IETF Logo Mail Archive

Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft

Mohit Sethi <mohit.m.sethi@ericsson.com> Mon, 07 May 2018 18:00 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A729127AD4 for <core@ietfa.amsl.com>; Mon, 7 May 2018 11:00:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENj6dlqxv-ca for <core@ietfa.amsl.com>; Mon, 7 May 2018 10:59:57 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E07ED127869 for <core@ietf.org>; Mon, 7 May 2018 10:59:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1525715994; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=2xhHPN1//HFppimwnWkze3rRIruDLa3RvCqOWObFtT8=; b=IgRd7/dtWBbSruWYkBZ7a1daGiQuobHG6Y4nZjfIlhF43xlNIPNYTu7qPJ5ebYKs GKAuZ4Z7TKVTKiUtj//qw0NNXdkjbd0/huI6sT34X7DDjXEchJL66KZO4lQ7pWWF gzhqsHUJAg7/BTZzVKmXoHrGJw+0jslciszROhrOCCM=;
X-AuditID: c1b4fb2d-adbff700000055bf-1f-5af0941a5082
Received: from ESESSHC001.ericsson.se (Unknown_Domain [153.88.183.21]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 63.DD.21951.A1490FA5; Mon, 7 May 2018 19:59:54 +0200 (CEST)
Received: from nomadiclab.fi.eu.ericsson.se (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.23) with Microsoft SMTP Server id 14.3.382.0; Mon, 7 May 2018 19:59:53 +0200
Received: from nomadiclab.fi.eu.ericsson.se (localhost [127.0.0.1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id 4E4FD481AB8; Mon, 7 May 2018 20:59:53 +0300 (EEST)
Received: from [127.0.0.1] (localhost [IPv6:::1]) by nomadiclab.fi.eu.ericsson.se (Postfix) with ESMTP id C8970481AA4; Mon, 7 May 2018 20:59:52 +0300 (EEST)
To: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>, "core@ietf.org" <core@ietf.org>
References: <VI1PR0801MB2112B9A4410DA3EDE39183BEFA9B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <bd85e420-c6ce-3e87-406a-4cd5a4fafaa6@ericsson.com> <VI1PR0801MB21121FAE34CE76841CF6DBE1FA9B0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <4EBB3DDD0FBF694CA2A87838DF129B3C01F36340@DEFTHW99EL4MSX.ww902.siemens.net>
From: Mohit Sethi <mohit.m.sethi@ericsson.com>
Message-ID: <aee2b1d8-79fa-f88d-3e66-d5bb09805713@ericsson.com>
Date: Mon, 07 May 2018 20:59:52 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <4EBB3DDD0FBF694CA2A87838DF129B3C01F36340@DEFTHW99EL4MSX.ww902.siemens.net>
Content-Type: multipart/alternative; boundary="------------45D66FA797C5D69B7BE3692A"
Content-Language: en-US
X-AV-Checked: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupikeLIzCtJLcpLzFFi42KZGbFdVFdqyocog//PJS32vV3PbHFzxikm i8YJLxgdmD3WzFvD6LFkyU8mj+0nJzEFMEdx2aSk5mSWpRbp2yVwZZw4eI6toGMBY8XFEztY Ghif1XYxcnJICJhILDp5k7WLkYtDSOAIo8S9G1egnO2MEm/vnGcBqRIS2MwosfVhBERiIaPE 6zObmEASwgIhEm0npjKCJEQEtjFKzDvzgxmiajeTxOqHC8Ha2QT0JDrPHWcGsXkF7CUuHN8F ZrMIqEj87lnMDmKLCkRI3Dv/iQ2iRlDi5MwnYL2cQPH5T9vAtjELhEn0P+5hg7DFJW49mc8E 8YSyxIKWRYwQp6pLbO04wDiBUWgWklGzkLTPQtI+i5EDyLaXeLC1DCIsL9G8dTYzhK0vcf3O fVZk8QWM7KsYRYtTi4tz042M9VKLMpOLi/Pz9PJSSzYxAmPo4JbfujsYV792PMQowMGoxMPb n/MhSog1say4MvcQowQHs5IIL5syUIg3JbGyKrUoP76oNCe1+BCjNAeLkjiv3qo9UUIC6Ykl qdmpqQWpRTBZJg5OqQbGBj7TyrZ/HC5pj6vljOb//b/nrGhe0uNZ2xq7fqTb8Wyf7sM6q4hr yvbSHXu+6bofUbsceTz/h56XxwL3hwo6vvU7CybfvLwr+HTe+ymu3m+jrW+V9bifmyg268bD p3wO2iHqi3b6XjhWm/H2TKrF8aWLn2S+qNn64uCcg4m1n6YVSCot+tcaqsRSnJFoqMVcVJwI AOyyLnqdAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/vaZM9dYyMbeIEUrfUzScnNioQyQ>
Subject: Re: [core] Conclusion -- Endpoint Client Name / Endpoint Name in RD draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 18:00:00 -0000

Hi Matthias,

Thanks for bringing forward the use-case.

I have implemented an earlier version of the RD. I agree, the current 
text on "mostly mandatory" leaves much to be desired. And +1 on request 
for more clear text about different possibilities (cf. certificate vs 
Raw Public Key vs PSK).

--Mohit

On 05/07/2018 07:09 PM, Kovatsch, Matthias wrote:
>
> Dear Hannes,
>
> dear list
>
> To my knowledge, third-party provisioning functionality is in 
> particular used for lighting systems; maybe Peter can comment on this. 
> I am aware of a few business units that would also want to have this 
> functionality in the RD. Furthermore, I have use cases for Web Things 
> that provide a REST interface, but do not implement RD registration; 
> with the third-party provisioning they can become part of CoRE 
> environments as well.
>
> Making the Endpoint Client Name optional is a good solution in my 
> opinion, when it is clearly defined which security protocol 
> identifiers shall be taken as Endpoint Client Name. I am not even sure 
> if I understand the current “mostly mandatory” correctly). Overall, it 
> would be good to describe the usage of security context well, as there 
> are different possibilities (cf. certificate vs Raw Public Key vs PSK).
>
> Furthermore, the draft is a bit too fuzzy about the authorization, in 
> particular for registration. It feels obvious that also third-party 
> provisioning needs to be authorized to use the Endpoint Client Name to 
> be registered, but hearing Hannes’s concerns, it probably should be 
> stated concretely. The role of Domain is also rather implicit here; to 
> my understanding, there can be duplicate Endpoint Client Names as long 
> as they have different Domains.
>
> Kind regards,
>
> Matthias
>
> *Von:*core [mailto:core-bounces@ietf.org] *Im Auftrag von *Hannes 
> Tschofenig
> *Gesendet:* Montag, 7. Mai 2018 16:17
> *An:* Mohit Sethi; core@ietf.org
> *Betreff:* Re: [core] Conclusion -- Endpoint Client Name / Endpoint 
> Name in RD draft
>
> I was referring to this functionality: 
> https://tools.ietf.org/html/draft-ietf-core-resource-directory-13#section-5...3.2 
> <https://tools.ietf.org/html/draft-ietf-core-resource-directory-13#section-5.3.2>
>
> *From:*Mohit Sethi [mailto:mohit.m.sethi@ericsson.com]
> *Sent:* 07 May 2018 15:54
> *To:* Hannes Tschofenig; core@ietf.org <mailto:core@ietf.org>
> *Subject:* Re: [core] Conclusion -- Endpoint Client Name / Endpoint 
> Name in RD draft
>
> Hi Hannes,
>
> Thank you for summarizing the discussion on this important topic thus 
> far.
>
> Could you also very briefly explain what does third-party provisioning 
> mean for you?
>
> --Mohit
>
> On 05/07/2018 04:50 PM, Hannes Tschofenig wrote:
>
>     Hi all,
>
>     I hope that all the discussion around the endpoint name / endpoint
>     client name have helped to make you think about the security
>     implications of sending an unauthenticated identifier..
>
>     I would like to come to a conclusion and here is my attempt.
>
>     Since we the RD document also defines the third party provisioning
>     I would suggest to make the endpoint name optional in the draft.
>
>     I would also encourage the chairs to find out whether the third
>     party provisioning is actually something in this group has gained
>     some experience with.
>
>     Ciao
>
>     Hannes
>
>     IMPORTANT NOTICE: The contents of this email and any attachments
>     are confidential and may also be privileged. If you are not the
>     intended recipient, please notify the sender immediately and do
>     not disclose the contents to any other person, use it for any
>     purpose, or store or copy the information in any medium. Thank you.
>
>     _______________________________________________
>
>     core mailing list
>
>     core@ietf.org <mailto:core@ietf.org>
>
>     https://www.ietf.org/mailman/listinfo/core
>
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
>
>
>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email