sep 2019 23:32:04 -0400
Date: Tue, 03 Sep 2019 22:32:00 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Carsten Bormann <cabo@tzi.org>
Cc: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>, draft-ietf-core-multipart-ct@ietf.org, Jaime Jiménez <jaime.jimenez@ericsson.com>, core-chairs@ietf.org, core@ietf.org
Message-ID: <20190904033200.GR58050@kduck.mit.edu>
References: <155675554069.2851.9351849772053196736.idtracker@ietfa.amsl.com> <459433ef-5cb5-4c3e-a32e-a5d063b1ccf0@www.fastmail.com> <BE1600FF-FBFB-44F4-A405-9C73ADA6E3FC@tzi.org> <20190504232153.GA19805@kduck.mit.edu> <A6EE5F90-391C-487B-A3DD-2193027022C6@tzi.org> <20190826181801.GJ84368@kduck.mit.edu> <79816A1A-7863-47FC-8EF7-B6BB42A49D1E@tzi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <79816A1A-7863-47FC-8EF7-B6BB42A49D1E@tzi.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/pFWlhBoYgrgbmoRJHD2lLsBlF84>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-multipart-ct-03: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 03:32:13 -0000
On Tue, Aug 27, 2019 at 09:43:55PM +0200, Carsten Bormann wrote: > Hi Benjamin, > > I completely agree that signed security assertions need to be interpretable without external context. But that is a very different world from the media type being defined here. > > In a CoAP interaction, the response might be (literally) > > 33.5 > > to tell you the temperature in my room. SenML can be used to include more context, but often the request context is really needed to make sense of the response (here probably something like “GET /temp1”, translated into a CoAP request), and additional information may only be available through the installation context (e.g., that this temperature is in °C and not in °F, or that the above request to [2001:db8::1]:5683 actually leads to the temperature sensor for the room to right of the corridor, second door). > > (OSCORE protects the relationship between the request context and the response, but cannot really protect the external context except by relating the key of the server with its function/installation location. Where the latter is really hard to protect, and then somebody can still come with a lighter and heat up the sensor, leading to incorrect temperature measurements just for fun.) > > This is the reason why the ambiguities incurred by using this media type are really on the mild side. I don't disagree with any of what you say. I'm currently coming at this from a perspective of "there's a mismatch between what's being described as use cases and what's being cited for how it works" (a progression from the previous "this doesn't say precisely what it means, whether directly or by reference"). Alexey's followups seem to suggest that the issue is just that the thing "being cited for how it works" (i.e., traditional multipart/mixed) doesn't quite reflect reality, in which case it seems fairly straightforward to just note the disparity/divergence-from-reference and move on. -Ben
- [core] Benjamin Kaduk's Discuss on draft-ietf-cor… Benjamin Kaduk via Datatracker
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Carsten Bormann
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Thomas Fossati
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Carsten Bormann
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Christer Holmberg
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Carsten Bormann
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Carsten Bormann
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Carsten Bormann
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov