IETF Logo Mail Archive

Re: [T2TRG] [core] Quick Doodle T2TRG security topics (Re: New topic for T2TRG?)

Michael Richardson <mcr@sandelman.ca> Mon, 20 December 2021 14:54 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC713A0E4E for <t2trg@ietfa.amsl.com>; Mon, 20 Dec 2021 06:54:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZaKBWujFBFN for <t2trg@ietfa.amsl.com>; Mon, 20 Dec 2021 06:54:32 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCD413A0E4A for <t2trg@irtf.org>; Mon, 20 Dec 2021 06:54:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 29967395C5; Mon, 20 Dec 2021 09:58:59 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Aig8RFFuwsVx; Mon, 20 Dec 2021 09:58:56 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id C8E20395C4; Mon, 20 Dec 2021 09:58:56 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1640012336; bh=G63QeZHdBT8zrz36rWLU2m7NBZnqu5F7OUguEwUuEc4=; h=From:To:Subject:In-Reply-To:References:Date:From; b=Xxc9wesnC3+6qHWqcSgmpLhZIToFJLHVM6X3khncXNGrjXX8xDe5BQSe4lWJd7ZUL 7Tr/cFo4lX4M09A81DunxuWoIjWOWA0Yk6BdW3mVfMP5HgnZv3FcPyn+nL5SezxxNG iJu7XS5potmfiyh7njP38J1ely2r4HAenGhoBfXuPic0JZRJyIdN+yDEeM2j1OkAix yNghaefTNCOIVWwm8fvH3eb0TZktgcP1YnHcUr8feFHU4jCYo7phBKK7O0Zl6eWzLk zLjI7eOFy9yTEWTq8Ef7jue+/czsCmEyZkslDnrJgAqPOViEHMxp4YojY0sHX6kX6N wWIgoPueyCMaQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4E62898E; Mon, 20 Dec 2021 09:54:27 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Carsten Bormann <cabo@tzi.org>, goran.selander@ericsson.com, "t2trg@irtf.org" <t2trg@irtf.org>, "core@ietf.org" <core@ietf.org>
In-Reply-To: <97ED3090-7BBA-4ED8-B50B-26C5AC863EB5@tzi.org>
References: <YYkUABLfpU/SRaxX@hephaistos.amsuess.com> <YYqfI38dg8035RLn@hephaistos.amsuess.com> <YZPGVxFc7AvdYXNB@hephaistos.amsuess.com> <AM4PR0701MB21955D1AB35A1A335B5EFDD0F4669@AM4PR0701MB2195.eurprd07.prod.outlook.com> <97ED3090-7BBA-4ED8-B50B-26C5AC863EB5@tzi.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 20 Dec 2021 09:54:27 -0500
Message-ID: <25576.1640012067@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/6bhFSh-UWkq0mMflAAb7eInBpho>
Subject: Re: [T2TRG] [core] Quick Doodle T2TRG security topics (Re: New topic for T2TRG?)
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2021 14:54:37 -0000

Carsten Bormann <cabo@tzi.org> wrote:
    > I assume most people are mostly in holiday mode already.

a bit.

    > I have put up 9 potential meeting slots this week:
    > https://doodle.com/poll/7e76k335hd6d28k3

I have mutable plans Tuesday, but I could be persuaded to change them.

    > This week’s meeting is mostly for planning and, first and foremost,
    > discussing the scope we want to communicate.
    > The actual first meeting of a seccore activity would probably then be
    > in 2022W2, but that is one of the things we want to discuss this week.

Understood.

    >> CoAP can be used in various settings beyond simple REST. How do we
    >>adapt existing security requirements and solutions to these new modes of
    >>operation? Some work of this kind is already in progress in the IETF but
    >>some issues go beyond the individual IETF WGs, or could benefit from
    >>additional contributions from a wider audience, reviews and information
    >>sharing.
    >> Examples include:
    >> - Rekeying with PFS vs. stateless operations [2]
    >> - Firmware updates using group communication
    >> - Efficient and secure tunnelling of CoAP in CoAP
    >> - Notifications surviving rekeying
    >> - Progressing pub-sub with CoAP

I guess this is really CoAP focused around OSCORE :-)
I'm not saying this is a problem, but it certainly explains "seccore" as a name.

If we produced a few roadmaps (or a less interestingly, a roadmap with a few
options), which explained some specific choices, I think that would be
useful.
I think that two or three Informational RFCs would be appropriate.
I prefer multiple RFCs rather than one RFC with three sections in order to
make procurement clearer.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email