IETF Logo Mail Archive

Re: [T2TRG] RESTful Design & Security

"Kovatsch, Matthias" <matthias.kovatsch@siemens.com> Tue, 07 March 2017 19:36 UTC

Return-Path: <matthias.kovatsch@siemens.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B07F1294CC for <t2trg@ietfa.amsl.com>; Tue, 7 Mar 2017 11:36:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.918
X-Spam-Level:
X-Spam-Status: No, score=-6.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daey23jJdX1V for <t2trg@ietfa.amsl.com>; Tue, 7 Mar 2017 11:36:41 -0800 (PST)
Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E25F512940F for <T2TRG@irtf.org>; Tue, 7 Mar 2017 11:36:40 -0800 (PST)
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id v27Jab1S009607 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 7 Mar 2017 20:36:38 +0100
Received: from DEFTHW99ERNMSX.ww902.siemens.net (defthw99ernmsx.ww902.siemens.net [139.22.70.141]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTPS id v27JabPw026337 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 7 Mar 2017 20:36:37 +0100
Received: from DENBGAT9ERCMSX.ww902.siemens.net (139.22.70.82) by DEFTHW99ERNMSX.ww902.siemens.net (139.22.70.141) with Microsoft SMTP Server (TLS) id 14.3.339.0; Tue, 7 Mar 2017 20:36:37 +0100
Received: from DEFTHW99EL4MSX.ww902.siemens.net ([169.254.5.206]) by DENBGAT9ERCMSX.ww902.siemens.net ([139.22.70.82]) with mapi id 14.03.0339.000; Tue, 7 Mar 2017 20:36:36 +0100
From: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>
To: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "mcr+ietf@sandelman.ca" <mcr+ietf@sandelman.ca>
Thread-Topic: [T2TRG] RESTful Design & Security
Thread-Index: AQHSlpshLU+67EadNU+/wTUKb0HGTaGJlY0AgAAQwgCAABJb3v//9luAgAAYCfw=
Date: Tue, 07 Mar 2017 19:36:35 +0000
Message-ID: <4EBB3DDD0FBF694CA2A87838DF129B3C01AA313F@DEFTHW99EL4MSX.ww902.siemens.net>
References: <c15a387f-9dd3-987e-2901-b86fd8f60108@gmx.net> <10144.1488908366@obiwan.sandelman.ca> <952c4a16-174f-2457-1f11-8f733e738f90@gmx.net> <4EBB3DDD0FBF694CA2A87838DF129B3C01AA2F98@DEFTHW99EL4MSX.ww902.siemens.net>, <558bae1a-ff84-9fb3-c6bf-021f492e9a04@gmx.net>
In-Reply-To: <558bae1a-ff84-9fb3-c6bf-021f492e9a04@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_4EBB3DDD0FBF694CA2A87838DF129B3C01AA313FDEFTHW99EL4MSXw_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/9Dzb5pStMTzDzuPFIo3rq5eTx6s>
Cc: "T2TRG@irtf.org" <T2TRG@irtf.org>
Subject: Re: [T2TRG] RESTful Design & Security
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 19:36:42 -0000

Fair enough.

Yes, I am on this IoT Directorate. I would say a large fraction of the T2TRG participants has been arguing that the Internet of Gateways is not a good approach. Your security-related summary proves this point.

I personally don't see end-to-end security happening if we keep mixing application protocols, keep using black-magic middleboxes, and keep using proprietary interfaces at the device level. We need something end-to-end (or T2T) for end-to-end security.

Best wishes
Matthias



Sent from my phone, limitations might apply.

-----Original Message-----
From: Hannes Tschofenig [hannes.tschofenig@gmx.net]
Received: Tuesday, 07 Mar 2017, 20:10
To: Kovatsch, Matthias (CT RDA NEC EMB-DE) [matthias.kovatsch@siemens.com]; mcr+ietf@sandelman.ca [mcr+ietf@sandelman.ca]
CC: T2TRG@irtf.org [T2TRG@irtf.org]
Subject: Re: [T2TRG] RESTful Design & Security

Hi Matthias,

I know that this is a research group and everyone can create whatever
they want.

We briefly talked about security at the IoT directorate conference call
and I would be interesting to hear what works and what does not work for
others.

Ciao
Hannes


On 03/07/2017 07:45 PM, Kovatsch, Matthias wrote:
> On big propaganda tour? :P
>
> Regards
> Matthias
>
>
> Sent from my phone, limitations might apply.
>
> -----Original Message-----
> *From:* Hannes Tschofenig [hannes.tschofenig@gmx.net]
> *Received:* Tuesday, 07 Mar 2017, 19:39
> *To:* Michael Richardson [mcr+ietf@sandelman.ca]
> *CC:* t2trg@irtf.org [T2TRG@irtf.org]
> *Subject:* Re: [T2TRG] RESTful Design & Security
>
> OSCOAP does not work when
>
> * you mix protocols,
> * use a middlebox for some processing interactions (such as data
> aggregation), and
> * when one of the protocols is a non-RESTful protocol, such as BLE or MQTT.
>
> Unfortunately, these the use cases we are facing in current IoT
> deployments. For similar reasons we cannot use RFC 8075 either.
>
> Maybe you are seeing different deployment environments.
>
> Ciao
> Hannes
>
> On 03/07/2017 06:39 PM, Michael Richardson wrote:
>>
>> Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>>     > Needless to say that these challenges have also been observed in other
>>     > protocols as well, such as HTTP and even SIP.
>>
>>     > What is the story for providing application layer security?
>>
>> OSCOAP seems to be end-to-end to me.
>>
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>>  -= IPv6 IoT consulting =-
>>
>>
>>
>
>
>
> _______________________________________________
> T2TRG mailing list
> T2TRG@irtf.org
> https://www.irtf.org/mailman/listinfo/t2trg
>

v2.23.0 | Report a Bug | By Email