Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dncp-09: (with DISCUSS and COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 17 September 2015 16:11 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22E891B2C44; Thu, 17 Sep 2015 09:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pD4TR-eej6i2; Thu, 17 Sep 2015 09:11:15 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59C931B2C12; Thu, 17 Sep 2015 09:11:15 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so125612580wic.0; Thu, 17 Sep 2015 09:11:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=RuctPcJ3Z9AYDxOGhzyfsUp86gnIgEx4p3BPDYwM35w=; b=M9YUtPIQULsqmArEZ/pX5oBjxl9mHCJS4HMqOU5wygZwxVdcgwK4satc4n5dYCGnso o2HzphwsIaEoQ81QNbjCRAN5FnOcJ3xzvcrEL2dNEnfroxfNdXYlgQ50CNGASxHo04J+ HAAkpapRCYEpZ7yWn9LZoUudDEQvArs3EOo6MsF9TWgnOM70ScZYcdgbODkfw1NKgPu0 4PwP+g2iNoBa+tHFaOTtTiNP8R2FM3Hp1pTIwvyAzFDDdet+Ur/enU8rHGRrCts5oF+T SwsczdQnyoVvkzjPWl00jDW8iILIo9X0HeSWLxPPzMeKIjZLLebfYW2ffp6xS7iCGr6v Gh0g==
MIME-Version: 1.0
X-Received: by 10.194.234.40 with SMTP id ub8mr63174155wjc.95.1442506274002; Thu, 17 Sep 2015 09:11:14 -0700 (PDT)
Received: by 10.28.214.213 with HTTP; Thu, 17 Sep 2015 09:11:13 -0700 (PDT)
In-Reply-To: <6C6F238B-8CCA-4C84-8A8B-946726A001B1@iki.fi>
References: <20150916194611.17659.26842.idtracker@ietfa.amsl.com> <6C6F238B-8CCA-4C84-8A8B-946726A001B1@iki.fi>
Date: Thu, 17 Sep 2015 12:11:13 -0400
Message-ID: <CAHbuEH6qiEcD9Qz4YRQC9MNw_f53FxKx_QWYA+RTTnfsmFiHAw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Markus Stenberg <markus.stenberg@iki.fi>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/67s8eSv7ZW4WlCy89sN0EIRF5bo>
Cc: homenet-chairs@ietf.org, Mark Townsley <mark@townsley.net>, draft-ietf-homenet-dncp.shepherd@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-homenet-dncp@ietf.org, "homenet@ietf.org" <homenet@ietf.org>, draft-ietf-homenet-dncp.ad@ietf.org
Subject: Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 16:11:17 -0000
Thanks, Markus. inline. On Thu, Sep 17, 2015 at 11:53 AM, Markus Stenberg <markus.stenberg@iki.fi> wrote: > On 16.9.2015, at 22.46, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: >> I just have one thing I'd like to discuss that should be easy enough to >> resolve. >> >> Section 8 mentions that DTLS or TLS MAY be used and that it is up to the >> DNCP profile. I'd be interested to see the security considerations that >> would lead to a recommendation of using session transport for the DNCP >> profiles. If it is in another RFC, could you add a pointer? If it is >> not, could this be added to the security considerations section since it >> could be an important consideration? > > Thanks for the comment. > > I am actually planning to write one more appendix to the text for -10; it will contain datagram(=e.g. UDP) <> stream(=e.g. TCP) pros and cons as I have been thinking about it every now and then, and I think it would make life of someone else defining a DNCP-based protocol bit easier. > > From the security standpoint, there isn’t much of a difference, as the TLS/DTLS state is more or less same for both cases. You will anyway need either up to date sessions (TLS(+DTLS)) and-or long lived session caching (DTLS(+TLS)), as you cannot afford too many new sessions that actually involve the authz step per given time interval. So essentially even DTLS is session-based transport in this case from my point of view. > > The rest, I will write it tomorrow and you (and Brian H. who also raised interest on the different transport options) can check it once we publish -10 if it matches the requirements; we plan to publish -10 either tomorrow or on Monday. Great, if you could put a couple of lines in the security considerations section as general guidance, I think that would be very helpful. I'm taking tomorrow off (and the rest of today), so Monday is fine for me. Thanks, Kathleen > >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks for your detailed work on this draft to provide all of the >> security related options in section 8. > > Thanks ;) Section 8.3 is actually somewhat novel I think, the others (8.1/8.2) are relatively .. mundane. > > Cheers, > > -Markus -- Best regards, Kathleen
- [homenet] Kathleen Moriarty's Discuss on draft-ie… Kathleen Moriarty
- Re: [homenet] Kathleen Moriarty's Discuss on draf… Markus Stenberg
- Re: [homenet] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty