Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dncp-09: (with DISCUSS and COMMENT)
Markus Stenberg <markus.stenberg@iki.fi> Thu, 17 September 2015 15:53 UTC
Return-Path: <markus.stenberg@iki.fi>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FBF21B2AEE; Thu, 17 Sep 2015 08:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.226
X-Spam-Level:
X-Spam-Status: No, score=0.226 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JnaWEro-HLDs; Thu, 17 Sep 2015 08:53:42 -0700 (PDT)
Received: from jenni1.inet.fi (mta-out1.inet.fi [62.71.2.203]) by ietfa.amsl.com (Postfix) with ESMTP id 96CC11B2ACB; Thu, 17 Sep 2015 08:53:41 -0700 (PDT)
Received: from poro.lan (80.220.64.126) by jenni1.inet.fi (8.5.142.08) (authenticated as stenma-47) id 55F7DE17001E6142; Thu, 17 Sep 2015 18:53:40 +0300
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <20150916194611.17659.26842.idtracker@ietfa.amsl.com>
Date: Thu, 17 Sep 2015 18:53:39 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C6F238B-8CCA-4C84-8A8B-946726A001B1@iki.fi>
References: <20150916194611.17659.26842.idtracker@ietfa.amsl.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/9VPTn3p7i3d4oO4mOIIGjvs0l8g>
Cc: homenet-chairs@ietf.org, Mark Townsley <mark@townsley.net>, draft-ietf-homenet-dncp.shepherd@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-homenet-dncp@ietf.org, homenet@ietf.org, draft-ietf-homenet-dncp.ad@ietf.org
Subject: Re: [homenet] Kathleen Moriarty's Discuss on draft-ietf-homenet-dncp-09: (with DISCUSS and COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 15:53:43 -0000
On 16.9.2015, at 22.46, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > I just have one thing I'd like to discuss that should be easy enough to > resolve. > > Section 8 mentions that DTLS or TLS MAY be used and that it is up to the > DNCP profile. I'd be interested to see the security considerations that > would lead to a recommendation of using session transport for the DNCP > profiles. If it is in another RFC, could you add a pointer? If it is > not, could this be added to the security considerations section since it > could be an important consideration? Thanks for the comment. I am actually planning to write one more appendix to the text for -10; it will contain datagram(=e.g. UDP) <> stream(=e.g. TCP) pros and cons as I have been thinking about it every now and then, and I think it would make life of someone else defining a DNCP-based protocol bit easier. From the security standpoint, there isn’t much of a difference, as the TLS/DTLS state is more or less same for both cases. You will anyway need either up to date sessions (TLS(+DTLS)) and-or long lived session caching (DTLS(+TLS)), as you cannot afford too many new sessions that actually involve the authz step per given time interval. So essentially even DTLS is session-based transport in this case from my point of view. The rest, I will write it tomorrow and you (and Brian H. who also raised interest on the different transport options) can check it once we publish -10 if it matches the requirements; we plan to publish -10 either tomorrow or on Monday. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for your detailed work on this draft to provide all of the > security related options in section 8. Thanks ;) Section 8.3 is actually somewhat novel I think, the others (8.1/8.2) are relatively .. mundane. Cheers, -Markus
- [homenet] Kathleen Moriarty's Discuss on draft-ie… Kathleen Moriarty
- Re: [homenet] Kathleen Moriarty's Discuss on draf… Markus Stenberg
- Re: [homenet] Kathleen Moriarty's Discuss on draf… Kathleen Moriarty