IETF Logo Mail Archive

Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-multipart-ct-03: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Wed, 04 September 2019 03:32 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C2E312008F; Tue, 3 Sep 2019 20:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I73Nsy2wJS0I; Tue, 3 Sep 2019 20:32:12 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05DDE120072; Tue, 3 Sep 2019 20:32:11 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x843W1kV012075 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 3 Sep 2019 23:32:04 -0400
Date: Tue, 03 Sep 2019 22:32:00 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Carsten Bormann <cabo@tzi.org>
Cc: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>, draft-ietf-core-multipart-ct@ietf.org, Jaime Jiménez <jaime.jimenez@ericsson.com>, core-chairs@ietf.org, core@ietf.org
Message-ID: <20190904033200.GR58050@kduck.mit.edu>
References: <155675554069.2851.9351849772053196736.idtracker@ietfa.amsl.com> <459433ef-5cb5-4c3e-a32e-a5d063b1ccf0@www.fastmail.com> <BE1600FF-FBFB-44F4-A405-9C73ADA6E3FC@tzi.org> <20190504232153.GA19805@kduck.mit.edu> <A6EE5F90-391C-487B-A3DD-2193027022C6@tzi.org> <20190826181801.GJ84368@kduck.mit.edu> <79816A1A-7863-47FC-8EF7-B6BB42A49D1E@tzi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <79816A1A-7863-47FC-8EF7-B6BB42A49D1E@tzi.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/pFWlhBoYgrgbmoRJHD2lLsBlF84>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-multipart-ct-03: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 03:32:13 -0000

On Tue, Aug 27, 2019 at 09:43:55PM +0200, Carsten Bormann wrote:
> Hi Benjamin,
> 
> I completely agree that signed security assertions need to be interpretable without external context.  But that is a very different world from the media type being defined here.
> 
> In a CoAP interaction, the response might be (literally)
> 
> 	33.5
> 
> to tell you the temperature in my room.  SenML can be used to include more context, but often the request context is really needed to make sense of the response (here probably something like “GET /temp1”, translated into a CoAP request), and additional information may only be available through the installation context (e.g., that this temperature is in °C and not in °F, or that the above request to [2001:db8::1]:5683 actually leads to the temperature sensor for the room to right of the corridor, second door).
> 
> (OSCORE protects the relationship between the request context and the response, but cannot really protect the external context except by relating the key of the server with its function/installation location.  Where the latter is really hard to protect, and then somebody can still come with a lighter and heat up the sensor, leading to incorrect temperature measurements just for fun.)
> 
> This is the reason why the ambiguities incurred by using this media type are really on the mild side.

I don't disagree with any of what you say.  I'm currently coming at this
from a perspective of "there's a mismatch between what's being described as
use cases and what's being cited for how it works" (a progression from the
previous "this doesn't say precisely what it means, whether directly or by
reference").  Alexey's followups seem to suggest that the issue is just
that the thing "being cited for how it works" (i.e., traditional
multipart/mixed) doesn't quite reflect reality, in which case it seems
fairly straightforward to just note the disparity/divergence-from-reference
and move on.

-Ben

v2.23.0 | Report a Bug | By Email