Re: [Iotops] Error categories in constrained IoT authentication

Göran Selander <goran.selander@ericsson.com> Thu, 25 February 2021 16:25 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E4033A1BE8 for <iotops@ietfa.amsl.com>; Thu, 25 Feb 2021 08:25:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GT_jbh069BCZ for <iotops@ietfa.amsl.com>; Thu, 25 Feb 2021 08:25:20 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60043.outbound.protection.outlook.com [40.107.6.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 700223A1731 for <iotops@ietf.org>; Thu, 25 Feb 2021 08:25:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V8IenDKLegESALx3MiVSEpSCnTh4t77tkoEo40agZ9pGYSArgrWmC1He/Ug2MLtMTKzw6Y1x/W5BqIIUDJWXjVUXsMe/zW0YRyQDFl/DZv9YzxWQCOfcKkigeMWutnTiY2xR1yRpUKRyyn+EvcwbgPLfjg0UfIwzWjXnk3easTcU0kNecf715qtXPWCx7+lp5n812bMthBfGlX0cHRpFvSnqBpbbCOpgIbrpk3A2b3xICfoh5GaVmvFoPILKqt39+KMsAJxEJU8EYyojR/lB8UtidDJSfSFIDmlnxtfifBSNz+2tjHA4CK0ACMTm1BlM/iDIGRIkKAdMi0xfb6fkTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yKFjnrDLsnfaFp7q1LPC5aBrhKOV1SV4bwVRJaly8Qs=; b=LwI+UATYChrdsI/6nwEyAG3nw/d3i8O3z9dWK0Y4fm9ZGydEsBfbx3VRjrUfLQIy8BaPq/LnsH3k0gYV8KkMus0QbClwswx5ftsps0E89O9YHmn3lF+k1Z8YoRe91jM1sur8y0c/uaExVKLHnNCb2uahpfQU2qZNajBPIzqDJpNedsSWEabjzWPxutSvFuAiePweRjfu+FsU4Qu1mnuTeZ6pXL8nrMJ8z/kg9CdfTBBcxYAGhJPT0Piih+YTOfUWk7B0yNcF8h61+tSAeehNEnpRnqgBkzBmBvhYg7J44jXZ4xQeuhsA44wRv5+5Sp7eJ+hm0WwpvJ3sjNmyaBVrSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yKFjnrDLsnfaFp7q1LPC5aBrhKOV1SV4bwVRJaly8Qs=; b=rPLRxVrZAs3XgD9EFJ/ZBtC977lKSpGfVh8yzwkWAyTTdeC95s88f70KK3SApi4qSG5NVSQnh3aytYyVW4xSfm4NvpdKVdlODjIWz9xDMHB05x2yvG1XEA8vskSmizQb+EX0N0TrwnUsmTut7ZczSEpvauRyih3MnNFq82pKeNo=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR07MB3305.eurprd07.prod.outlook.com (2603:10a6:7:2b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.11; Thu, 25 Feb 2021 16:25:17 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::588f:43b1:d981:5bc8]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::588f:43b1:d981:5bc8%5]) with mapi id 15.20.3846.045; Thu, 25 Feb 2021 16:25:17 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "iotops@ietf.org" <iotops@ietf.org>
Thread-Topic: [Iotops] Error categories in constrained IoT authentication
Thread-Index: AQHXA7sevPYsVE9D80KdsgQDTgiUsqpZdgoAgAEA24CAAJSDAIAKpjwAgABt+ACAAw9KAA==
Date: Thu, 25 Feb 2021 16:25:17 +0000
Message-ID: <D3F7DA0A-64E4-4F94-BF46-0195DA9B856F@ericsson.com>
References: <49569FF2-938B-4584-B290-F16558F352F5@ericsson.com> <27125.1613409584@localhost> <7FFB63D7-801D-4E8B-8257-BE9BCF7BA6BF@ericsson.com> <32317.1613496636@localhost> <08C9D759-335F-4AED-9A53-458834804998@ericsson.com> <30662.1614105706@localhost>
In-Reply-To: <30662.1614105706@localhost>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21021600
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.249.67.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fe31241e-776a-4467-1c5c-08d8d9a9f000
x-ms-traffictypediagnostic: HE1PR07MB3305:
x-microsoft-antispam-prvs: <HE1PR07MB3305361D02C8177ACA51B9BFF49E9@HE1PR07MB3305.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jOWlQYWThuXLCd2cKeQcZSh3GIC2piByskUhRd1ea/0bpS5H7hKvnKL/dYNRWdO1BTYoFOVO6UP57vPwGWKRCJYWTUxYrzAQN0e47kUJI3vAGvdNHA1tvedvoHIKQBSI9OiXg0HLB36bOLep0r1d6/HCoS7UuM55A4bX1YBso2SIvdRriJSmeV++sqJmmvQNlHCP5kyfdeR8Xy7F8bu61uk+5VFyNNpo1pHwFkcvEXbaIP8+h37fwgBdeLwSf9IL6+r1K3Ut6UPBbmJAAmxmrvhw6sKFEwRZpwfFKQY/nH0nwjqJcIaqlV7s0NsOBUFSG0P2JKXKkRiF8fRhLPyXg+DPO2Mz+Wj1cXhQb4Qv+uGd8SMkb7AQH/kx789Wow0LtHu8+iR9fe7PEvkYnjimFStJoCLMJgmTp3Tz1V5K0xGbjzZy9YNadovifjz0wCTGG/Ut981msdoKBj0/CCF2cCoEwJVQJeSt2nJxqFxVc1eDi4q7jv2/AK+8pjegIbd+bvep4duHtQ7PbB0e5HwuSC1oaPnpd0U3kg2DcUgEFdWakbvbdoLagY16h/PXGlnyxv4Xd2UswT6oHxpxD7/PWQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39860400002)(376002)(346002)(366004)(396003)(6486002)(64756008)(33656002)(8676002)(316002)(85182001)(66556008)(6506007)(36756003)(186003)(86362001)(8936002)(76116006)(478600001)(66446008)(5660300002)(66946007)(26005)(6512007)(66476007)(2906002)(66574015)(83380400001)(2616005)(85202003)(110136005)(71200400001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?ZExnQWZzRmtaNmlaRzRMc3BzWXhwTXFxazYzdGNNdUNzbnRVbU84cHNXV1ow?= =?utf-8?B?cnpQdDVVQ1M5NTlWL3krL3RLa0pSSCtCVVd0Q1l0bm43dEtaMUN0YzBQU1Nx?= =?utf-8?B?dExoNnpGdEhuT2YwVGhuMGtpUnJtZDdEY1NFVFpQSlU2M2VJMFNpMFB4alpM?= =?utf-8?B?cEtIZnZiMXN6QzdjOFMvUXdubm92dEhYV254djRaMXdnZEtvL0Q3SXUxWTlp?= =?utf-8?B?NTl6QVZKVzlNMkUyUWhmNXpEWitzcUFzOWRaNVN3OTZRdDVWVHFDM2xHWG9y?= =?utf-8?B?U0pGMkVmWGNTNnpQQmllS1VPUFFtYWovNnRJK2YzT2cyTS8yeDNiQzdGMmFx?= =?utf-8?B?cTF5cnEyY2FIVEN4Q1JDbTdCZjVpZ2o1cnZjQU9DcHdZTzBFZlcyTWc0STRw?= =?utf-8?B?K2Y1eGZLcjIrSDlXUHEzRmJYNWhMV1pZR3VxNmtkSmttLy9PeTh2VkludUZJ?= =?utf-8?B?Q0RVbHI0V1F6RTVTQ2ZrSTlkT1JKV1VCbkRaQWdRY2xTanRyMUxsZ3FhUlJN?= =?utf-8?B?REl5UEErRWxsNzk0UTdaWEtFOW9sTURBRFQzWXRXRk1vMXhNbWZrVm5LV05j?= =?utf-8?B?cTFBbFo0YW4vY3ZuQ3dCQ1ZuM2xCeE5XL1BkckpiNWptR3FFMHpKdTVoT051?= =?utf-8?B?ZFNUYStXTXlpTzYwaVhBUEM1WU5ZMnpsZ21jejJXZUhSeWUwTjJ1bkdzRzNj?= =?utf-8?B?dmJ2L3dhR2x0SEx0aE9scTdiL0tzdkVtVkJpTHhkSThCU0tTaW81QXVKZzlr?= =?utf-8?B?UXY3d2p2SzRBU1daTm1TMXRCcXVOYXBQdmhwckpPZS9zTHZQYUhIRTFsRlV1?= =?utf-8?B?b1VCKzkwNE9QYzcwYmFScGNDdTNoclB6NTMxNW0wYnJhTU04QVVibGYxOTBB?= =?utf-8?B?cjV5M1NoRzJKWVhIRXA5T3dmUm1IVmlPRVpzSmJlUGl3R2MyMkNDcVZxVEFm?= =?utf-8?B?SnNHTXNuR1FZdmxvN0FIUDUvR1JpTlc2elZ5cEc2aC9DZG03QjNKbGdMTlps?= =?utf-8?B?Y3I1YUNjMzZNYUNOM0ZsTEJEZUgwWHJ1dHBxVVRoTGg0Yk5DVDVrVWFNT2I0?= =?utf-8?B?aWFSeWh0cEVHY3RHN2xUcXJLNk1uSnZOWWlzWW1XVy9iTURPVWxSV3FKc2d3?= =?utf-8?B?bzQ0bTZuWi9LVzhuOHdicjdsVmQ3a3R0Mk5MNWxReVZJMlVYcnZJWlM3RXNp?= =?utf-8?B?WW9aVVp1alJ3M1pucWtVd3R6MmdEdWdqMkIxNlZrRnFrM1BobDNGdktTM3Fn?= =?utf-8?B?a1Vjd3lXN1d1Z2VEb3NXS2ZnaS9UUmpOR215OGdQek9nVllRRTVzWEpTQmJX?= =?utf-8?B?Nm9YQlFKQjVRbktTeFNLbjBYdVE5NVJITUVWZ3A5dDYxTGp3Q1NseXJ6VDR5?= =?utf-8?B?czZyTHlKVFpTOVppVnRocG9YbkFUbUExSmZERmUrMDNpZnpueVlXUThpQ0Jr?= =?utf-8?B?S2xhQnE2YXlsSFFDSDZjUlBhMmJ4S1U0STBYNTRkdEg3U0JCQVBlZkxxaXpT?= =?utf-8?B?bDZRZi9nNkNnaXVHSmVUcUpXOVVBdmZvZlB1bkVtUzZaaXVpVU15Z0s2WkVs?= =?utf-8?B?WXJTZTI1UExKUnRTajlwTUphS1B2VEhmaHl2RElXZ1BDR2U0cjcyUmtnaTlG?= =?utf-8?B?NE8wZXBSR1lOenJ1UnJ4MWl5UnY1L3dta256U1NSWjRQS002R0ZpUEhtTXdS?= =?utf-8?B?ZitEZ0t6bndrQVNOVEtRZlRBZ0tsZlRueVlnd3dPSUhsY2hQY1JRZlAzT29F?= =?utf-8?Q?0Gi2hL0X/4n3vXya02CTAZTe94G5iS78zg07Z1t?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <765AD2BCEBFB8647A9E4734B29BEE113@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fe31241e-776a-4467-1c5c-08d8d9a9f000
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2021 16:25:17.1165 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lfUR8U7uxz5CGiiqhdtky8wKt2cRn4nQAzgsoAbVj1wPwUYTnwGwdxAK69eYt+9JLPFWSsixSQGZ/LjWfMMG758/qBbaabfhJfeQ3q/c6KM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3305
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/geGXq7FRGb3YZVj-z5-DLgrYhQk>
Subject: Re: [Iotops] Error categories in constrained IoT authentication
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 16:25:22 -0000

Thanks Michael,


On 2021-02-23, 19:41, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:

    Göran Selander <goran.selander@ericsson.com> wrote:
        mcr> I think that there is a sweet spot where we could get enough
        mcr> information to do further investigation, while not blasting useless
        mcr> information around.

        GS> Exactly this was the intent with the draft error categories A-G in my
        GS> previous mail. Are they doing a good job?

        mcr> They get close, but they only describe complete failures, and they
        mcr> may need to announce intermediate progress, or even failures to even
        mcr> begin.

        GS> Could you give some example of "failure to begin", and "announce
        GS> intermediate progress" which illustrates missing top level
        GS> categories?

    mcr> failure to begin:
    mcr> In a BRSKI situation: device has not begun onboarding because it never found a join proxy.
    mcr> In some other onboarding situation, it could be that device is waiting to see
    mcr> some other broadcast.  Or perhaps it needs an IPv4 address, or an answer to a
    mcr> DNS request.

I'm trying to map to things that has to do with the handshake protocol. These examples seems to be quite specific onboarding issues, and not clear to me how what top level category they represent. Perhaps driving the analogy too far.

Thanks
Göran