Re: [lp-wan] draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus Westerlund Discuss
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 03 June 2020 13:19 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A863E3A0784; Wed, 3 Jun 2020 06:19:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeNbG1n8X3Yd; Wed, 3 Jun 2020 06:19:42 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30047.outbound.protection.outlook.com [40.107.3.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1990A3A07CB; Wed, 3 Jun 2020 06:19:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hemsoZWECrEvqvXWvK81g3WasTEuLU/OSAqeR9J15Y5VMzr7iS2cO0a33tJ4WuJSmHDGnGhAiXDof2avI5TiGDRQev6XApQLihiwFizMlRSfl5BKI0Gl3sWmaoCFFRTHnjLPD6eMuh5WQtkvBuHjFa6kX7/3VIZ9EW+/963XSCxb/NrZifXxgS5nJ5MUHaMHga03f8VO5r8u7PRLtwSiLS57M3J+LovJaq9JSgGHVqjybO15ydGu3Vn/GTKD+yf4wVH716e+4HaiaunBQTmt12WwQcgdoYp/lo/ZqY/d87RRN3+BzOlUZY0INq4pGuarucEYRJHvCgJnRIh+wS/7EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tbN3Ufk/kRoVtwon5uCLOKJFU6cS2wrISvpwILAmUrY=; b=SyDeVX2tRvfRQXIsyqAb1hKzV4dtnPfqs6a6D33lux3APk9lKetZKLgcyCIot2YEvJ8tMGKfzcacFQLO50GwtMFfQaPRZdIiOHLWPuu9NguHYom2EYWP+5aX/RR8dtsv4FO7C1jdX8gGK6I9m9AQF0yDIQLLSYq+Wl8sQRk0uCgpieqK4n52uUtv+tuXNKmfKVKkyEV9BmtQpkqpmUScRhOPcPQaefjW7JKnZl1seFyLNwo+Tk64bPSj/jnRKlGuM9gl1vTo/1YIZobNld1EGF4aIFlUF4uOG/THSjs7E/PfDeKjeuXr6FP27oJiPuqtzOiOREKM+2BgW4fnxKvK3A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tbN3Ufk/kRoVtwon5uCLOKJFU6cS2wrISvpwILAmUrY=; b=mm3JDKACU5C0C1eUuBD90iOLeIrUgZ9dT3YHS459ENqClWzOCH2W17YzqiNaq/JW+/nUOTpjDpeJONoRhQGbIhq921Bq94Yx6rpEH82MSF1tCNEiR6F2uDhu+QlLZOnKn3EmdeHV/UU9QBflXB/vwJB7pZa8PDJjx0uEDOEuAGE=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0702MB3642.eurprd07.prod.outlook.com (2603:10a6:7:8c::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.7; Wed, 3 Jun 2020 13:19:39 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::546c:3b3:9193:3351]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::546c:3b3:9193:3351%6]) with mapi id 15.20.3066.016; Wed, 3 Jun 2020 13:19:39 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "pthubert=40cisco.com@dmarc.ietf.org" <pthubert=40cisco.com@dmarc.ietf.org>, "draft-ietf-lpwan-coap-static-context-hc@ietf.org" <draft-ietf-lpwan-coap-static-context-hc@ietf.org>, "evyncke@cisco.com" <evyncke@cisco.com>, "lp-wan@ietf.org" <lp-wan@ietf.org>
CC: "laurent.toutain@imt-atlantique.fr" <laurent.toutain@imt-atlantique.fr>, "ana@ackl.io" <ana@ackl.io>, "dominique.barthel@orange.com" <dominique.barthel@orange.com>
Thread-Topic: draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus Westerlund Discuss
Thread-Index: AQHWNQU3Uh7YM/2/yEm+3TRem4xIBqjFfEWAgAFs9AA=
Date: Wed, 03 Jun 2020 13:19:39 +0000
Message-ID: <cc849a919dfe78a8c96041d3035d99be6ec00158.camel@ericsson.com>
References: <159051093254.21121.16926703305000099981@ietfa.amsl.com> <5dac4a2a45ae78b7b7d6926545aab9533f457c08.camel@ericsson.com> <MN2PR11MB35656543D6AAC7CBB942F9CFD88B0@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB35656543D6AAC7CBB942F9CFD88B0@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [176.10.164.117]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a1ecbf62-3284-4873-082e-08d807c0c4fa
x-ms-traffictypediagnostic: HE1PR0702MB3642:
x-microsoft-antispam-prvs: <HE1PR0702MB3642C3EA6EF594D489A6B2EC95880@HE1PR0702MB3642.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 04238CD941
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9VcBLHr8BR6CWy/Vw4gQTD/68nUI8Zu16nMzNghTLqKPh8fXYfhWea1DzUOcatRhXcgMBPXyQad1DbZ240NvAHeEgyGG/bxO3i3W01Fh2nKx1zwCcOlNbg94oaOQ/LW6IsiKlJkcEsPsOTDY0Rl/dCmHOZCTqTn6270UQDJejn1gdvW18J9Sj7XoBMSB2xS2SL931HACJev2+7t2MDCp1XFBe14HWaNDOnHC5rAZav7YorwGEHg2WvWmFpGAbk7r8RJ8WznA6Rbr6qMe7LUgGgB69aU5sVa6q5VS5r4AUQbskedPwsof212/hd37J/5AwlUZnzco+VTXXGkdd2YOaZgP2hfCjjE4ylNabSlu8fimcfrzJ6ktrhnoXH1U3MnoUeDYOs+iJaw2Cf+f63hoaLFgCv4XWDhi26VxFB30gLm3UogJXGHSOWxp9fKzsn4XObR28odbpU7cl5O8tif7jw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(346002)(376002)(366004)(396003)(54906003)(71200400001)(66574014)(83380400001)(44832011)(86362001)(316002)(36756003)(2616005)(8936002)(478600001)(110136005)(6512007)(26005)(2906002)(76116006)(6506007)(966005)(5660300002)(66476007)(8676002)(66946007)(4326008)(53546011)(66446008)(6486002)(64756008)(66556008)(186003)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 8b8ZU4cjG48vMuVpD1jwwoEBYb2422x989X+dDyUZLOlhYX2L1uD97EJQmTJ3aejFGC+TBRFCjN3W7KmOeQjmI/HNbf/P8TFMPJtTUNZ7J0Em8Zjh74eUePXZAGeLJtQah0fp5vOWG3gszCFLR9Ej/7RILylRLNkxJ13xjhcPpAJ/FIIS5FBAS+9fTQc+np5l4sAZNXzoOureVfKP5J4fdeEFUcxQZ+f0GLkkGb5R07N4eZhB9CAZbXgtWkptWUddTzYrblT8anFEUU9jwoFskQUK+u8eE++yZ+brj5tCf7jTwzgzyUNTBqEuJKin5hhYO1XGeg9edw9+mDPAJFFLNi5GTHn9ue3/F7g4xPv/hQ/qGVwNt65vgPaZEIO+erXMH0JF1WL7jSaed3XcW61/CNkj/mQ/QFELR9MLrMvG5Nhag3HdLdBqF0K3AZopppqsFaMCpUALl9GF5atL5nGyCoq18d/de0XQbiWHnCh22gYk5jkBlb4Yx/MKLHhddBp
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <7BD5EDD6A925F24496092F64EEEBC71D@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a1ecbf62-3284-4873-082e-08d807c0c4fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2020 13:19:39.1571 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: u5YljAsF7c9hfAvkAdhu+78ejhbfwlBI3sETAwErJ+VWIGuwYpgaLBxVr1xNMv6+fOwDIS8ymxPTwZmG52rXnuIQNMvg67GOT3n1+Hx5uZ0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3642
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/yaLRAL8ixTJ2B_rRZhV7PXQ41h0>
Subject: Re: [lp-wan] draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus Westerlund Discuss
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 13:19:45 -0000
Hi Pascal, Let me try to explain the issue I see here. So this document defines how to compress COAP/UDP/IPv6 and that is given in a framework with a certain set of assumption on how to get SCHC rules in place in the compressor and decompressor. The issue I am seeing for the case of COAP/DTLS/UDP/IPv6 is that the inner compression of COAP, although is the same set of rules that would be applied for the actual compression of COAP in the previous case, the application of these rules are not building on the same foundation as in the above case. There are simply a different architectural constraints for getting these rules in place at the decompressor. I am not asking you to solve them. I am asking the WG to describe the changed context and its architectural principles. So let me ask the question that may resolve this in another way. Is there a specification for some LPWAN to establish the SCHC rules that is working between the end-point and the gateway? Looking at https://datatracker.ietf.org/doc/rfc8724/referencedby/ there appear to be several ongoing work to use SCHC as intended by the architecture discussed in RFC 8724. So does there exist any similar proposal for developing an establishment for the inner COAP compression within a security layer? Are you convinced that the ones that need to write such a document are getting the support for considerations that are different from what RFC 8724 describes? Because I do think there are several different considerations. First, dynamic capability determination based on destination, i.e. for each COAP server the client talk to needs to determine if there are SCHC support Secondly, the choice between trying to rely on the security layer to identify data objects with SCHC rules as part of them and those without? Third, what rule initiation protocol can you run on top of the security layer, you can't do it below as that would leak information that needs to be secure. This likely should have its own paragraph in the security consideration. I think these all have challenges that are significantly different from when SCHC implementation is embedded in the network stack between IP and L2. And when the NGW and its SCHC capabilities are not dependent on IP destination, but simply if it is going to the NGW at all. These are all reasons I think there are need for a discussion of the architectural changes that COAP/SEC/UDP/IP has compared to both UDP/IP and COAP/UDP/IP. Part of the issue here is that do get the inner COAP establishment correct require knowledge of both SCHC and the security layer + COAP to get correct possibly with external methods for service discovery, i.e. DNS etc. Thus I think it is well motivated that you actually describe the considerations needs to be taken care for a developer of a SCHC COAP compression above OSCORE or DTLS or any other security layer. I hope this clarifies my discuss. Cheers Magnus Westerlund On Tue, 2020-06-02 at 15:33 +0000, Pascal Thubert (pthubert) wrote: > Hello Magnus > > I think there's a confusion here. It is true that this draft discusses how > upper layer security and that COSE can be used. But for all I can see it does > not affect the SCHC operation or the way it is provisioned. It really affects > the deployment since the decompression is done in 2 stages (possibly in 2 > different places, the first router and then the application) but that's still > SCHC, operating twice, for outer and inner pieces, as described in fig 8. > > If a rule matches, say, a source and destination IP address, and the other > checked things in the bit stream that follows also match, then the rule > applies, and the bit stream is transformed mechanically. Whether that bit > stream contains encrypted content is not really the point, this is all bits. > SCHC does not do the en/decryption, and is not aware of the content of the > security association or the key material. This much happens between the 2 > rounds of SCHC but is not part of SCHC. > > > From the rule perspective, the cyphertext is inlined as another bit stream > > that cannot be compressed. > > To your point: > > - Discover the peers capability to perform SCHC for COAP or can one > > opportunistically try? > > This is a problem for the security layer between the 2 SCHC stages but SCHC > itself is not affected. We do not try anything, we mechanically change a > content into another when a rule matches. The security processing is handled > in that intermediate layer between the 2 stages and it is what is affected by > the architectural change you point out. That layer must be provisioned or must > discover / negotiate with its end peers, but that's not SCHC. > > > - Taking into account that an COAP application can potentially talk to a > > number of peers, each having different capabilities. > > If the rules are match a particular IP address then we can have different > format, with and without the 2 stages, but the cyphertext is an opaque > bitstream from a different layer to the outer SCHC operation: > > > - Are there need for a redirection/invocation mechanism- The actual context > > exchange mechanism. > > The SCHC rules (as opposed to say RoHC) are not dynamic and fully provisioned > in advance, and this does not change when SCHC compresses CoAP or COSE. Note > that we are working separately on the data model for that. But I do not see > that the data model is affected by the 2 stages operations. There will just be > different sets of rules for inner and outer. > > Cc'ed authors, do I have it right ? > > Pascal > > > > > > -----Original Message----- > > From: lp-wan <lp-wan-bounces@ietf.org> On Behalf Of Magnus Westerlund > > Sent: jeudi 28 mai 2020 17:33 > > To: Pascal Thubert (pthubert) <pthubert@cisco.com>; draft-ietf-lpwan-coap- > > static-context-hc@ietf.org; Eric Vyncke (evyncke) <evyncke@cisco.com>; lp- > > wan@ietf.org > > Subject: [lp-wan] draft-ietf-lpwan-coap-static-context-hc-14.txt and Magnus > > Westerlund Discuss > > > > Hi, > > > > I have looked at the changes in the latest version. However, I don't think > > they > > resolve my discuss ( https://datatracker.ietf.org/doc/draft-ietf-lpwan-coap- > > static-context-hc/ballot/#magnus-westerlund > > ). > > > > Let me try to re-iterate on why I think my discuss is relevant and you > > should do > > something credible to address it. > > > > So my discuss are really only focused on the case where SCHC is used on top > > of > > a security layer that pushes the SCHC implementation into the COAP stacks at > > the end-points, rather than potentially lower layers on top of the L2 > > infrastructure. > > > > To me it appears that this change results in several architectural > > considerations > > that didn't existed before for the entity that are going to determine the > > SCHC > > capability in the peer as well as the context establishment. > > What I am asking for is really only an description of the changed > > architectural > > context and the requirements on a solution for the SCHC context > > establishment > > mechanism. > > > > - Discover the peers capability to perform SCHC for COAP or can one > > opportunisticly try? > > - Taking into account that an COAP application can potentially talk to a > > number > > of peers, each having different capabilities. > > - Are there need for a redirection/invocation mechanism > > - The actual context exchange mechanism. > > > > Can we please write a paragraph or two in the suitable section in this > > document rather a single sentence pointing to an appendix. That appending > > containing a single bullet that are supposed to be added: > > > > This section extends the RFC8724 Annex D list. > > > > o How to establish the End-to-End context initialization using SCHC > > for CoAP header only. > > > > Annex D of RFC 8724 list is preface by: > > "This section lists the information that needs to be provided in the LPWAN > > technology-specific documents." > > > > That is not really information to be provided, there are procedures that are > > needed. > > > > > > Cheers > > > > Magnus Westerlund > > > > > > ---------------------------------------------------------------------- > > Networks, Ericsson Research > > ---------------------------------------------------------------------- > > Ericsson AB | Phone +46 10 7148287 > > Torshamnsgatan 23 | Mobile +46 73 0949079 > > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > > ---------------------------------------------------------------------- > > > > _______________________________________________ > > lp-wan mailing list > > lp-wan@ietf.org > > https://www.ietf.org/mailman/listinfo/lp-wan -- Cheers Magnus Westerlund ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [lp-wan] draft-ietf-lpwan-coap-static-context-hc-… Magnus Westerlund
- Re: [lp-wan] draft-ietf-lpwan-coap-static-context… Pascal Thubert (pthubert)
- Re: [lp-wan] draft-ietf-lpwan-coap-static-context… Magnus Westerlund
- Re: [lp-wan] draft-ietf-lpwan-coap-static-context… Ricardo Andreasen
- Re: [lp-wan] draft-ietf-lpwan-coap-static-context… Ana Minaburo
- Re: [lp-wan] draft-ietf-lpwan-coap-static-context… Magnus Westerlund
- Re: [lp-wan] draft-ietf-lpwan-coap-static-context… Eric Vyncke (evyncke)