IETF Logo Mail Archive

Re: [T2TRG] RESTful Design & Security

"Kovatsch, Matthias" <matthias.kovatsch@siemens.com> Tue, 07 March 2017 18:45 UTC

Return-Path: <matthias.kovatsch@siemens.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0E15129467 for <t2trg@ietfa.amsl.com>; Tue, 7 Mar 2017 10:45:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.918
X-Spam-Level:
X-Spam-Status: No, score=-6.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pV1CAbqTiYtF for <t2trg@ietfa.amsl.com>; Tue, 7 Mar 2017 10:45:11 -0800 (PST)
Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58F751294A8 for <T2TRG@irtf.org>; Tue, 7 Mar 2017 10:45:11 -0800 (PST)
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id v27Ij8DP025057 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 7 Mar 2017 19:45:08 +0100
Received: from DEFTHW99ERKMSX.ww902.siemens.net (defthw99erkmsx.ww902.siemens.net [139.22.70.147]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTPS id v27Ij7K8020064 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 7 Mar 2017 19:45:07 +0100
Received: from DENBGAT9ER8MSX.ww902.siemens.net (139.22.70.86) by DEFTHW99ERKMSX.ww902.siemens.net (139.22.70.147) with Microsoft SMTP Server (TLS) id 14.3.339.0; Tue, 7 Mar 2017 19:45:07 +0100
Received: from DEFTHW99EL4MSX.ww902.siemens.net ([169.254.5.206]) by DENBGAT9ER8MSX.ww902.siemens.net ([139.22.70.86]) with mapi id 14.03.0339.000; Tue, 7 Mar 2017 19:45:06 +0100
From: "Kovatsch, Matthias" <matthias.kovatsch@siemens.com>
To: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "mcr+ietf@sandelman.ca" <mcr+ietf@sandelman.ca>
Thread-Topic: [T2TRG] RESTful Design & Security
Thread-Index: AQHSlpshLU+67EadNU+/wTUKb0HGTaGJlY0AgAAQwgCAABJb3g==
Date: Tue, 07 Mar 2017 18:45:05 +0000
Message-ID: <4EBB3DDD0FBF694CA2A87838DF129B3C01AA2F98@DEFTHW99EL4MSX.ww902.siemens.net>
References: <c15a387f-9dd3-987e-2901-b86fd8f60108@gmx.net> <10144.1488908366@obiwan.sandelman.ca>, <952c4a16-174f-2457-1f11-8f733e738f90@gmx.net>
In-Reply-To: <952c4a16-174f-2457-1f11-8f733e738f90@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_4EBB3DDD0FBF694CA2A87838DF129B3C01AA2F98DEFTHW99EL4MSXw_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/dlZoKZjz9ki4X2Yd7PyDBVUoOpE>
Cc: "T2TRG@irtf.org" <T2TRG@irtf.org>
Subject: Re: [T2TRG] RESTful Design & Security
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 18:45:13 -0000

On big propaganda tour? :P

Regards
Matthias


Sent from my phone, limitations might apply.

-----Original Message-----
From: Hannes Tschofenig [hannes.tschofenig@gmx.net]
Received: Tuesday, 07 Mar 2017, 19:39
To: Michael Richardson [mcr+ietf@sandelman.ca]
CC: t2trg@irtf.org [T2TRG@irtf.org]
Subject: Re: [T2TRG] RESTful Design & Security

OSCOAP does not work when

* you mix protocols,
* use a middlebox for some processing interactions (such as data
aggregation), and
* when one of the protocols is a non-RESTful protocol, such as BLE or MQTT.

Unfortunately, these the use cases we are facing in current IoT
deployments. For similar reasons we cannot use RFC 8075 either.

Maybe you are seeing different deployment environments.

Ciao
Hannes

On 03/07/2017 06:39 PM, Michael Richardson wrote:
>
> Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
>     > Needless to say that these challenges have also been observed in other
>     > protocols as well, such as HTTP and even SIP.
>
>     > What is the story for providing application layer security?
>
> OSCOAP seems to be end-to-end to me.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>

v2.23.0 | Report a Bug | By Email