Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dncp-09: (with DISCUSS and COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 17 September 2015 16:11 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E891B2C44; Thu, 17 Sep 2015 09:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pD4TR-eej6i2; Thu, 17 Sep 2015 09:11:15 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59C931B2C12; Thu, 17 Sep 2015 09:11:15 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so125612580wic.0; Thu, 17 Sep 2015 09:11:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=RuctPcJ3Z9AYDxOGhzyfsUp86gnIgEx4p3BPDYwM35w=; b=M9YUtPIQULsqmArEZ/pX5oBjxl9mHCJS4HMqOU5wygZwxVdcgwK4satc4n5dYCGnso o2HzphwsIaEoQ81QNbjCRAN5FnOcJ3xzvcrEL2dNEnfroxfNdXYlgQ50CNGASxHo04J+ HAAkpapRCYEpZ7yWn9LZoUudDEQvArs3EOo6MsF9TWgnOM70ScZYcdgbODkfw1NKgPu0 4PwP+g2iNoBa+tHFaOTtTiNP8R2FM3Hp1pTIwvyAzFDDdet+Ur/enU8rHGRrCts5oF+T SwsczdQnyoVvkzjPWl00jDW8iILIo9X0HeSWLxPPzMeKIjZLLebfYW2ffp6xS7iCGr6v Gh0g==
MIME-Version: 1.0
X-Received: by 10.194.234.40 with SMTP id ub8mr63174155wjc.95.1442506274002; Thu, 17 Sep 2015 09:11:14 -0700 (PDT)
Received: by 10.28.214.213 with HTTP; Thu, 17 Sep 2015 09:11:13 -0700 (PDT)
In-Reply-To: <6C6F238B-8CCA-4C84-8A8B-946726A001B1@iki.fi>
References: <20150916194611.17659.26842.idtracker@ietfa.amsl.com> <6C6F238B-8CCA-4C84-8A8B-946726A001B1@iki.fi>
Date: Thu, 17 Sep 2015 12:11:13 -0400
Message-ID: <CAHbuEH6qiEcD9Qz4YRQC9MNw_f53FxKx_QWYA+RTTnfsmFiHAw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Markus Stenberg <markus.stenberg@iki.fi>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/67s8eSv7ZW4WlCy89sN0EIRF5bo>
Cc: homenet-chairs@ietf.org, Mark Townsley <mark@townsley.net>, draft-ietf-homenet-dncp.shepherd@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-homenet-dncp@ietf.org, "homenet@ietf.org" <homenet@ietf.org>, draft-ietf-homenet-dncp.ad@ietf.org
Subject: Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 16:11:17 -0000

Thanks, Markus.  inline.

On Thu, Sep 17, 2015 at 11:53 AM, Markus Stenberg
<markus.stenberg@iki.fi> wrote:
> On 16.9.2015, at 22.46, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>> I just have one thing I'd like to discuss that should be easy enough to
>> resolve.
>>
>> Section 8 mentions that DTLS or TLS MAY be used and that it is up to the
>> DNCP profile.  I'd be interested to see the security considerations that
>> would lead to a recommendation of using session transport for the DNCP
>> profiles.  If it is in another RFC, could you add a pointer?  If it is
>> not, could this be added to the security considerations section since it
>> could be an important consideration?
>
> Thanks for the comment.
>
> I am actually planning to write one more appendix to the text for -10; it will contain datagram(=e.g. UDP) <> stream(=e.g. TCP) pros and cons as I have been thinking about it every now and then, and I think it would make life of someone else defining a DNCP-based protocol bit easier.
>
> From the security standpoint, there isn’t much of a difference, as the TLS/DTLS state is more or less same for both cases. You will anyway need either up to date sessions (TLS(+DTLS)) and-or long lived session caching (DTLS(+TLS)), as you cannot afford too many new sessions that actually involve the authz step per given time interval. So essentially even DTLS is session-based transport in this case from my point of view.
>
> The rest, I will write it tomorrow and you (and Brian H. who also raised interest on the different transport options) can check it once we publish -10 if it matches the requirements; we plan to publish -10 either tomorrow or on Monday.

Great, if you could put a couple of lines in the security
considerations section as general guidance, I think that would be very
helpful.  I'm taking tomorrow off (and the rest of today), so Monday
is fine for me.

Thanks,
Kathleen

>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> Thanks for your detailed work on this draft to provide all of the
>> security related options in section 8.
>
> Thanks ;) Section 8.3 is actually somewhat novel I think, the others (8.1/8.2) are relatively .. mundane.
>
> Cheers,
>
> -Markus



-- 

Best regards,
Kathleen