Re: [Iotops] Error categories in constrained IoT authentication

Göran Selander <goran.selander@ericsson.com> Tue, 23 February 2021 11:08 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9593A1345 for <iotops@ietfa.amsl.com>; Tue, 23 Feb 2021 03:08:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jRosJ4R95vjF for <iotops@ietfa.amsl.com>; Tue, 23 Feb 2021 03:08:13 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2080.outbound.protection.outlook.com [40.107.22.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 155553A12E4 for <iotops@ietf.org>; Tue, 23 Feb 2021 03:08:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ha8N7YcSX2Fgb82P2BOh0xmd3DkvXn8QDtEBgJK2j1KQu2CZDJUxrWrI8OR6fdgxkiwfECI1UQZJvCwEwLOpRSL+x0O8D9dd6lX8NHf02BDzPSB3gf7BHS2H87HJIlSoulNnm5ZtqUje5uFDv4SsFiUNkNxsbq2uTEXw02+666LjDApkgTnF2Cs9+769uVQC6axv9ttEYnjQ9gfOhxgDnIIgO3F/ntgd/SzdFavxw1iV+ZnC6KWh6W2mAHKUi30qxdCqVxhkw1iafzNbdXS9YbG74sXJcgRG2zBxLV5W+9UwJ0VXHpzJWSV42+7rNffAmVqiQDmFU/Eff93E5loZTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XJTv9d7HiS5h3+5Rjz0p2s1MlLywZJDUMyC88XE/upg=; b=QAkbHQuEd7TCmNAMjXjCqNr6Ps8EVKi4U+7YYB/C8zkREC0cvM80HB+USHYF2imwnZKe+xsskYh6xgxri9ILmCxMfEjl0jgy44h/kl/Ym+glDqpZvSTMcl05aCy1WpCx5akMzUs1/BLOYDTWHR9UxtUxVzIEYtkiUZid6FM+ca2WxvAlVA2jGP2+WTEzr6v/AllFix1l7i3zKGnUFHvTmvpQ7S5wYcDaSxK4oulkrl8qGXqMuS7HaJGejghnJQAQrRAHxq8hl9f40K8UT2qAQ7GXtrdVMFL2dCT11ICtQwv0wFuZWz2/gVmaou6Vy89EB19lfBL1ptOuwwI6b8sVIQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XJTv9d7HiS5h3+5Rjz0p2s1MlLywZJDUMyC88XE/upg=; b=GUWpJjEC7JtIoVYhNsUA/MJm5bRjE+h5X9jErCRgGz+qswoIiFTJg9y1a3odeOi3pmugJ9rIZWV6rwFPHIGx10ph/HaJo9AdhpsyUOeVEhDPPDUOCxBeHbOo/CvmhD5SFe53YzSasmawaf8BZQoIbB+tZiFtVaJV7/OCAsLiD5g=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR0701MB2521.eurprd07.prod.outlook.com (2603:10a6:3:75::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.14; Tue, 23 Feb 2021 11:08:10 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::588f:43b1:d981:5bc8]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::588f:43b1:d981:5bc8%5]) with mapi id 15.20.3846.045; Tue, 23 Feb 2021 11:08:10 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "iotops@ietf.org" <iotops@ietf.org>
Thread-Topic: [Iotops] Error categories in constrained IoT authentication
Thread-Index: AQHXA7sevPYsVE9D80KdsgQDTgiUsqpZdgoAgAEA24CAAJSDAIAKpjwA
Date: Tue, 23 Feb 2021 11:08:10 +0000
Message-ID: <08C9D759-335F-4AED-9A53-458834804998@ericsson.com>
References: <49569FF2-938B-4584-B290-F16558F352F5@ericsson.com> <27125.1613409584@localhost> <7FFB63D7-801D-4E8B-8257-BE9BCF7BA6BF@ericsson.com> <32317.1613496636@localhost>
In-Reply-To: <32317.1613496636@localhost>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21021600
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.249.67.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ecfa152b-b8f6-487c-e38d-08d8d7eb4e96
x-ms-traffictypediagnostic: HE1PR0701MB2521:
x-microsoft-antispam-prvs: <HE1PR0701MB25218CDF18A9D1661103A2F0F4809@HE1PR0701MB2521.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3SxMxOcmcz3jG3uLmHMRzBsHJql6vPuOauHL9CwrmJmdWRi77/tiZwjU0243a/pKufMGV7OGePz1AMY7ajFy3Lf+Aw0R0C90PobGgGFirv2FCRVdO9wQZmiSe7wyRSfc+HfQFE/+fVAybt+tiMce9BXcyRUUkgAKIzGrTg/GHCer/mS7j+hiqSzfc1IRZFaXn3uFPCVGXVLdKk4D6XBUDvEh9dS2LknjLRAnv7mDLDvEBInEjdQuGrzF3s70rWeiSUR/eyxTQdWvf6SWZxx3hTFiTTlxlatYved2f49WZFADvgfVWAdOsq7Dsuuv7XqwI8Oissef95vbAIg5ovenBofekO42r+QiIvYDuX6zrXdwv5kNlvR1a5x1LmiYEgVqySfZ3X+Lox1anDo/mIvXhBNoe89Fyui/6caA+hRC4x5l3LS/mLYTmivGvbCUrWhu+yPl5qxc7ctSzfB00pZyy9i8ligc7OfNfo8hnXwN6PyWIjKxmVCvWhXU5lfGIZZW137DkGOCFKbJunPKtMBdTig7eqi+c+nLGXouuiIWblLvXs6+NALHh9IAr8v2AzarXaLwGt5W30fXdsAda9jkjw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(346002)(366004)(39860400002)(396003)(66946007)(5660300002)(66446008)(66476007)(85182001)(66556008)(4326008)(6486002)(8676002)(186003)(76116006)(64756008)(8936002)(478600001)(66574015)(36756003)(86362001)(33656002)(83380400001)(85202003)(2906002)(71200400001)(316002)(6506007)(26005)(2616005)(6512007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?cnMzVGZEZ1NzUERMY3ZBTEgvQ21HRGJnTm5yM1BESmJmRkJpeW5OaDZ5aElU?= =?utf-8?B?Z3N5Y0cxcFlsTWRuZUdOUlZKbDIvNXJiSEMzQ25Nby82WW9QRjZEZ2VTR2Zm?= =?utf-8?B?REZETWp4VVhnSnRyODV3R3p0WnQ1R1orekNtSC9hVDhCcGdTMnY1K2FLTkJV?= =?utf-8?B?eGdNb3BNQzMzL0dGKzNDdUFvb0JESkhEOXRxelZGcnk3T3dNamFSWnpuOUE2?= =?utf-8?B?Q3pTclJmZm1XQTFyRWNZSWVqNEJlRGxvWDdib05kejB1ZW1BVFJldXF3NE1p?= =?utf-8?B?VnB4UkNEaitZNytLK0RoOElLd3BWNkxjbFVNSXZtbk9QMTF0bWhZYzY5aGFX?= =?utf-8?B?NndrSXRmWnRxN0x5cTkwVkJzMm9za0hTc3E3bFROYlBZTFd6Vll5bml5Sytl?= =?utf-8?B?VDlYMXA4cXVHaHNrNk1DWkRDNFgvYTFXMnk2M1Mzc3Jub0dVa1EvM1MrTmNO?= =?utf-8?B?MStRYU84OVhJNTV2d3hVMkRNRmlKNnVpZWhxeEtRYVNhSEVwc0FuaVliQjYr?= =?utf-8?B?b0psSDNaWFZFd3V4V3FXTUVpemhseEFISTk5TEtMa09RMnN1cWJHWjhHOFhp?= =?utf-8?B?S2xCM1Z3UHFNclVNRmRUOWVJMFJuY25oRENzTHpFWVNmRFRrSmRacGt0aFli?= =?utf-8?B?Tk95RU4zKzRzNDR5Zm0reXRweHVNcStaZE5LdVU3ZEtQditzS3dsdjlFVVQ2?= =?utf-8?B?dDFWRm02NDVhN21paXVDVWgvdS8yQ3UyMmxTT01MVzVNdmZ5MVlhZmVXZENH?= =?utf-8?B?S2c2Y3lNRnVJKzZHRDd0VkFkRjR6UG1YK3AyYkY1ZlRLMDZuaWxDTDl5dTVK?= =?utf-8?B?ZGJBUzJsd3M3ak1rZ05YdS9hZnhneWh4RExpQ2E1bUlPeklMaFhVdWFZSjk0?= =?utf-8?B?OGJsQWUrM0h0WWY2cmV5VlcwRjJybGhaK0N1WU1vaUc5MTBMTUhWUUtLUDNV?= =?utf-8?B?dG53ZkM5NFhpZFcyN1h5R2U3RHBvTVFsTDQrUUw3QklaWlRJcVMzanh4QVdq?= =?utf-8?B?bHhZaTZyVXhaeWloRUFtTDdscXNZVlNwanlkMHNZZ0x6QjNVOWxtVWVjK0Vt?= =?utf-8?B?ZkNvMm1RVHB0ZXJaYUgzTUdTVTJEUThmUzdOM0tuaGNCRWszZVEwZGorM0ZV?= =?utf-8?B?dExCbDhQYmtZd2hQSTFuVkczcW81d3FhdHphZGhVOEtpSm5RUVBJUGNKZnV3?= =?utf-8?B?NllDRUw3bDlPVm1aNU5pU2RUdDBKSFlpbzdMQ2t2cGNLM2h2c21XS0xZVFdz?= =?utf-8?B?cjJ1b2oycWlTNmh4RkU3Wm5YSEplTXRoMWFuTXhaL2MzRHdEOVYxakZ6RDUr?= =?utf-8?B?clgxRm9YTmhRaFdMMW5Xc0NwdVg2OTd2TENUU09ONVBOM0lETzE5cE85NnRx?= =?utf-8?B?ZG5xbnZ4dG5aVUxJYVllVEdyMElZQnRJejFXc0FVVXRDd3FVdFVYUEprZWIv?= =?utf-8?B?NDYzVGdEeW9ONUJlZm4zeGgrMDNEaTJDcTFUNGVKY0lueUk1K2lVTndUMG1W?= =?utf-8?B?M3FPdTdwMzFsNVBET1B4MUxYYlVZakowNnkyRXJoaGJUSHduUy9sSm93OTVk?= =?utf-8?B?L0xoQUd2UUtXaWhIZjkwTkJGZFpEeW4xbWpWaUZ1N09oRnNFTDloTXg2czlY?= =?utf-8?B?aFZZS1dDK3VMci9YSnBDYURHclNneUttVlREQXZUMmRiSDhxY2grVVNWUDcx?= =?utf-8?B?WnNvdXJ2TlZjcExaZG1OeVdkTW12UkxrNm5wS0xvN2hQYU1sa2UrWVl4TFEr?= =?utf-8?Q?RJyzDKJTkSlMuTQm8MjJFan4Bq6GU+9/eSM/j5g?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F878072D5905FB4DBF47C34DDC566A43@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ecfa152b-b8f6-487c-e38d-08d8d7eb4e96
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2021 11:08:10.8283 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: naAbDEbewSQuODtaWrALxrIEW7SuUQFaWSiiApIqWSyOkup8XT+dm9CmoHxahiJlUMCC5zjXwb47hJUEHb+oQzqSXPM4ipg5U2FRdFbCjfM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2521
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/GaGwA1p3uj4XkKtylkXjuScQIA4>
Subject: Re: [Iotops] Error categories in constrained IoT authentication
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2021 11:08:15 -0000

Thanks Michael, a question below.

On 2021-02-16, 18:30, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:

        mcr>     I think that there is a sweet spot where we could get enough
        mcr> information to do further investigation, while not blasting useless
        mcr> information around.

        GS> Exactly this was the intent with the draft error categories A-G in my
        GS> previous mail. Are they doing a good job?

    mcr> They get close, but they only describe complete failures, and they may need
    mcr> to announce intermediate progress, or even failures to even begin.

[GS]  Could you give some example of "failure to begin", and "announce intermediate progress" which illustrates missing top level categories? 

* I can see that category D (access denied, credential valid but peer not allowed access) -  is announcing intermediate progress since it denies error of category C (credential error). 

* Intermediate progress could also be incorporated in sub-categories. For example, if we define :

A.1 Syntax error
A.2 Incorrect protocol field.

then A.2 indicates intermediate progress because to be able to determine incorrect protocol field at least some part of syntax needs to be correct.

Thanks 
Göran