Re: [Iot-directorate] Iotdir telechat review of draft-ietf-core-echo-request-tag-12
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 16 February 2021 12:16 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E1AB3A0A65; Tue, 16 Feb 2021 04:16:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AFhR/YVn; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=XLmPWGSM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UowPmLSrEAUF; Tue, 16 Feb 2021 04:16:48 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AA363A0A3F; Tue, 16 Feb 2021 04:16:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5958; q=dns/txt; s=iport; t=1613477808; x=1614687408; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=F1DJbprZ/AT4WSETc1D9yPkcMzb8ThtDm3E4xd3K1vU=; b=AFhR/YVnFqIxPkqVwj0qxiQiHMxC25v+/EeKBQoZBPk++U/QahKsABPS k7nN+hwC3+J6bUADiP+LxOutq1J32WGORvGaJzxGdmoY4GKMIhzP0mc6m 8bOA0ZSCJVOd8sGooi1zmaxDbOWmqsTGMXVstCn14BaBEKeAdJeoe+z7e Y=;
IronPort-PHdr: 9a23:SDL2YBHI0VIMpz07/zdRhp1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e401gObUYDS8fkCiufKvebnQ2NTqZqCsXVXdptKWldFjMgNhAUvDYaDDlGzN//laSE2XaEgHF9o9n22Kw5ZTcD5YVCBrni79zVUGxjjO0xyPOumUoLXht68gua1/ZCbag5UhT27NLV1Khj+rQjYusQMx4V4LaNkwRrSqXwOcONTlm4=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CHEQCdtitg/5ldJa1iHgEBCxIMQIFRgVEpKAeBUDYxhEGDSAOOCAOZHYJTA1QLAQEBDQEBMgIEAQGETQIXgXICJTgTAgMBAQsBAQUBAQECAQYEcYVhDUMBEAGFbwEBAQMBIxEMAQE3AQsEAgEIEQMBAgECAiYCAgIwFQgIAgQBDQWCcIJWAw4gAaI7AooldoEygwQBAQaFDxiCEgmBDioBgnWCb1BIhkUmHIFBQYERJxyCVz5rGQGBWASBNAsGGIMWNIIrgkREKjs4LywKDAdGIwMBDQIKDQYBQpNHpD8JgQsKgnqcCwMfoy2UOp0jIIQ5AgQCBAUCDgEBBoFsI4FXcBVlAYI+UBcCDY4fDAwLFG4BCASCP4pZcwI1AgYBCQEBAwl8hWSCb4JEAQE
X-IronPort-AV: E=Sophos;i="5.81,183,1610409600"; d="scan'208";a="860908461"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Feb 2021 12:16:47 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 11GCGktn017849 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 16 Feb 2021 12:16:47 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 16 Feb 2021 06:16:46 -0600
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 16 Feb 2021 06:16:46 -0600
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Tue, 16 Feb 2021 06:16:46 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CAJ9jnUSlZYPUQj/RuxCa159WhHhGCIrMVGGQvNgarMNfXr+lLcugp+MM6Mu0eUOSJoJ41BDX2iLRTirj0xte2KbXONp97AY7btZuoaSAYzN0kWhjmhwalwKZ3c1LHz4Mc1HRqlAMwDMoBxuWd9Uhf0ZMViexM6uh67W5gOdUwiV8hmXGqs/5vTX/j881gBl5TrZht11KAWAqiOrOszR8wyU+piGMKDsaHEauDoDlnGSERevqe6HBMcIULrsiO4t0cXk/NcKPdaE8xqXlGkOG6QSSfcTRxFRlSQIgsDY5CcV7StqbJ8JYbFOToDhj/D3GhVMkCYDUHDIvj8lZYQVVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F1DJbprZ/AT4WSETc1D9yPkcMzb8ThtDm3E4xd3K1vU=; b=BrlIntwGP2R+LxpUfiULBttw4Z8QMcPsCyvVtaY+MClgQBvETZjH+9enw4yn22qjWBEs2NlkFmuwOpTww5aAI610aCN2oKIzh2Iq/kwQAgqRZLIjv2PTjUZQs3+stR/g6ZoqW5svZwZMorN2CmPzhxMP2rTiClOpaO77FZ4VXcgwo6/pPhtXKH1U7BH3iIu1imMQVK+x7L4uH6qbXccFKTqld5sKMLpNnEOk9Zv/ADNRmnxQVHIYsHqmv4vWGfAA2uqYWrBEl48gXN3zXU4kkj/LaUsSJ0j3GqQok9GnL5egIr50eZEViOVwcoKrZcEk33j4tz5ekU9kzbFRmbyaUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F1DJbprZ/AT4WSETc1D9yPkcMzb8ThtDm3E4xd3K1vU=; b=XLmPWGSMREnQ10T3R8jgP6j4sUGLhEGgosDT8/U+U5yaCY9Feo0reECqM7H3IzdI4dAV1GQqpheYlyqd1VA3xM0JykH6dXXEITY9bX7YpGYOEhiu7/LN1B/k2tD/D82Y+/JzS9Zsy/iHdxLLVoJ8Gnyy1b3dpnHQKeNhn4/n7Fo=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4888.namprd11.prod.outlook.com (2603:10b6:510:32::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Tue, 16 Feb 2021 12:16:45 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b%3]) with mapi id 15.20.3846.043; Tue, 16 Feb 2021 12:16:45 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, "\"Christian M. Amsüss\"" <christian@amsuess.com>
CC: "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "core@ietf.org" <core@ietf.org>, "draft-ietf-core-echo-request-tag.all@ietf.org" <draft-ietf-core-echo-request-tag.all@ietf.org>
Thread-Topic: [Iot-directorate] Iotdir telechat review of draft-ietf-core-echo-request-tag-12
Thread-Index: AQHW++HbAqveKn9Cf0S4GalseRTV6qpJ16oAgAAQ5oCAEOucgA==
Date: Tue, 16 Feb 2021 12:16:44 +0000
Message-ID: <068E0EBB-BCCA-44ED-AAE1-0C73F40B5C8E@cisco.com>
References: <161254498927.30549.15609771383242038227@ietfa.amsl.com> <YB2F8Cs2DH6ux2KN@hephaistos.amsuess.com> <BC37F7D5-0F9C-448D-A9E0-97AF2F8301D6@cisco.com>
In-Reply-To: <BC37F7D5-0F9C-448D-A9E0-97AF2F8301D6@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:ecdc:c86f:cff9:1167]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: aa13241a-666f-4231-4715-08d8d274b9f9
x-ms-traffictypediagnostic: PH0PR11MB4888:
x-microsoft-antispam-prvs: <PH0PR11MB48884B774F5EB2B1DCFE46A2A9879@PH0PR11MB4888.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UOQ0Z+PbB9ydfsKGrZQs2esN8IUqFT6EfEfDcGmeGF+zzDs6mNY39nD6auHw4ACSk7Ff7dlQZjqb8RRJlOvVcZ/f63Gt0WtQTSip8uKA2ZvikzqJi3Z/PwJURz2udceCykv9iyZK7uHnJLPxO921Er1SOZbVzndsYNW1fp8XUYJCcI0fGJfjmCWq/Ea0G7dPv7sgZW9RxRquQB7YQIQMwGNWh+K63MGW+Y1hxDAySNpiLifsg7YXirq+6ooSUamk4TwOckakKIb8RxTKpSqFPPiKYO4i8n1yK4+35e2kCnrx9rRTyOqFnw23uM7IV/ZIAVmJtQzEiAxvRWdzfoV5CzG87ve7DESIGCuaCkyBoZxklNMZLESz8nhDGsYWkdoIiXEMzqz8NlMwPaBmCOs0WY5APpdAWjfa9XV8b5anX2jN13vi1Dga3JX9SmMvGC1Rr1fCfD2p2B61Xbb8EIvB/PUTY/FUmkIlGEFGGc7VbpBRRlZDofZE9CaxSwFoOSLVnwSkr5LyrsbzSFbeNlSBHCV4KLYIMSTeq/vvqboeaBvWVJWc0d5yJFIHMqwQucaNSX91HmNi9BTQLsWhb4ZsKA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(136003)(346002)(376002)(39860400002)(366004)(86362001)(83380400001)(6486002)(54906003)(8936002)(76116006)(66946007)(2906002)(6506007)(5660300002)(4326008)(91956017)(64756008)(478600001)(186003)(66574015)(66446008)(2616005)(6512007)(110136005)(71200400001)(66476007)(53546011)(66556008)(36756003)(316002)(33656002)(8676002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: pJDWUoGE55RjO5GNhaHdUU9PRU/ePzpKv35lQlVbA/3PF/WbwCc+TUsNG+EMGBqWsZ77GdISXa4XnxSsucxTTyRmITb3y6jw1Fg431NH1JKF57U0MJWHj/QQ+WZGJt1UwBtk7yIVmvWGgv5j1pVi/UQ8IP41l6lRyJ3lW/rQPhAR74xY5LjG4YQGZTKPC9VJfl4IEiVF6kUDj6HA+H2hkPxz6cH8GhAlZGnmM8+paJFmQEs3SHmura3oSb0+zNWY+UbGyI+RBJDKJ7k6p+PigfdrAQclzjfijgl+FBuDZlRoXP5rCxqKcQJojqdjfJWh5yS90XSxVIsqAoxe+orywY/HDGZyK/ziKR1fPL1KOmhamM8eAyYx6PHEALCkZuRJm6ZfHqf1nIaoC2tYwDba9Or2w55pIMoa7UVSYCHbxPDcWBWkZqP8rBDCuK1oBjq0mGFvms4koFEJR4wTLakvVRhFS9JK/nAAedY4KKw7p2Cc8SbcpBjPCALaRTQ8leaxaqo8ne1uhZD1PBHNa0JGhryTpBu2XXrG8H9IaGkJNmr6cLhQcNOuQ5I5YTblD2NNTXkTuJk0C0Lc8bNqMI+BUZv0T4v4hAgC5H1V9bJOBzRKxcALtAKlCaXFXNyml27FmHNevxB+Os1vneDp9XaMS7gf3CxHhZjgSMKI7YZ6GVpNz/7B1HQVQMLWZThQcGmwkLZRYFcC4dfDfd6LCKhxRxN55/J8n60C6ANWQQpmW5rE+YIUlM9mjFqfkDCF0hfxIiHBa9qYdZuyNgXm9SZoCnLxOnQ7gi1YNajVrV5hB0rytctRp2P76fqbmb6rvvdnf81TIE0EvyatcUe6URpDK1htZjH09i9DohVcQ89F1JbhHWi1OynCBeVwDCXwqa0kJVuV2JZGvhlqTJVpwoU4WxkxJRwdmwUlPjjDrpSW0PnLlACsAdIFTinhAqR/UwT87l3Sylct5EWYTTDOKLDJdsBDnxazXsIufEtPtFkOjHazM/pPbE7f30ngrY3LS34k89U4O6ndshVcHlTRx5OclnXPsq6PofuHkB0o2fzMy60BK/yo9a1873qZ36b0oxN/Xu+msxgZ40IJJdSyypgpbYHPWOmHH5ZStuIg+uqDiR2ML33/g2kl4iIkw7nUL0Mekm5nx6C4eXdtc94RI6ekf860XsQtSyP27foBg4Yuq0rshfh/9gpWUp50aUOYhiNAtvUZipGVPeTEst6SuwiyJ8kyEvPhOGqlld6NnVMDvp2+xg3jrIBLMXLBxyCIDD8g2b00nP2rlJdt3XxkwvJCFMA7d215z96SpPpNka2CKllCOEeWlVizmPxzCAxIBdOpzeTwsQHZSvdJNln2CsXy1nBpRNkKmETuIHeu8ABfkU6MQXDf6nAOE/psKmWUTVgc
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <CCC0335E1ABA1D42B4163A07060242DF@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa13241a-666f-4231-4715-08d8d274b9f9
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2021 12:16:44.9921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xOiw2GTr2WFNFLnLkjNzth8+mmA5bKrSlzvFlsTwtZyJsX966uFVvc/+41JW4v4MmWyInIMQYvxrtnRULy7i9g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4888
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/EHlWjImbSoCplUEGtKzpOf8Gzco>
Subject: Re: [Iot-directorate] Iotdir telechat review of draft-ietf-core-echo-request-tag-12
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 12:16:50 -0000
Eliot: thank you for your review, I just repeated it in the 'no objection' IESG ballot for archiving purpose Christian: thank you for your quick reply to Eliot's review -éric -----Original Message----- From: Iot-directorate <iot-directorate-bounces@ietf.org> on behalf of Eliot Lear <lear=40cisco.com@dmarc.ietf.org> Date: Friday, 5 February 2021 at 19:53 To: "\"Christian M. Amsüss\"" <christian@amsuess.com> Cc: "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "core@ietf.org" <core@ietf.org>, "draft-ietf-core-echo-request-tag.all@ietf.org" <draft-ietf-core-echo-request-tag.all@ietf.org> Subject: Re: [Iot-directorate] Iotdir telechat review of draft-ietf-core-echo-request-tag-12 Christian, Thanks. This answers my questions well. Regards, Eliot > On 5 Feb 2021, at 18:52, Christian M. Amsüss <christian@amsuess.com> wrote: > > Hello Eliot, > > On Fri, Feb 05, 2021 at 09:09:49AM -0800, Eliot Lear via Datatracker wrote: >> I do not understand why the Echo option requires opaque data, and why this >> should not be standardized, as it seems that the behavior you are seeking is >> standardized. As you give two example methods in the draft, why not reserve a >> few extra bits to specify which method is in use? This would also allow you to >> drop the necessary callback routines in libraries. > > I don't see which callback routines would be involved here. In current > implementations, the value is passed around as an opaque buffer to the > component that is taking responsibility of the Echo option. If multiple > components inside the server produce Echo values and need to tell them > apart, the server is of course free to use the few bits as it needs > them (a pattern that's also used with similar opaque values like the > tokens). But maybe I did not quite get the point about the callbacks, > could you elaborate? > > The behavior we are seeking and standardizing is the client's; servers > can use the option as a tool for a variety of applications (those in > section 2.4 and more) which can all work using the same generic client > behavior. > > None of the envisioned applications have any data in there that'd be > relevant to the client, and worse, if the client were to understand it, > it could try to construct values, and all of a sudden the security > considerations for applications of this, like server state recovery, > would grow *way* more complex: From a simple rule ("Only send an Echo > value if you ever received it from that peer before") that the server > can rely on the client to obey, it'd grow into requiring the client to > understand when it may or may not tamper with the value. > > If a particular application needs the client to understand a value of an > Echo-like value, it should take "the few bits" out of the option number. > (For example, I'd be happy to review a draft on sending a realtime > timestamp in requests -- but that would cover quite a different set of > use cases, and need vastly different security considerations). > > >> The last sentence in 2.2: is this meant to be limited to OSCORE or all uses of >> DTLS? I found the inner/outer text confusing, and that a diagram might >> actually help. > > That sentence is merely illustrating the corner case exception, I'm > confident we can enhance readability here a bit by not referring to > DTLS. (It is general to DTLS in that in DTLS all proxies always see the > CoAP options; it says something about OSCORE is that (DTLS or not), > proxies see the outer options only). > > On the general inner/outer diagram ... hm, we could add something > for sure, but I'd be worried that it'd distract by putting focus on a > topic that really belongs to OSCORE. I'll leave an issue open in the > authors' tracker to revisit this when more reviews have come in. > > Thank you for your input > Christian > > -- > To use raw power is to make yourself infinitely vulnerable to greater powers. > -- Bene Gesserit axiom
- [Iot-directorate] Iotdir telechat review of draft… Eliot Lear via Datatracker
- Re: [Iot-directorate] Iotdir telechat review of d… Christian M. Amsüss
- Re: [Iot-directorate] Iotdir telechat review of d… Eliot Lear
- Re: [Iot-directorate] Iotdir telechat review of d… Eric Vyncke (evyncke)