IETF Logo Mail Archive

RE: Artart last call review of draft-ietf-core-coap-tcp-tls-07

Brian Raymor <Brian.Raymor@microsoft.com> Wed, 19 April 2017 00:48 UTC

Return-Path: <Brian.Raymor@microsoft.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 467AF129416; Tue, 18 Apr 2017 17:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EP7w0aeHxg73; Tue, 18 Apr 2017 17:48:20 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0118.outbound.protection.outlook.com [104.47.40.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54E401250B8; Tue, 18 Apr 2017 17:48:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4B6KXpPBLm61WrTUxH+Ze62Fe+lw3X7Gf/vxddMmao0=; b=aHcF6szGa2jS3Lyzip3UYvE97jcxmmK+5zMScehsSmv0Lmq/SZNQ6YKEdChkc7zQ8D3qUceDwn8dUuQnh1TOcXd5C74xOWlbuiPCP7LYSZic4c6eg8ko593p8dMVeBEc4DcWYhjHxjgzuozctVtl1SilyoeUXcEimwHm6FzsXFM=
Received: from BY2PR21MB0084.namprd21.prod.outlook.com (10.162.78.141) by BY2PR21MB0081.namprd21.prod.outlook.com (10.162.78.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.1; Wed, 19 Apr 2017 00:48:18 +0000
Received: from BY2PR21MB0084.namprd21.prod.outlook.com ([10.162.78.141]) by BY2PR21MB0084.namprd21.prod.outlook.com ([10.162.78.141]) with mapi id 15.01.1061.003; Wed, 19 Apr 2017 00:48:18 +0000
From: Brian Raymor <Brian.Raymor@microsoft.com>
To: Carsten Bormann <cabo@tzi.org>, Mark Nottingham <mnot@mnot.net>
CC: "art@ietf.org" <art@ietf.org>, "draft-ietf-core-coap-tcp-tls.all@ietf.org" <draft-ietf-core-coap-tcp-tls.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "core@ietf.org" <core@ietf.org>
Subject: RE: Artart last call review of draft-ietf-core-coap-tcp-tls-07
Thread-Topic: Artart last call review of draft-ietf-core-coap-tcp-tls-07
Thread-Index: AQHSsa/ruYJAPgRh/k2Aqaxin65fHKG+W1UAgA2IyeA=
Date: Wed, 19 Apr 2017 00:48:17 +0000
Message-ID: <BY2PR21MB008467D682834D2C2826F7F683180@BY2PR21MB0084.namprd21.prod.outlook.com>
References: <149179722452.3118.982908107963516290@ietfa.amsl.com> <5E5238DC-B835-4BDF-B50D-8D594A46C4D4@tzi.org>
In-Reply-To: <5E5238DC-B835-4BDF-B50D-8D594A46C4D4@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [174.61.159.182]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR21MB0081; 7:ET2ae8tLyud9HDCn+EOfPnA7KzUPQB31CkIKKmjVaSda6ksrE39XnDmSmLVaKO3WMBCHz/WvrxmDhClNuAuECYCK78HhfbT3AZMqUzTve0ai0FpsOtyPPnW87iRCoMbwqEFHNv6Ig82cJ7RGvkuwBjxiB9UrKo7Yq/6fINVX/xNn5RtUH2YUKDHJhENoyNFaRCtxrn8ZInMdWrGCoyMqViJc8l34NMSJNkbVJPot0ErHWiAtcAedlF4wze6caOH0gFRLcn/v9jrz3cvPTYSo4yGNpCauTSA7kiqUbi2opaKffIvg0z3Fl8hVwYrxaiH87WSssSEmj1/ULSxMcHGWHgVDkZKNAZYGolXBv/eIQ7I=
x-ms-office365-filtering-correlation-id: 38543b9b-667b-4555-10dc-08d486bdc529
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:BY2PR21MB0081;
x-microsoft-antispam-prvs: <BY2PR21MB0081FB0E63021EF13E0E0ABC83180@BY2PR21MB0081.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406088)(20161123558035)(20161123560025)(6072148); SRVR:BY2PR21MB0081; BCL:0; PCL:0; RULEID:; SRVR:BY2PR21MB0081;
x-forefront-prvs: 028256169F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39450400003)(39860400002)(39400400002)(52314003)(24454002)(38730400002)(6506006)(54906002)(55016002)(4326008)(66066001)(99286003)(6436002)(9686003)(77096006)(74316002)(76176999)(3846002)(25786009)(6306002)(53936002)(6246003)(54356999)(8936002)(8676002)(102836003)(50986999)(2900100001)(6116002)(7696004)(81166006)(2950100002)(305945005)(7736002)(5660300001)(10290500002)(10090500001)(3660700001)(33656002)(5005710100001)(86612001)(2906002)(3280700002)(189998001)(86362001)(122556002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR21MB0081; H:BY2PR21MB0084.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2017 00:48:17.8034 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR21MB0081
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/fLXCcyQaZvWryqAezlFhBBD9lR8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 00:48:22 -0000

Thanks for your thoughtful feedback, Mark.

Mark wrote:
>> Section 8.1 makes it Mandatory to Implement the protocol without any 
>> security ("NoSec"). This seems counter to best practice in the IETF, 
>> but I'll defer to the Security Area review.

Carsten responded:
> Since it is the implementers who will decide whether they implement this, this co-author could live with making implementing NoSec
> completely optional.  (It will be anyway, in practice, at the level of what is actually configured.)  The important point(*) from the WG
> perspective here is that TLS is mandatory to implement, with the specifics depending on the security mode needed (cf. RFC 7925). 
> (Note also that there are other ways to provide security with CoAP.)

> (*) https://github.com/core-wg/coap-tcp-tls/commit/fe348f543fc45e981e38e9354242012afb28dc60

Some context - during the security discussions in the WG, there was a recommendation to "mirror" the similar section in RFC7252.

https://tools.ietf.org/html/rfc7252#section-9 states:

  The NoSec and RawPublicKey modes are mandatory to implement for this specification.

which is why NoSec is MTI. 

I agree with Carsten. I'd be happy to make this completely optional if it results in less dissonance for reviewers and there are no objections in the WG.

v2.23.0 | Report a Bug | By Email