Re: [core] New draft-tiloca-core-groupcomm-proxy on proxied CoAP multicast operation

Christian Amsüss <christian@amsuess.com> Mon, 06 April 2020 15:15 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE55F3A09A4 for <core@ietfa.amsl.com>; Mon, 6 Apr 2020 08:15:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6XHkc9ysyEx for <core@ietfa.amsl.com>; Mon, 6 Apr 2020 08:15:23 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3BE03A07F8 for <core@ietf.org>; Mon, 6 Apr 2020 08:15:23 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id 012B040146; Mon, 6 Apr 2020 17:15:20 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (hermes.amsuess.com [10.13.13.254]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id E67E179; Mon, 6 Apr 2020 17:15:19 +0200 (CEST)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:2d54:7976:cdc9:1eab]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 3D0A1367; Mon, 6 Apr 2020 17:15:19 +0200 (CEST)
Received: (nullmailer pid 2696486 invoked by uid 1000); Mon, 06 Apr 2020 15:15:18 -0000
Date: Mon, 6 Apr 2020 17:15:18 +0200
From: Christian =?iso-8859-1?Q?Ams=FCss?= <christian@amsuess.com>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Marco Tiloca <marco.tiloca@ri.se>, "core@ietf.org" <core@ietf.org>
Message-ID: <20200406151518.GA2688660@hephaistos.amsuess.com>
References: <AM5P190MB02753814229668BC943A5C02FDFC0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM> <20200312155829.GA346418@hephaistos.amsuess.com> <AM5P190MB0275DDE559BE618264A8941EFDCB0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg"
Content-Disposition: inline
In-Reply-To: <AM5P190MB0275DDE559BE618264A8941EFDCB0@AM5P190MB0275.EURP190.PROD.OUTLOOK.COM>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/t40vgcPHR_uX_DHJspX3kmu69t8>
Subject: Re: [core] New draft-tiloca-core-groupcomm-proxy on proxied CoAP multicast operation
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 15:15:27 -0000

Hello Esko,

thanks for your responses, I'll add where I think there should be more
discussion:

> * Response-Forwarding: Is this expected to be extensible to any other
>   CoAP transport that may come up that supports multicast? The use of
>   CBOR tags seems to imply that, but then there's the question of how
>   the client would arrive at a URI for follow-up unicast communication.
> 
>   Have you considered just using values that'd go into Uri-Host in a
>   follow-up request?
> 
> [GP] The use of CBOR tags was not on purpose to be prepared for future
> transports. It was more re-using a convention that was already there.
> But by doing it this way we are prepared for potential future
> transports, in which something else than an IPv4 or IPv6 or MAC
> address needs to be sent back to the client.
>
> The current encoding is expected to be more efficient than providing
> an IP address as a Uri-Host string. The current encoding can also be
> re-used in a Uri-Host or Uri-Proxy Option sent towards a proxy,
> although the client needs to do some transcoding to get it into the
> string format used by CoAP.
>
> If the client uses a direct unicast connection to reach the server
> (maybe this use case is less common?) then it doesn't use the returned
> IP address in the CoAP request; it will only use it in the destination
> IP address of the IP packet that is sent and then having it in a
> byte-by-byte format is quite useful.

I see the point of not having to deal with the human-readable encoding;
still I'd prefer more consistency with the return CoAP options. (And I
agree that proxy-then-direct would be a rare case, though I can imagine
cases).

We might consider (possibly outside this document) the introduction of a
Uri-Host-Binary option, which would be mutually exclusive with Uri-Host
and 1:1 mappable (at any time by any intermediary) to the subset of
Uri-Hosts that are IP literals and ideally compatible with the host.ip
production of CoRAL.

Then, a Response-Forwarding response option (or something from it, if
typing stays or the below is added) could be used directly in the
follow-up request as part of the request URI.

By the way, as the topic of multicast responses from a different port
has come up recently, how would those be expressed?


> * Why is the information about the client being behind a proxy
>   forwarded? We don't to this in other proxying cases, and it just puts
>   an additional burden on the origin server I don't see a compelling
>   need for.
> 
> [...]
> We opted for the current end-to-end solution to have the extra
> information (in both ways) secured so the Proxy can't tamper with it.
> (This works in combination with OSCORE.)

OSCORE itself does not protect the address with good reason, one of them
being that the actual OSCORE server might be proxied behind the node.

If we let the proxy change the source address, there's no harm done to
later communication (as the proxy can just as well send the messages
somewhere else again).


> * At some point, as a WG we will need to think of whether we really want
>   to have another option with Observe-like multiresponses; Block-wise
>   and Observe being the two extensions so early everyone knew from
>   RFC7252 they would come does put them into a special position.
> 
>   [...]
> 
> [GP] The concept of multiple responses (by the Proxy) to a client's
> request is already defined in RFC 7252 so it is not 'new' in that
> sense. The use of the Options as we define it, doesn't change that
> behavior.

Indeed, but groupcomm (to which is referred for details there; similar
in groupcomm-bis) says that this SHOULD NOT be done unless there is
explicit configuration and the client.

If we introduce this option here to be that configuration, this is what
enables the behavior in the first place for out-of-the-box
configurations.

(That is still not saying I'm not OK with making this one of the two
options that an intermediary may recognize as "expects more than one
response", just looking to explore the space.)

> Also in draft-ietf-core-groupcomm-bis we discuss the longer-lived
> Tokens issue; so that's inherently present in multicast situations
> (proxied or not).
>
> Maybe we could use draft-ietf-core-groupcomm-bis to define the more
> general long-lived-token mechanisms? (Not sure yet what these would
> be, in general.)

For multicast that's good to have; a summary of cases ("expects one
response", "expects arbitrarily many responses inside
MIN_TOKEN_REUSE_TIME", "expects aribitrarily many responses as long as
there's always an older almost-still-fresh response") might be material
for clar-corr.

KR
c

-- 
Build a man a fire, and he'll be warm for a day. Set a man on fire, and
he'll be warm for the rest of his life.
  -- Terry Pratchett (attributed)