Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
Martin Thomson <martin.thomson@gmail.com> Tue, 10 October 2017 03:45 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 866E9120724; Mon, 9 Oct 2017 20:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCjj1zwaMB6T; Mon, 9 Oct 2017 20:45:52 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C7C2132F3F; Mon, 9 Oct 2017 20:45:52 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id u130so43081945oib.11; Mon, 09 Oct 2017 20:45:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6z19sJx3lmC8z1rr9CiF77kCoEfnrTkfkXaBssBIbFA=; b=OW19ZklbLc4UaB33lFbyU68DVo9zbU0zOcAXZRn1TVo2K+Gmdb9U7SEYo7oZqLREvD 22IGOnyU7WeAi5JEkJPh6jEzd+n/NnFWVG8mbAbSW+t1KO5ii4tvIUqC4OuFsAi/92YP PHeEAsg3u7wEPT2WLHSVna9pq+BsoH4UcrYSD2CmDs4k+q3gwzfXBaz/iW1FmlwUraz7 6cbmie7U03CiSlgm50HQJFO+RL6lb5FSQzQpJOoOEmUZapnYXzFtHHKPj+rmsBU45Mhj MXdDz/WyAl9F96PhfYuIs+IfLoth3VKlmn7X1vpYSwuCLqDowUVdznPm0vxIwm14eCat wzJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6z19sJx3lmC8z1rr9CiF77kCoEfnrTkfkXaBssBIbFA=; b=WlgbDc3rmSbTlYsnmllu4gMQ571TKjflXESJLmcMSiPyIsCdsuNKwTW+8kb18VJkzb VmtcexKIhlVyEcg3ydVkE5LsbyA3NdqljY/gzOXfynkIMeLiIUi0/yX2eLqiwIxcNE0a 9Mrf7N4Nved48dZsGR7RqI5ruqJxnmSWD5FQG9v4OmkFMsHO+HLEkp4fQ/8Ugqto+GWv siTH979QXQ84zM3xKYih4nAGh8Rojg91oGl/Un4bGv2apDD77NhzcglAgSGBCdxSrlWT F1uN8mbOJWOpkDnNUGk+Xg05iJ4sOkwX+6A4u8zSe9R0UBy2k+B9XXJZeWyH1ZP7jEOA GYXw==
X-Gm-Message-State: AMCzsaWGH7Z0DCfF8Abz7afgKfoEUGbSDaWNpzDG5HMPOuTXenT1Ct7v ZFvDMNZwqaBqwueqNXlfv8G6BoYWq6KWG8Bzhvo=
X-Google-Smtp-Source: AOwi7QDFlnwbIzSKGpA7c2DhiakBucXCeB2QnBvzLMbhxpJa52JN9V/VnwwQTh9qz+XTCVMBSipMlH3bqRluZW3avKs=
X-Received: by 10.202.102.39 with SMTP id a39mr5488399oic.83.1507607151655; Mon, 09 Oct 2017 20:45:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Mon, 9 Oct 2017 20:45:51 -0700 (PDT)
In-Reply-To: <1D786709-4F2C-4D39-B55D-A4F9EBE82C99@gmail.com>
References: <150752570618.18384.5615358468704377459@ietfa.amsl.com> <20171009235717.GN96685@kduck.kaduk.org> <CABkgnnXdq6GKBXrowPTva1MU+X6WSMR2uB7df-2oHaKv=_2rdA@mail.gmail.com> <CAHbuEH5C_GAkeLj6Pda5usY4PYXb1uwY8jzwnnvAV6Ao7v+d2A@mail.gmail.com> <CABkgnnU8BAdaB05-VQR6R=Ei-E_Ji=OZvVXa=JzX=UoFFDS2wA@mail.gmail.com> <1D786709-4F2C-4D39-B55D-A4F9EBE82C99@gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 10 Oct 2017 14:45:51 +1100
Message-ID: <CABkgnnU=FJvYzjK0B8z3Ry=W9DXzd98Miw8YB2cP9r0tFeef8A@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, ART Area <art@ietf.org>, MILE IETF <mile@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, draft-ietf-mile-rolie.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/o9mRiGA21Q5xPMQWHL-WEalEmYY>
Subject: Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 03:45:53 -0000
On Tue, Oct 10, 2017 at 2:05 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > I'll review and see if the WG participants can as well. I think there will be many applications to follow with high security requirements and no tolerance for replay attacks. That is true, but it's not clear to me that this is a protocol that is intolerant of replay. AtomPub follows a pattern that limits exposure fairly well. The primary thing to safeguard in ROLIE is the confidentiality of the content, and replay won't generally compromise that. The sorts of things you might see is duplicate resource creation (we recommend against POST in early data for that reason; we also recommend against PUT), and the sort of traffic analysis and timing side channel information that reveals if resources exist or have been updated (which shouldn't be an issue here).
- [mile] Artart last call review of draft-ietf-mile… Martin Thomson
- Re: [mile] [art] Artart last call review of draft… Mark Nottingham
- Re: [mile] Artart last call review of draft-ietf-… Benjamin Kaduk
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Benjamin Kaduk
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Kathleen Moriarty
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Peter Saint-Andre
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Alexey Melnikov
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Banghart, Stephen A. (Fed)
- Re: [mile] Artart last call review of draft-ietf-… Martin Thomson
- Re: [mile] Artart last call review of draft-ietf-… Waltermire, David A. (Fed)