[lp-wan] Benjamin Kaduk's Discuss on draft-ietf-lpwan-coap-static-context-hc-13: (with DISCUSS and COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Tue, 10 March 2020 18:56 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: lp-wan@ietf.org
Delivered-To: lp-wan@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D74EF3A0869; Tue, 10 Mar 2020 11:56:05 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lpwan-coap-static-context-hc@ietf.org, lpwan-chairs@ietf.org, lp-wan@ietf.org, Pascal Thubert <pthubert@cisco.com>, pthubert@cisco.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.120.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <158386656585.15747.1893850819827714927@ietfa.amsl.com>
Date: Tue, 10 Mar 2020 11:56:05 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/da56hH0UP0Z7SyvX3-nS7Tr_9Dc>
Subject: [lp-wan] Benjamin Kaduk's Discuss on draft-ietf-lpwan-coap-static-context-hc-13: (with DISCUSS and COMMENT)
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 18:56:06 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-lpwan-coap-static-context-hc-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lpwan-coap-static-context-hc/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 5.2 claims that Uri-Host and URI-Port are unidirectional from server to client and "[are] never found in client requests", which seems to contradict Section 5.10.1 of RFC 7252. It seems like maybe this section is supposed to only cover Max-Age, with Uri-Host and Uri-Port rolled into Section 5.3 along with Uri-Path and Uri-Query? Similarly, Section 5.4 says that size1 and size2 are unidirectional (only in requests), which does not seem to be accurate given my reading of RFCs 7252 and 7599. I also think that we need some further discussion (e.g., in the security considerations) about how the base LPWAN SCHC document assumes that MAC-layer LPWAN security mechanisms are in use, but that CoAP is not restricted to such contexts. What additional security considerations are relevant when this compression is used for CoAP without LPWAN MAC-layer cryptographic protection? Perhaps not really a Discuss on this document, but what is the planned disposition of the tsv-art reviewer's comments regarding draft-ietf-lpwan-ipv6-static-context-hc and UDP Options? I did not see anything pertinent in the mailarchive. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Please respond to the secdir review; I don't trust my own response to be a comprehensive one that addresses all the raised potential issues. This document is targeting Proposed Standard status, but in some sense it's not clear that it is specifying a protocol per se, as opposed to illustrating a set of choices that can be made for applying the SCHC technique to CoAP messages. These choices are expected to be generally useful, but since the SCHC rules must be preagreed by all entities in advance, there's not really anything to prevent a deployment from using a modified version of these procedures, in terms of lost interoperability. In addition, the shepherd writeup mentions that there may be some desire to do a refresh in the future, after more implementation experience is gained. So I don't have a great sense as to which parts of this document are better as Proposed Standard vs. Informational. Abstract This draft defines the way SCHC (Static Context Header Compression) header compression can be applied to the CoAP protocol. SCHC is a header compression mechanism adapted for constrained devices. SCHC Is it also in some sense a key requirement that these constrained devices produce a fairly consistent or deterministic class of output? Section 1 SCHC compresses and decompresses headers based on shared contexts between devices. Each context consists of multiple Rules. Each rule can match header fields and specific values or ranges of values. If a rule matches, the matched header fields are substituted by the rule ID and optionally some residual bits. Thus, different Rules may Do I remember corectly that an SCHC rule matching implies that the entire header structure matches (i.e., there are no fields in the header not listed in the rule)? If so, perhaps a slight rephrasing to "If a packet header fully matches a rule" would be helpful. Compression mainly results in one of 4 actions: * send the field value, * send nothing, * send some least significant bits of the field or * send an index. After applying the compression there may be some bits to be sent, these values are called Compression Residues. [It looks like this is generated from Markdown and needs additional blank lines between bullet points] SCHC is a general concept mechanism that can be applied to different nit: "concept" is a noun, not an adjective, so this doesn't parse properly. protocols, the exact Rules to be used depend on the protocol and the application, and CoAP differs from UDP and IPv6, see Section 3. nit: comma splice ("the exact rules [...]" is a complete sentence). Section 2 In the third example, OSCORE [rfc8613] is used. In this case, two rulesets are used to compress the CoAP message. A first ruleset focused on the inner header and is applied end to end by both ends. A second ruleset compresses the outer header and the layers below and is done between the Sender and the Receiver. Is it worth having a parllel style and mentioning that the outer compression can be modified hop by hop (in contrast to the inner end-to-end compression)? Section 3 SCHC with CoAP will be used exactly the same way as it is applied in any protocol as IP or UDP with the difference that the fields description needs to be defined based on both headers and target values of the request and the responses. SCHC Rules description use If there's a difference, it's not "exactly the same". Section 3.1 return path (e.g. source and destination addresses fields). The CoAP headers instead are asymmetric, the headers are different for a request or a response. For example, the URI-path option is nit: comma splice o Even when a field is "symmetric" (i.e. found in both directions) the values carried in each direction are different. To performs the compression a matching list in the TV might be use because nit: "used". field two cases may be raised after applying the CDA: * The result of the compression is of fixed length and the compressed value is sent in the residue. * Or the result of the compression is of variable-length and in this case, the size is sent with the compressed value in the residue. [another presumed-markdown list, though this one might be easier to reformat just as running text, since there are only two options] o In CoAP headers, a field can appear several times. This is typical for elements of a URI (path or queries). The SCHC specification [I-D.ietf-lpwan-ipv6-static-context-hc] allows a Field ID to appears several times in the rule, and uses the Field Position (FP) to identify the correct instance, and thereby removing the ambiguity of the matching operation. draft-ietf-lpwan-ipv6-static-context-hc notes that there can be issues when using a FP of zero for "don't care"; perhaps it's worth noting that these issues are pretty certain to occur for URI-path? o Field sizes defined in the CoAP protocol can be too large regarding LPWAN traffic constraints. This is particularly true for the Message ID field and the Token field. SCHC uses different Matching operators (MO) to performs the compression, see section 7.4 of [I-D.ietf-lpwan-ipv6-static-context-hc]. In this case the Most Significant Bits (MSB) MO can be applied to reduce the information carried on LP This text was a bit hard for me to unwind, especially "field sizes [...] too large regarding LPWAN traffic constraints". At first I thought it was saying that CoAP fields were problematic for SCHC (though I can no longer see why I would think that), and then that the "length" of various length+value encodings in CoAP allowed me to pick a length that would be problematic for LPWAN, before arriving to my current conclusion that it's just saying "some fields in CoAP are large and will only take on a narrow range of values in a LPWAN context, providing a lot of static bits that can be compressed using the MSB MO". In essence, I don't know that the "regarding LPWAN traffic constraints" is the most effective language to use; emphasizing that the fields are large and mostly unchanging, and that LPWAN needs to care about those wasted bits, seems to be the important part. Section 4.3 If the device only implements a CoAP client, the request code can be reduced to the set of requests the client is able to process. nit(?): "process" or "produce"? A mapping list can be used for known values, for other values the field cannot be compressed an the value needs to be sent in the residue. nit: s/an/and/ Section 4.4 It seems like some guidance is in order about choosing how many bits to compress, based on the frequency of traffic generated, EXCHANGE_LIFETIME, and any other factors used to pick a message ID range for a given device. Section 4.5 Token Length is processed as any protocol field. If the value does not change, the size can be stored in the TV and elided during the transmission. Otherwise, it will have to be sent in the compression residue. [...] used to define the size of the residue. A specific function designated as "TKL" MUST be used in the Rule. During the decompression, this function returns the value contained in the Token Length field. I'm not sure I understand how these two parts fit together. I understand that CoAP places a tight binding betwen the TKL value and the length of the token field, and so if SCHC tried to treat them differently we could break a CoAP invariant (this seems to be the "ambiguity" that we seek to avoid, per the trimmed quote). But the last part seems to say that the TKL function to give the actual token length is part of the Rule, and the former part says that if the CoAP Token Length is variable, it will be sent in the compression residue -- if the Token Length is a compression residue then that seems to imply that it is not fixed by the Rule, and thus I'm not sure what the procedure is supposed to be with this "TKL function". Furthermore, I don't see specification of the TKL function later in the document. I guess it's supposed to take as input information from the Rule's definition and the token length residue in order to output the length of the transmitted token residue, but that does not seem very clearly spelled out. (Also, I'm not sure whether the token residue would necessarily be the entire token or the rule could allow some prefix to be compressed...) Section 5 Would it be appropriate to give some guidance about who will have to do what in order to cope with new CoAP Options defined in the future? I'm also not sure that there's much rhetorical benefit in trying to distinguish between Options defined in the core CoAP spec and subsequent additions Section 5 vs. Section 6); they seem to be functionally the same from an implementor's point of view. (Well, maybe not OSCORE.) There are also a few of Options in the current registry that are not given any treatment here (whether in Section 5 or Section 6); should we mention that? (Hop-Limit, OCF-*, ...) Section 5.1 I see only "Content-Format" and "Accept" Options defined in RFC 7252, but no "Content" option. used to limit the size of the residue. Otherwise, the value has to be sent as a residue (fixed or variable length). The content format is an integer in the range 0-65535, and if we don't know enough about what can be used to have a match-list, how can we make assumptions about a variable-length residue being better than a fixed-length one? Section 5.3 [Perhaps the interaction between FP and Uri-Path that I mentioned above could be discussed here instead.] This specification of the regrouping operation and the table in the figure seem a bit in need of further clarification. Perhaps "Even though there are two distinct URI-Path fields to match, the target values for all regrouped path components are consolidated into a single logical "target value" (with the appropriate number of path components) to be matched. The components of the target value must individually match with the URI-Path field values in the indicated field positions. Note specifically that the FP values, as indicated in the example, are not required to be consecutive values; in this case the path components in the target value are a matter of convenience and would have additional components inserted in order to match the actual resource path in question. For the subsequent Uri-Path fields in the rule, no target value is given and the match operation is listed as "ignore" for convenience; the actual matching has occured on the grouped value listed in the first field's entry." (I'm not sure why the CDA is listed as "value-sent" for FP 3 in the example, though.) Section 5.3.2 be created to cover all the possibilities. Another possibility is to define the length of Uri-Path to variable and send a compression residue with a length of 0 to indicate that this Uri-Path is empty. I'm not sure I understand this proposal. Is it to say that you could have a single rule that lists the maximum expected number of path components, and then use "empty component"s to represent the compressed form of shorter paths? It seems like this still has a hard cap on the number of path components that could be represented by a given Rule, which would be a significant limitation and needs to be called out. Section 5.4 [I-D.ietf-lpwan-ipv6-static-context-hc]. They are used only by the client to access a specific resource and are never found in server response. nit: singular/plural mismatch "they are"/"server response" If the field value has to be sent, TV is not set, MO is set to "ignore" and CDA is set to "value-sent". A mapping MAY also be used. Otherwise, the TV is set to the value, MO is set to "equal" and CDA is set to "not-sent". Please reword/reformat to give equal treatment to the three options (send full residue, mapping list, target value) in terms of the formatting and the use of normative keywords. Section 5.5 These fields are unidirectional. In which directions? Section 6.1 I suggest using rhetoric that is consistent with the two different block options, even though they conceptually fit together as a functional unit. includes a fragmentation protocol. They are compatible. If a block option is used, its content MUST be sent as a compression residue. Anything to say about fixed vs. variable length encoding? Section 6.2 Since an RST message may be sent to inform a server that the client does not require Observe response, a rule MUST allow the transmission of this message. Is it worth assembling a consolidated table of specific rules or rule functionality that must be present to have a functional CoAP SCHC setup (incorporating this and the base SCHC requirements for, e.g., a rule to capture otherwise non-matching traffic that is sent without compression)? Section 6.3 Otherwise, if the value is changing over time, TV is not set, MO is set to "ignore" and CDA to "value-sent". A matching list can also be used to reduce the size. Similarly to my comment above, it might be nice to give parallel rhetorical treatment to the three options. Section 6.4 This section feels more like a sketch of how someone could implement SCHC with OSCORE, as compared to previous Options' handling that has a pretty well-defined procedure. Would it be desirable, for example, to have a separate Rule for each value of the OSCORE flags that was expected? Section 7.2 The Plaintext is now encrypted by an AEAD algorithm which integrity protects Security Context parameters and eventually any class I options from the Outer Header. Currently no CoAP options are marked class I. The resulting Ciphertext becomes the new Payload of the I suggest dropping "eventually", as it will no longer make sense if/when class-I options are defined. Note that since the Inner part of the message can only be decrypted by the corresponding end-point, this end-point will also have to implement Inner SCHC Compression/Decompression. It might be worth being even more explicit that the SCHC context for the inner and outer parts may differ as well, since they may be processed by different entities. Section 7.3 The piv field lends itself to having a number of bits masked off with MO MSB and CDA LSB. This could be useful in applications where the message frequency is low such as that found in LPWAN technologies. Note that compressing the sequence numbers effectively reduces the maximum amount of sequence numbers that can be used in an exchange. Once this amount is exceeded, the OSCORE keys need to be re- established. Just to check: one could also allocate additional Rules to match a different prefix, and get additional sequence number space? Compression residue: 0b0001 010 (7 bits -> 1 byte with padding) mid tkn We had a space after "0b" in the request portion, which seems to aid readibility. As can be seen, the difference between applying SCHC + OSCORE as compared to regular SCHC + COAP is about 10 bytes of cost. I'd suggest noting that this is about what one would expect, given the fixed and uncompressible overhead of the 8-byte tag, plus the need for the dual compression with inner and outer contexts (each of which have their own octet for rule ID). IIUC additional Rule information would be needed to handle Observer responses/updates, but it's not really clear that we need to mention that fact in the context of this specific example. Section 9 This document does not have any more Security consideration than the ones already raised on [I-D.ietf-lpwan-ipv6-static-context-hc]. Given that we then go on to talk about more stuff, am I to conclude that the additional discussion is merely exposition on topics already covered in the reference (vs. new content that would make this quoted statement invalid)? In particular, I think there is another new security consideration worth discussion here, relating to the interaction of compression and OSCORE. To illustrate how this might come intoi play, consider the example in Section 7.3, where the response can be compressed to a single byte, since there is only one request message defined/expected by the Rules. In such a scenario where the number of potential plantexts is extremely small, an attacker with knowledge that SCHC is in use (and, perhaps, the Rules in question) will have a very easy time of traffic analysis, which to some extent will defeat the message protection that OSCORE is intended to provide. Variable length residues may be used to compress URI elements. They cannot produce a packet expansion either on the LPWAN network or in the Internet network after decompression. The length send is not We should probably say why ("because the static context embedded in the Rule used for compression can only remove/replace a static, fixed-length prefix of the URI component") nit: s/send/sent/ used to indicate the information that should be reconstructed at the other end, but on the contrary the information sent as a Residue. nit: "on the contrary the length of the information sent as a Residue", I think. OSCORE compression is also based on the same compression method described in [I-D.ietf-lpwan-ipv6-static-context-hc]. The size of the Initialisation Vector residue size must be considered carefully. I suggest adding a note that there is a tradeoff between the efficiency of compression and the number of protected messages that can be sent using a given key/SCHC context; the following two sentences don't seem as clear as they could be. So ... A too large value has a impact on the compression efficiency and a too small value will force the device to renew its key more often. This operation may be long and energy consuming. Perhaps, % The OSCORE initialization vector holds a message sequence number, and % a unique such number is needed for each distinct message. The SCHC % procedure gives compression efficiency by assuming that a fixed prefix % of the IV remains static and eliding that fixed prefix from the % transmitted message. However, such compression has the corresponding % effect of reducing the number of distinct sequence numbers available % to the sender. When the usable sequence number space is exhausted, % the OSCORE security context must be rekeyed; since this rekeying can % be an expensive operation in terms of time and energy consumption, the % creation of SCHC Rules for OSCORE compression should take into % consideration the tradeoff between (amortized )rekeying cost and the % recurring transmission overhead for the uncompressed portion of the % initialization vector.
- [lp-wan] Benjamin Kaduk's Discuss on draft-ietf-l… Benjamin Kaduk via Datatracker