Re: [Dtls-iot] Last Call: <draft-ietf-dice-profile-14.txt> (TLS/DTLS Profiles for the Internet of Things) to Proposed Standard
"Gabriel Montenegro" <g_e_montenegro@yahoo.com> Tue, 08 September 2015 20:14 UTC
Return-Path: <g_e_montenegro@yahoo.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 513381ACD6C for <dtls-iot@ietfa.amsl.com>; Tue, 8 Sep 2015 13:14:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRWs0XZY4joK for <dtls-iot@ietfa.amsl.com>; Tue, 8 Sep 2015 13:13:57 -0700 (PDT)
Received: from nm30-vm0.bullet.mail.bf1.yahoo.com (nm30-vm0.bullet.mail.bf1.yahoo.com [98.139.213.126]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C59D1A9248 for <dtls-iot@ietf.org>; Tue, 8 Sep 2015 13:13:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1441743236; bh=QpqOnclwhHM/1Gz5AMsVwxDox5KRhiANi+GDc/vg+W8=; h=From:To:Cc:References:In-Reply-To:Subject:Date:From:Subject; b=sOfo1UTnw6sJDD+//QVwUJuQWVcy1MlZ1SlZ+QC3jitV2ACUAAAwtuvj31H9N1Rs3g5dtE3BEcrkmR38bHH9HGRf2+PM+FWpYb5AN0nHz3QaWHrFmBdB4HDs7QduIrbJclwKixq15X6Ya31qx68l/yTWvQo4YF7LurxCwx4P3CuwZXKnwF6fkL1G0fLZ5Zv9jd5G9RMmqbA5VN/0RR4lYscmCzqNjDYyMRA1GHOr3igmMgfboNpNLuVrBn8vrScOLxfFTX8QSorLz/2cUsyG8paSyz6EvjOu+sj9YvPKEr9pbIGpxwisPa2U2nN+0e2VJwvUiR6Ed04zHU5S4vjRVQ==
Received: from [98.139.170.181] by nm30.bullet.mail.bf1.yahoo.com with NNFMP; 08 Sep 2015 20:13:56 -0000
Received: from [98.139.211.160] by tm24.bullet.mail.bf1.yahoo.com with NNFMP; 08 Sep 2015 20:13:56 -0000
Received: from [127.0.0.1] by smtp217.mail.bf1.yahoo.com with NNFMP; 08 Sep 2015 20:13:56 -0000
X-Yahoo-Newman-Id: 381008.14648.bm@smtp217.mail.bf1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: K2JSplAVM1lPZEv7D5aIM1OFR.EavV7yzNp0hP4ZLUbL_65 Zus8FXAczql3U8I84lsHABh_v1vdCHceQVYc5f2Ef1dN_I4cjxlcRr84IqfC ag7LEQr.5JhjwG53NexuS3bNQaed.6K63GHIiwOewhPq4XUE2ZDr.NoqFNuU tnSwDWlHcA8lVKysGNw9RJYui_8ipcX8Gwp4e7rQzDRUrbWKzKILEdyHPuBg oSkb6wqHkOqZEyB4NHdF7GNdg2ItWKnkyjHNiOO_hvOfGjvtk19GJtXPh4XG xqBmWxUW8jkK3VY906Ni_Usltx6HUjnkOMz88GmZN_2F_u338JqZC7TODp7R QG5kQKnLt5fD7j9hRv74SleLPMmh7RbzpqQ6ror0iUkXy57.SeO4BYnxZMLk 8oh.dYsuIzTRDY9ORXHZAK0BXH0OaWVdqAtdHcRX8Q0s5._SCmI7nprIXxzJ 74_PMmAwf6My5EacU5FiVCCzLmgDLDHX4JDrkBhaDZojhF5cgjJITQXzi7yb UUURtkbkZkmZ7D4RLDLUKQhlEyL3bsDFZ.TGMZS2Bqv.6_9diT_hV
X-Yahoo-SMTP: nwytvaqswBBC.gb8eZSYW3AKDubDDfui.81MQ7DXJI6rgjUy
From: Gabriel Montenegro <g_e_montenegro@yahoo.com>
To: 'Hannes Tschofenig' <hannes.tschofenig@gmx.net>, ietf@ietf.org
References: <20150821135235.25559.80688.idtracker@ietfa.amsl.com> <501751451.1263191.1441322498338.JavaMail.yahoo@mail.yahoo.com> <55EF35BC.9000609@gmx.net>
In-Reply-To: <55EF35BC.9000609@gmx.net>
Date: Tue, 08 Sep 2015 13:13:54 -0700
Message-ID: <39f3901d0ea72$e3c42bc0$ab4c8340$@yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJW8XrPzpUO4kdoTBZzPEysEuj5jwF2a18oAiyzMWidCeg7IA==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/ZiXGJhSe53sjCemkyYPrg4XKpc4>
Cc: dtls-iot@ietf.org
Subject: Re: [Dtls-iot] Last Call: <draft-ietf-dice-profile-14.txt> (TLS/DTLS Profiles for the Internet of Things) to Proposed Standard
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 20:14:00 -0000
Hi, Hannes, I see your point about preprocessor directives to derive different versions of binaries based on the same code. The point I was trying to make was different though. When I said " the same stack could be used for scenarios outside of IoT", I meant at the same time. This can happen either because a device participates simultaneously in both the IoT and the general domain (using mainstream IETF protocols), or because the lines between both become blurry. I believe in the future we will see more and more of the lines becoming blurrier as mainstream protocols become better profiled and/or adapted for certain IoT scenarios (as we've seen with other industries in the past). Thanks for your response, and I'm glad the proposed wording is ok with you. Gabriel > -----Original Message----- > From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Hannes > Tschofenig > Sent: Tuesday, September 8, 2015 12:24 > To: g_e_montenegro@yahoo.com; ietf@ietf.org > Cc: dtls-iot@ietf.org > Subject: Re: [Dtls-iot] Last Call: <draft-ietf-dice-profile-14.txt> (TLS/DTLS > Profiles for the Internet of Things) to Proposed Standard > > Hi Gabriel, > > thanks for your review comments. > > I am OK with the proposed text changes. > > A minor remark regarding the stacks used in IoT devices: In the stacks I have > seen the developer has the possibility to include or exclude certain features > using preprocessor directives. Even if you have the ability to re-use a > TLS/DTLS stack on devices that have nothing to do with IoT and have no code > size restriction you will typically have to remove features for an IoT device to > keep the code size at a reasonable level. > > I am, of course, aware of devices that have very few limitations in terms of > processing speed, RAM, and flash size. The boundaries between IoT devices > and non-IoT devices is certainly fuzzy. > > Ciao > Hannes > > On 09/04/2015 01:21 AM, g_e_montenegro@yahoo.com wrote: > > Overall, looks good, thanks for this work. I do have some comments. > > > > Not sure if these are "substantive comments" as requested, but after > > some discussion with some collegues we'd like to point out issues with > > some of the normative language. > > > > In particular, we suggest modifying the language here: > > > > Hence, RFC 7366 and RFC 6066 are not applicable to this specification > > and MUST NOT be implemented. > > > > Whereas CCM and AEAD ciphers in general render RFC7366 moot, a MUST > > NOT on implementation is too strong (i.e., from the intro, "This > > document does not alter TLS/DTLS specifications") and potentially > > damaging: the same stack could be used for scenarios outside of IoT, > > where RFC7366 could still provide some benefit. As for RFC6066, a > > blanket statement saying it "MUST NOT implement" is not only wrong, it > > is also contradictory with other statements within this draft which > > recommend other parts of RFC6066. Instead, the language should limit > > itself to the specific extension of RFC6066. > > > > Also, with other extensions the doc does not prohibit > > *implementation*, but recommends against it or against its use (by > > using "NOT RECOMMENDED"). So I'd change the above text to something > like: > > > > In https://tools.ietf.org/html/draft-ietf-dice-profile-14#section-15: > > OLD: > > Hence, RFC 7366 and RFC 6066 are not applicable to this > > specification and MUST NOT be implemented. > > NEW: > > Hence, RFC 7366 and the Truncated MAC extension of RFC 6066 > > are not applicable to this > > specification and are NOT RECOMMENDED. > > > > Similarly, in > > https://tools.ietf.org/html/draft-ietf-dice-profile-14#section-10 my > > suggestion would be: > > OLD: > > This TLS/DTLS profile MUST NOT implement TLS/DTLS layer > compression. > > NEW: > > TLS/DTLS layer compression is NOT RECOMMENDED by this TLS/DTLS > > profile. > > > > thanks, > > > > Gabriel > > > > > > > > On Friday, August 21, 2015 6:53 AM, The IESG <iesg-secretary@ietf.org> > > wrote: > > > > > > > > > > The IESG has received a request from the DTLS In Constrained > > Environments > > WG (dice) to consider the following document: > > - 'TLS/DTLS Profiles for the Internet of Things' > > <draft-ietf-dice-profile-14.txt> as Proposed Standard > > > > The IESG plans to make a decision in the next few weeks, and solicits > > final comments on this action. Please send substantive comments to the > > ietf@ietf.org <mailto:ietf@ietf.org> mailing lists by 2015-09-04. > > Exceptionally, comments may be > > sent to iesg@ietf.org <mailto:iesg@ietf.org> instead. In either > > case, please retain the > > beginning of the Subject line to allow automated sorting. > > > > Abstract > > > > > > A common design pattern in Internet of Things (IoT) deployments is > > the use of a constrained device that collects data via sensor or > > controls actuators for use in home automation, industrial control > > systems, smart cities and other IoT deployments. > > > > This document defines a Transport Layer Security (TLS) and Datagram > > TLS (DTLS) 1.2 profile that offers communications security for this > > data exchange thereby preventing eavesdropping, tampering, and > > message forgery. The lack of communication security is a common > > vulnerability in Internet of Things products that can easily be > > solved by using these well-researched and widely deployed Internet > > security protocols. > > > > > > > > > > The file can be obtained via > > https://datatracker.ietf.org/doc/draft-ietf-dice-profile/ > > > > IESG discussion can be tracked via > > https://datatracker.ietf.org/doc/draft-ietf-dice-profile/ballot/ > > > > > > No IPR declarations have been submitted directly on this I-D. > > > > > > > > > > > > > > _______________________________________________ > > dtls-iot mailing list > > dtls-iot@ietf.org > > https://www.ietf.org/mailman/listinfo/dtls-iot > >
- [Dtls-iot] Last Call: <draft-ietf-dice-profile-14… The IESG
- Re: [Dtls-iot] Last Call: <draft-ietf-dice-profil… g_e_montenegro
- Re: [Dtls-iot] Last Call: <draft-ietf-dice-profil… Hannes Tschofenig
- Re: [Dtls-iot] Last Call: <draft-ietf-dice-profil… Gabriel Montenegro