IETF Logo Mail Archive

Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft

peter van der Stok <stokcons@xs4all.nl> Wed, 23 May 2018 12:57 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26F4A126FB3 for <core@ietfa.amsl.com>; Wed, 23 May 2018 05:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGRX-t2QIImv for <core@ietfa.amsl.com>; Wed, 23 May 2018 05:57:11 -0700 (PDT)
Received: from lb3-smtp-cloud9.xs4all.net (lb3-smtp-cloud9.xs4all.net [194.109.24.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A49011200C5 for <core@ietf.org>; Wed, 23 May 2018 05:57:10 -0700 (PDT)
Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:206]) by smtp-cloud9.xs4all.net with ESMTPA id LTKGfiqpaRSWtLTKGfJhCs; Wed, 23 May 2018 14:57:08 +0200
Received: from AMontpellier-654-1-155-119.w90-0.abo.wanadoo.fr ([90.0.250.119]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Wed, 23 May 2018 14:57:08 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Wed, 23 May 2018 14:57:08 +0200
From: peter van der Stok <stokcons@xs4all.nl>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: consultancy@vanderstok.org, "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>, core@ietf.org
Organization: vanderstok consultancy
Reply-To: consultancy@vanderstok.org
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <VI1PR0801MB211246EF59BEBB14D0953029FA990@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112B9A4410DA3EDE39183BEFA9B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <bd85e420-c6ce-3e87-406a-4cd5a4fafaa6@ericsson.com> <VI1PR0801MB21121FAE34CE76841CF6DBE1FA9B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <4EBB3DDD0FBF694CA2A87838DF129B3C01F36340@DEFTHW99EL4MSX.ww902.siemens.net> <f046a8bc9f54328a4c29f9b2426d761e@xs4all.nl> <VI1PR0801MB21120759DA3370D6B44E11E0FA9A0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <6d8a9b8a6c67f7f7022ace8bd9c8d374@xs4all.nl> <VI1PR0801MB211246EF59BEBB14D0953029FA990@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Message-ID: <e4fc1537fe7755f5669804f44ffd165e@xs4all.nl>
X-Sender: stokcons@xs4all.nl
User-Agent: XS4ALL Webmail
X-CMAE-Envelope: MS4wfOcYzLk1s7Kx+eTlmq7PM7mOHBPPVj+FvK/GYCPf2/lvSLIY+FBlk/AD1h5F0jycD8tuhKik/U9Egxh2tgVYHnXQ/st3lW3yY/+A7D9YUqHK2X4czUhb vCjcrHWjQ7jcCJbFYmmRPyhvvyy9SD6W6/PFBo/BviLU3lUo90qLCeTMxe7r5ThgzQa6dyZN9CiIfkZUEC7euXAHPust1zquGVVLxi8uJmwKz+1yZuRfghXZ UhMi2GpZWDFfkdLjsvcikLO2iFE4TkcXPcgzGZO7xrYTn7JOT1/WngepwOwFblCA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/pUNc9LPBQLoq1wZox4MZ3rtuluE>
Subject: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 12:57:13 -0000

Hi Hannes,

I have had some feedback on the 3rd party registration and the use of 
con= parameter.
Third party registration is a "must" for building installation and 
people are counting on it.
It is especially (but not limited to) registering very small devices and 
sleeping devices.
There is an experimental installation in which 3rd party registration 
has been tried out with very positive results supporting the 
installation process quite naturally.

The experiment only concerns the functional aspects (that you 
challenged).
It is clear that the security aspects need to be considered in more 
detail.
However, it is generally considered that both the RD and the 
commissioning tool (3rd party) will not be (very) constrained. Some 
overhead for the larger tokens is certainly allowed.

I hope that we can conclude the discussion on the presence of 3rd party 
registration for the RD; and continue the security discussion.

Peter

Hannes Tschofenig schreef op 2018-05-09 10:20:
> Hi Peter,
> 
> I have not even looked at the con parameter but I wonder how well it
> can work in practice given firewalls and NATs...
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: peter van der Stok [mailto:stokcons@xs4all.nl]
> Sent: 09 May 2018 09:03
> To: Hannes Tschofenig
> Cc: consultancy@vanderstok.org; Kovatsch, Matthias; Mohit Sethi; 
> core@ietf.org
> Subject: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name
> in RD draft
> 
> Hi Hannes,
> 
> I share your concerns, But there are some additional aspects.
> for 3rd party registration the con= is used.
> con= will also be used to indicate alternative transports. Suppressing
> con= seems really a waste in this stage.
> On the other hand, even suppressing con= for third parties, the anchor
> attribute also permits to refer to third parties. Removing the anchor
> attribute is cumbersome to say the least.
> 
> Possibly @others want to react.
> 
> For the moment using con= for 3rd party registration creates one
> registration at the time.
> The Authorization server can also in this case assign endpoint values
> and prevent ep value stealing.
> 
> I will try to get some concrete feedback on 3rd party registration. I
> will keep you informed.
> 
> Peter
> 
> Hannes Tschofenig schreef op 2018-05-08 13:20:
>> Peter,
>> 
>> I would personally feel more comfortable if we standardize
>> functionality that some people have gained some experience already. If
>> we don't involve the domain experts then we will most likely get it
>> wrong.
>> 
>> What about separating this functionality from the RD draft, reach out
>> to these companies, and then put the result of the investigations into
>> a separate document? There are some folks in the group who work
>> closely with indoor commercial lighting companies and they could for
>> sure help.
>> 
>> Ciao
>> Hannes
>> 
>> 
>> -----Original Message-----
>> From: peter van der Stok [mailto:stokcons@xs4all.nl]
>> Sent: 08 May 2018 08:22
>> To: Kovatsch, Matthias
>> Cc: Hannes Tschofenig; Mohit Sethi; core@ietf.org
>> Subject: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name
>> in RD draft
>> 
>> Kovatsch, Matthias schreef op 2018-05-07 18:09:
>>> Dear Hannes,
>>> 
>>> dear list
>>> 
>>> To my knowledge, third-party provisioning functionality is in
>>> particular used for lighting systems; maybe Peter can comment on 
>>> this.
>> 
>> On request, some background.
>> For buildings, the installation is done by installation companies with
>> their own tools and procedures.
>> Installation can be done in phases by different companies.
>> Their is at this moment not one general approach or installation
>> protocol.
>> 
>> The problem is that the architect and people around have produced
>> drawings with cabling and equipment situated at precise physical
>> locations in the drawing.
>> Equipment, cabling etc are identified with numbers ,names, what have
>> you.
>> There are descriptions which discuss the functionality and the
>> relation between the equipment.
>> All this knowledge has to be transferred to the equipment without
>> making too many "one of a kind" pieces.
>> In he "olde times" much was solved by the cabling, that limited the
>> control possibilities.
>> These IP times, anything can reach anything else.
>> One approach is to store parts of this information into the RD, which
>> can be queried by the equipment.
>> 
>> I hope this make the wish for an RD with third party access
>> understandable.
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose
>> the contents to any other person, use it for any purpose, or store or
>> copy the information in any medium. Thank you.
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose
> the contents to any other person, use it for any purpose, or store or
> copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email