Re: [T2TRG] RESTful Design & Security
Eliot Lear <lear@cisco.com> Wed, 08 March 2017 10:02 UTC
Return-Path: <lear@cisco.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDB2912945E for <t2trg@ietfa.amsl.com>; Wed, 8 Mar 2017 02:02:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkpr_pBhsJ55 for <t2trg@ietfa.amsl.com>; Wed, 8 Mar 2017 02:02:50 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1B7912944F for <T2TRG@irtf.org>; Wed, 8 Mar 2017 02:02:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13864; q=dns/txt; s=iport; t=1488967370; x=1490176970; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=OHKInk2L+JK8MAW5BfNXw4Q/BqaLQZldjEeBCCmTWgk=; b=Hkkj8JAFVrXQmELmeM1xgL++Ywg+mFECNpHPxmwcGsl7aSW2H6Up1GLX HkWKXqRGC9giikKsIDtAhc53qDglnJgYTz5IAwerkjWokI7IsVPzvbYyE ZHXf6evgUUEOtGetXOBN7keBTBQGYGE4e37p1Xidouv17+q9nFhgcJGl6 M=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AMCQB/1b9Y/xbLJq1UCRkBAQEBAQEBAQEBAQcBAQEBAYJugUQDJ2CDYIoMc5A5H5ALhS2CDR8BCoJCgzYCgnMYAQIBAQEBAQEBayiFFQEBAQQBASEKOwYLDAQJAhUCASoCAicoCAYBDAYCAQGJYwMVDpIwnVmCJiuKUwEBAQEBAQEBAQEBAQEBAQEBAQEBAQ4KBYhTCIJiglGBXIMtgl8FlXiGO4N4ggmMN4pOhlGTPR84gQMiFQgXFT+GVT81ihMBAQE
X-IronPort-AV: E=Sophos;i="5.36,262,1486425600"; d="asc'?scan'208,217";a="653103522"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Mar 2017 10:02:47 +0000
Received: from [10.61.255.19] ([10.61.255.19]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v28A2k86027867; Wed, 8 Mar 2017 10:02:47 GMT
To: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "mcr+ietf@sandelman.ca" <mcr+ietf@sandelman.ca>
References: <c15a387f-9dd3-987e-2901-b86fd8f60108@gmx.net> <10144.1488908366@obiwan.sandelman.ca> <952c4a16-174f-2457-1f11-8f733e738f90@gmx.net> <4EBB3DDD0FBF694CA2A87838DF129B3C01AA2F98@DEFTHW99EL4MSX.ww902.siemens.net> <558bae1a-ff84-9fb3-c6bf-021f492e9a04@gmx.net> <4EBB3DDD0FBF694CA2A87838DF129B3C01AA313F@DEFTHW99EL4MSX.ww902.siemens.net>
From: Eliot Lear <lear@cisco.com>
Message-ID: <c85cbfa5-083c-9159-3e01-001b353a3e35@cisco.com>
Date: Wed, 08 Mar 2017 11:02:45 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <4EBB3DDD0FBF694CA2A87838DF129B3C01AA313F@DEFTHW99EL4MSX.ww902.siemens.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="pAtqxFEcAmPSO1vvvwnWJEIhII0WTCp5M"
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/VAx39_WyCx5jQ_HpdlblUY4N5bY>
Cc: "T2TRG@irtf.org" <T2TRG@irtf.org>
Subject: Re: [T2TRG] RESTful Design & Security
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 10:02:53 -0000
Matthias, I think the key question that everyone seems to be dancing around is this: What is an Internet host in the context of IoT? What are the minimum qualities it must possess? I don't mean this to be a vote, but more of a law of physics sort of thing. For instance, does a host have a secure unique identity? What capabilities must it have? I would expect them to be very few, but there are assuredly some... Eliot On 3/7/17 8:36 PM, Kovatsch, Matthias wrote: > Fair enough. > > Yes, I am on this IoT Directorate. I would say a large fraction of the > T2TRG participants has been arguing that the Internet of Gateways is > not a good approach. Your security-related summary proves this point. > > I personally don't see end-to-end security happening if we keep mixing > application protocols, keep using black-magic middleboxes, and keep > using proprietary interfaces at the device level. We need something > end-to-end (or T2T) for end-to-end security. > > Best wishes > Matthias > > > > Sent from my phone, limitations might apply. > > -----Original Message----- > *From:* Hannes Tschofenig [hannes.tschofenig@gmx.net] > *Received:* Tuesday, 07 Mar 2017, 20:10 > *To:* Kovatsch, Matthias (CT RDA NEC EMB-DE) > [matthias.kovatsch@siemens.com]; mcr+ietf@sandelman.ca > [mcr+ietf@sandelman.ca] > *CC:* T2TRG@irtf.org [T2TRG@irtf.org] > *Subject:* Re: [T2TRG] RESTful Design & Security > > Hi Matthias, > > I know that this is a research group and everyone can create whatever > they want. > > We briefly talked about security at the IoT directorate conference call > and I would be interesting to hear what works and what does not work for > others. > > Ciao > Hannes > > > On 03/07/2017 07:45 PM, Kovatsch, Matthias wrote: > > On big propaganda tour? :P > > > > Regards > > Matthias > > > > > > Sent from my phone, limitations might apply. > > > > -----Original Message----- > > *From:* Hannes Tschofenig [hannes.tschofenig@gmx.net] > > *Received:* Tuesday, 07 Mar 2017, 19:39 > > *To:* Michael Richardson [mcr+ietf@sandelman.ca] > > *CC:* t2trg@irtf.org [T2TRG@irtf.org] > > *Subject:* Re: [T2TRG] RESTful Design & Security > > > > OSCOAP does not work when > > > > * you mix protocols, > > * use a middlebox for some processing interactions (such as data > > aggregation), and > > * when one of the protocols is a non-RESTful protocol, such as BLE > or MQTT. > > > > Unfortunately, these the use cases we are facing in current IoT > > deployments. For similar reasons we cannot use RFC 8075 either. > > > > Maybe you are seeing different deployment environments. > > > > Ciao > > Hannes > > > > On 03/07/2017 06:39 PM, Michael Richardson wrote: > >> > >> Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > >> > Needless to say that these challenges have also been observed > in other > >> > protocols as well, such as HTTP and even SIP. > >> > >> > What is the story for providing application layer security? > >> > >> OSCOAP seems to be end-to-end to me. > >> > >> -- > >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > >> -= IPv6 IoT consulting =- > >> > >> > >> > > > > > > > > _______________________________________________ > > T2TRG mailing list > > T2TRG@irtf.org > > https://www.irtf.org/mailman/listinfo/t2trg > > > > > > _______________________________________________ > T2TRG mailing list > T2TRG@irtf.org > https://www.irtf.org/mailman/listinfo/t2trg
- [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Ari Keränen
- Re: [T2TRG] RESTful Design & Security Michael Richardson
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Kovatsch, Matthias
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Kovatsch, Matthias
- Re: [T2TRG] RESTful Design & Security Simpson, Robby (GE Energy Connections)
- Re: [T2TRG] RESTful Design & Security Kovatsch, Matthias
- Re: [T2TRG] RESTful Design & Security Göran Selander
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Carsten Bormann
- Re: [T2TRG] RESTful Design & Security Carsten Bormann
- Re: [T2TRG] RESTful Design & Security Eliot Lear
- Re: [T2TRG] RESTful Design & Security Carsten Bormann
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Göran Selander
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- [T2TRG] The Many Headed Hydra Nightingale, J. Stephen (Fed)
- Re: [T2TRG] The Many Headed Hydra Carsten Bormann
- Re: [T2TRG] RESTful Design & Security Garcia-Morchon O, Oscar
- Re: [T2TRG] RESTful Design & Security Eliot Lear
- Re: [T2TRG] RESTful Design & Security Hannes Tschofenig
- Re: [T2TRG] RESTful Design & Security Mohit Sethi
- Re: [T2TRG] RESTful Design & Security Garcia-Morchon O, Oscar
- Re: [T2TRG] RESTful Design & Security Hasan Derhamy
- Re: [T2TRG] RESTful Design & Security Eliot Lear