Re: [Lurk] review of draft-cairns-tls-session-key-interface-01
Daniel Migault <daniel.migault@ericsson.com> Sun, 03 April 2016 18:10 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B31612D192; Sun, 3 Apr 2016 11:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCtGU9QAqY0S; Sun, 3 Apr 2016 11:10:57 -0700 (PDT)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A068E12D1A7; Sun, 3 Apr 2016 11:10:57 -0700 (PDT)
X-AuditID: c618062d-f79216d00000767f-0e-5701569f655a
Received: from EUSAAHC003.ericsson.se (Unknown_Domain [147.117.188.81]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id 1A.82.30335.F9651075; Sun, 3 Apr 2016 19:45:04 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.03.0248.002; Sun, 3 Apr 2016 14:10:56 -0400
From: Daniel Migault <daniel.migault@ericsson.com>
To: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>, "draft-cairns-tls-session-key-interface@ietf.org" <draft-cairns-tls-session-key-interface@ietf.org>
Thread-Topic: review of draft-cairns-tls-session-key-interface-01
Thread-Index: AQHRja2VvbyRpj+BFk2Jd1bnS0fsC594Q2Uw///M9ACAAHwwwA==
Date: Sun, 03 Apr 2016 18:10:55 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C11223E67B@eusaamb107.ericsson.se>
References: <D3269D86.62A08%thomas.fossati@alcatel-lucent.com> <2DD56D786E600F45AC6BDE7DA4E8A8C11223E50B@eusaamb107.ericsson.se> <D326B7D7.62A61%thomas.fossati@alcatel-lucent.com>
In-Reply-To: <D326B7D7.62A61%thomas.fossati@alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpikeLIzCtJLcpLzFFi42KZXLonUHdBGGO4wYMmVotTsw4wWbxd42fR 8vkTmwOzx5IlP5k87t66xBTAFMVlk5Kak1mWWqRvl8CVMf/9FOaCMxIVH+ceZm5gnCfSxcjJ ISFgInHp3S8mCFtM4sK99WxdjFwcQgJHGSU+n13FAuEsY5R4eGIGK0gVm4CRRNuhfnaQhAhI Ys/lLWAJZgFlib0/JoKNEhZwkHjxaD4biC0i4ChxdOYURgjbSWLK9T1gNSwCKhJLHt4Cs3kF fCU+XpsFtXo7o8Tb9o9gDZwC9hJzpl0EG8QIdN/3U2uYIJaJS9x6Mh/qbgGJJXvOM0PYohIv H/9jhbCVJD7+ns8OUa8jsWD3JzYIW1ti2cLXzBCLBSVOznzCMoFRbBaSsbOQtMxC0jILScsC RpZVjBylxQU5uelGBpsYgTFzTIJNdwfj/emehxgFOBiVeHgfODCEC7EmlhVX5h5ilOBgVhLh vRnFGC7Em5JYWZValB9fVJqTWnyIUZqDRUmctzH4X5iQQHpiSWp2ampBahFMlomDU6qBkZVV 2dWhuenDzK0Fc+Z/2qFkciyP9bJtG5fOtwdqrzt9PHjaAhgj7wROMth15m3M5/N5TnJ9vyu/ 1mkcE94UdS6BvaGNY9KnB4/Wvzk6p1Utg7//2L/tnalbBXly6z2ZrdN9DNsu/FhjyZjBX7vu yOz7R+Z8fr+sV6fwwJVoS9v6Cx6bQyVnKbEUZyQaajEXFScCAEhLlWuVAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/lurk/Zs3C331pGq_TA1Tj9lTNl5LuHfI>
Cc: "lurk@ietf.org" <lurk@ietf.org>
Subject: Re: [Lurk] review of draft-cairns-tls-session-key-interface-01
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2016 18:10:59 -0000
Ok thank you for the feed back. I see you point and hope we can talk about this week. Any other feed backs for the transport layer in lurk is welcome. BR, Daniel -----Original Message----- From: Fossati, Thomas (Nokia - GB) [mailto:thomas.fossati@nokia.com] Sent: Sunday, April 03, 2016 12:45 PM To: Daniel Migault; draft-cairns-tls-session-key-interface@ietf.org Cc: lurk@ietf.org Subject: Re: review of draft-cairns-tls-session-key-interface-01 Hi Daniel, On 03/04/2016 11:09, "EXT Daniel Migault" <daniel.migault@ericsson.com> wrote: >MGLT: You are right and I share your opinion that with RSA only the MS >or EMS should be returned. I am planning to explain this during the BoF >and see if everyone agree with this. Actually this document very the >very early version of lurk. It describes the architecture, as well as a >first LURK implementation. Outside the architecture aspects, other >sections have been addressed in separate draft such as >[draft-mglt-lurk-tls-use-cases-00] for the use case, >[draft-mglt-lurk-tls-requirements-00 ] for an analysis of the >authentication method performed with LURK, >[draft-mglt-lurk-tls-abstract-api-00] for a first protocol description. OK, I'll go and have a look! >- LURK has use cases that need high throughput: we really want to be >able to fill the pipe between the Edge and Key Server, and also treat >each transaction independently. That's why a UDP based protocol is >attractive, vs. for example a HTTP2/TCP based one, which would incur >HOL on packet loss. Also an efficient encoding like the CBOR/CoAP that >you are proposing looks really great to keep the overhead at a minimum. >I've never used CoAP in high throughput applications though (quite the >opposite, really), so I'm not sure whether its default congestion >control algorithm is OK for this scenario? Have you done any experiment? > >MGLT: Thanks for your input. This is also something I would like to >discuss during the BoF. Instead of having one transaction per request, >we could also use a HTTPS session and tunnel all transaction through >that tunnel. Do you think that is a bad idea? I am really open to any >suggestion, so your comment is very useful. Actually, the reason the >draft [draft-mglt-lurk-tls-abstract-api-00] has this misleading title >abstract API, is that it remains focused on the LURK protocol aspects >and does not deal yet on the transport aspect. What I meant was to use one application layer transaction per LURK call. A single mutually authenticated & encrypted tunnel (DTLS, IPsec, etc.) between the Edge and the Key Server, once established, could sit there for quite a long time and carry as many CoAP transactions as needed. I think HTTPS over TCP would be a suboptimal transport for LURK because of the HOL blocking problem I was hinting in the other email: a single packet loss incident could potentially stop lots of "nearby" transactions. We should really try to avoid that. (I'm around if you want to talk more.) Cheers, t
- [Lurk] review of draft-cairns-tls-session-key-int… Fossati, Thomas (Nokia - GB)
- Re: [Lurk] review of draft-cairns-tls-session-key… Daniel Migault
- Re: [Lurk] review of draft-cairns-tls-session-key… Fossati, Thomas (Nokia - GB)
- Re: [Lurk] review of draft-cairns-tls-session-key… Daniel Migault