IETF Logo Mail Archive

Re: [lp-wan] draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus Westerlund Discuss

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 02 June 2020 15:33 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF9CD3A0B42; Tue, 2 Jun 2020 08:33:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Zm9mQA7F; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=oV+jITzb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VdVbCZT4Hh09; Tue, 2 Jun 2020 08:33:32 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6DA83A0B35; Tue, 2 Jun 2020 08:33:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5686; q=dns/txt; s=iport; t=1591112012; x=1592321612; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=QMqw/E01Y/QRIeTmSnCZagovXN21yNgpvGZjvBbWL9Q=; b=Zm9mQA7FnP6QPi5MWWs/hjiB41PEZ2mq5re6Ss0KOHOD/Zzih6PaY5EA gMrTbF8A2UxS4Yg7au6ZrYtozTgqViF0113ZGU1M9MgAHpjMDIFf/IIOd IzODl0/sW46T2r+SCJETycDdLMg1XtxjkP7Cvr6uS4BFNwDG+149bdMLO 8=;
IronPort-PHdr: 9a23:gQLLARPR8Jm+hETY4Xwl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvK8x3lPMVJ/QrfNJl+SQtLrvCiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFHXq2e5qz8fBhu5MhB6daz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0RDO5HBPfrdb
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ASCADdcNZe/5xdJa1lHQEBAQEJARIBBQUBQIFKgVJSB29YLyyHawONRJhNgUKBEANVCwEBAQwBARgLCgIEAQGERAKCGwIkOBMCAwEBCwEBBQEBAQIBBgRthSwGJwyFcgEBAQEDAQEQKAYBASwGBQELAgICAQgRBAEBFgkJBxsMCxQJCAIEAQ0FCBMHgwWCSwMuAQ6kJAKBOYhhdIE0gwEBAQWBRkGDIxiCDgMGBYEzgmSCS4Z7HRqBQT+BEUOCTT6CZwEBAgEBgRpJPYMIgi2OaAOkawqCWIgykFyCZokIkiyQYIl2j26EFgIEAgQFAg4BAQWBaiKBVnAVO4JpUBcCDY9aZjiDOoUUhUJ0NwIGCAEBAwl8jD8BAQ
X-IronPort-AV: E=Sophos;i="5.73,465,1583193600"; d="scan'208";a="506186297"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Jun 2020 15:33:31 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 052FXVcv012915 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 2 Jun 2020 15:33:31 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Jun 2020 10:33:31 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Jun 2020 10:33:31 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 2 Jun 2020 10:33:31 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h5q9wFtg6gg3qOfCjkXbKi/+8Uq6pVHbJpUsvpMEAwT70kZkepZBZeBKhNkcrOu6v2M0L7dpZHppYs/j58GQjZNW8UHGqNZNZ4RUqRLNP9OdafViaYRh8fqZJDdlfagXT/8g6OtOKPDAhHnPbS8sHoQFOAReHQRQLkWk9QMijVnW4E8jnWyd11IOKWPcgrOTORiE8d/3P2uLwDEHhcJp+jgKlGsJSGqBngebu4yk/6OptDmQjndqNygsQZUlt0hJFDQA61zJtbzqHaD4B30WCZYvQjAxIqmRrMyNZOH0czxu8yDWZoe9Ixu5V/NlxKZ99L36Ykl+XRyHdzxDX0y4bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n/g5aWB3UWauBGocJSjTr7jCrbBh+gIliCyRX7NXja4=; b=QaWNxQyuya9tKmCzCCFZn5UNyAPfnxH5oCFYWf/U3MB7TPqiCu13ctYSRb4riD97P2Q7I6kfjmdnAkUW/jl8hnaIQxnCePQ3JP9kVzzFWRvWuW40LCKLCFqdIduDfg+YeD/NJoYHOJKD+iKA3gDkLVx/9dWwP0PEXaTB5ydv5eSdCOkWOO6pt47vjjt0g/0oSgteFwsvszjlmo+NS8O+f0aoMh4nCguxrO+0fnDkxhW7GDTySv6CSy/BzZBbw3KA+BvfK/cCeNWyTP4L+99mU88JbbrI0+MrMB+4NKFH0mbOqsOc7gG/VL9/Fd7uzH15iiO//XKKiZTAxC1DLBLfGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n/g5aWB3UWauBGocJSjTr7jCrbBh+gIliCyRX7NXja4=; b=oV+jITzbjnhfa8gdBxtJctUaOb5A2jPo9vs6oAvl7nKYaT6YkJhtIgvPp34XzBKZoGFYV4uHko+AEGUNZm4xPJ6rmDA6J/OPNRYPMA1IiHXfj94qfKh1acaJeaVB/fMJPKtImIiJFwfG65IGg/79JGaNpHRAMk6M+M3YNEQBreE=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB4728.namprd11.prod.outlook.com (2603:10b6:208:261::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.17; Tue, 2 Jun 2020 15:33:30 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::55bb:b065:86c1:1108]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::55bb:b065:86c1:1108%6]) with mapi id 15.20.3045.022; Tue, 2 Jun 2020 15:33:30 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>, "draft-ietf-lpwan-coap-static-context-hc@ietf.org" <draft-ietf-lpwan-coap-static-context-hc@ietf.org>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "lp-wan@ietf.org" <lp-wan@ietf.org>
CC: Laurent Toutain <laurent.toutain@imt-atlantique.fr>, Ana Minaburo <ana@ackl.io>, "dominique.barthel@orange.com" <dominique.barthel@orange.com>
Thread-Topic: draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus Westerlund Discuss
Thread-Index: AQHWNQVC6yg0Ybl4Oke1qi8cLHU52ajFcu+A
Date: Tue, 02 Jun 2020 15:33:25 +0000
Deferred-Delivery: Tue, 2 Jun 2020 15:32:37 +0000
Message-ID: <MN2PR11MB35656543D6AAC7CBB942F9CFD88B0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <159051093254.21121.16926703305000099981@ietfa.amsl.com> <5dac4a2a45ae78b7b7d6926545aab9533f457c08.camel@ericsson.com>
In-Reply-To: <5dac4a2a45ae78b7b7d6926545aab9533f457c08.camel@ericsson.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:749e:4e40:eb0c:a411]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b9fb39e7-b90f-436f-bd98-08d8070a4d6f
x-ms-traffictypediagnostic: MN2PR11MB4728:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR11MB472863ECE93F9307E8FC6B04D88B0@MN2PR11MB4728.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0422860ED4
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: D7l0DMUg+ceMWEYzkgmpnnkKAXIQIDErt+5J8JQtpzwApapZk41qF8COcqmQ+3ZgBEwxM0cnfwJHhAgMFmdGQtx3LZ1+1E0knrHRh7hUbOJcrUulCeUrWkPLh6hWd56n6nb63eOoi/XT+8TV+3DwwCoeNlX7vWfj33m+ixeHUZxErhj5804oia82X6LItraoMhpl4u+mqNR5yDIw/L/t6k/+WcqAydR6OaoshXNX+C33XSAePr/5PDUd19wdH2HXd3wrARUU5xh30cjmeBc6tTgWqQTIvC+DxjPz56ubEgVyqvtM4Zgt95A2mYn72hNKge+8OtLCiCnkSWaCmAAYiOwAvIaUtGXUYWC7o5q/3MKjNc5ojDdORbF1zvtsDQIlVLlCStTKkpzWivTlPiVA+w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(39860400002)(346002)(376002)(136003)(396003)(7696005)(966005)(478600001)(33656002)(8676002)(53546011)(4326008)(52536014)(6506007)(76116006)(5660300002)(8936002)(9686003)(86362001)(186003)(2906002)(66446008)(66556008)(66574014)(6666004)(66946007)(64756008)(66476007)(55016002)(54906003)(83380400001)(316002)(110136005)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: nnb4jZPWRGWc94GhZuXb2CkSqr3Lx3x0A73goJdyRhWmz0sgXDIIILKx2qTDHhn5yjxidLijPzvTN+o6U8AXCi/O8Cqerb6eMM8PFt7dQOGhjaCsBNQG/J0SWyB8+ggpniiG+9TILv5z9mB5MRJMx0UdRk0dA2Yk3CxbaBAgFCj3Dqr3HCGth6b74Y6tP0h7dVtBnEV1eH+uXxASja5nNL/cekm4wposO5cKmlBSwt8rLEK5YiRCnd97vWgjrGGUlv/a1TxTUCRppK7gEPDDYHCxYSs+inbhv1ILoMJfMj9Cd1bz/GlvtcFiHQVjqmDoCn2AaN0eMgJ+QW9H13j4RsqOsJMPWWB4rRwTgqe16e0D3tUedIIVeOwlNPdp3fhAg0CCWqaY4k/6+ZOQzLRC6EJ47kiyhFHamQjSPyXuGAnLJDFxhI9hDZMlKw8jvT8n1njxuMFJOEI5pD/NQUHe4R755nF4nao26ZhU0O+e3FejlITXg5far+BJt9GBSBianXaM7wsd6QwaEFgcy9IZGSGHQGQ7FKpku8rS/auOocnshzCDK2DGDlYmni6pF3nH
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b9fb39e7-b90f-436f-bd98-08d8070a4d6f
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2020 15:33:30.2661 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vHmF5OUhgf2NX1djvdER9Sf/MMuetDHPlR5djt+9u93nY6wIawZlomP1/XHpEApTCOZT1ftGaXYh8qClhTv8bg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4728
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/4ZhS0r3RX-CCVjGr-ZVfBtbZmsI>
Subject: Re: [lp-wan] draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus Westerlund Discuss
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 15:33:37 -0000

Hello Magnus

I think there's a confusion here. It is true that this draft discusses how upper layer security and that COSE can be used. But for all I can see it does not affect the SCHC operation or the way it is provisioned. It really affects the deployment since the decompression is done in 2 stages (possibly in 2 different places, the first router and then the application) but that's still SCHC, operating twice, for outer and inner pieces, as described in fig 8.

If a rule matches, say, a source and destination IP address, and the other checked things in the bit stream that follows also match, then the rule applies, and the bit stream is transformed mechanically. Whether that bit stream contains encrypted content is not really the point, this is all bits. SCHC does not do the en/decryption, and is not aware of the content of the security association or the key material. This much happens between the 2 rounds of SCHC but is not part of SCHC.

>From the rule perspective, the cyphertext is inlined as another bit stream that cannot be compressed.

To your point:
> - Discover the peers capability to perform SCHC for COAP or can one opportunistically try?

This is a problem for the security layer between the 2 SCHC stages but SCHC itself is not affected. We do not try anything, we mechanically change a content into another when a rule matches. The security processing is handled in that intermediate layer between the 2 stages and it is what is affected by the architectural change you point out. That layer must be provisioned or must discover / negotiate with its end peers, but that's not SCHC.

> - Taking into account that an COAP application can potentially talk to a number of peers, each having different capabilities.

If the rules are match a particular IP address then we can have different format, with and without the 2 stages, but the cyphertext is an opaque bitstream from a different layer to the outer SCHC operation:

> - Are there need for a redirection/invocation mechanism- The actual context exchange mechanism.

The  SCHC rules (as opposed to say RoHC) are not dynamic and fully provisioned in advance, and this does not change when SCHC compresses CoAP or COSE. Note that we are working separately on the data model for that. But I do not see that the data model is affected by the 2 stages operations. There will just be different sets of rules for inner and outer.

Cc'ed authors, do I have it right ?

Pascal




> -----Original Message-----
> From: lp-wan <lp-wan-bounces@ietf.org> On Behalf Of Magnus Westerlund
> Sent: jeudi 28 mai 2020 17:33
> To: Pascal Thubert (pthubert) <pthubert@cisco.com>; draft-ietf-lpwan-coap-
> static-context-hc@ietf.org; Eric Vyncke (evyncke) <evyncke@cisco.com>; lp-
> wan@ietf.org
> Subject: [lp-wan] draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus
> Westerlund Discuss
> 
> Hi,
> 
> I have looked at the changes in the latest version. However, I don't think they
> resolve my discuss ( https://datatracker.ietf.org/doc/draft-ietf-lpwan-coap-
> static-context-hc/ballot/#magnus-westerlund
> ).
> 
> Let me try to re-iterate on why I think my discuss is relevant and you should do
> something credible to address it.
> 
> So my discuss are really only focused on the case where SCHC is used on top of
> a security layer that pushes the SCHC implementation into the COAP stacks at
> the end-points, rather than potentially lower layers on top of the L2
> infrastructure.
> 
> To me it appears that this change results in several architectural considerations
> that didn't existed before for the entity that are going to determine the SCHC
> capability in the peer as well as the context establishment.
> What I am asking for is really only an description of the changed architectural
> context and the requirements on a solution for the SCHC context establishment
> mechanism.
> 
> - Discover the peers capability to perform SCHC for COAP or can one
> opportunisticly try?
> - Taking into account that an COAP application can potentially talk to a number
> of peers, each having different capabilities.
> - Are there need for a redirection/invocation mechanism
> - The actual context exchange mechanism.
> 
> Can we please write a paragraph or two in the suitable section in this
> document rather a single sentence pointing to an appendix. That appending
> containing a single bullet that are supposed to be added:
> 
>    This section extends the RFC8724 Annex D list.
> 
>    o  How to establish the End-to-End context initialization using SCHC
>       for CoAP header only.
> 
> Annex D of RFC 8724 list is preface by:
> "This section lists the information that needs to be provided in the LPWAN
> technology-specific documents."
> 
> That is not really information to be provided, there are procedures that are
> needed.
> 
> 
> Cheers
> 
> Magnus Westerlund
> 
> 
> ----------------------------------------------------------------------
> Networks, Ericsson Research
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Torshamnsgatan 23           | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
> 
> _______________________________________________
> lp-wan mailing list
> lp-wan@ietf.org
> https://www.ietf.org/mailman/listinfo/lp-wan

v2.23.0 | Report a Bug | By Email