IETF Logo Mail Archive

Re: [T2TRG] RESTful Design & Security

Carsten Bormann <cabo@tzi.org> Wed, 08 March 2017 10:09 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D290129571 for <t2trg@ietfa.amsl.com>; Wed, 8 Mar 2017 02:09:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wGdD4JzRQXBH for <t2trg@ietfa.amsl.com>; Wed, 8 Mar 2017 02:09:00 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71FEB127071 for <T2TRG@irtf.org>; Wed, 8 Mar 2017 02:09:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id v28A8tXY022850; Wed, 8 Mar 2017 11:08:55 +0100 (CET)
Received: from eduroam-cart-clients-173.wlan.uni-bremen.de (eduroam-cart-clients-173.wlan.uni-bremen.de [134.102.145.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3vdTkv2jhkzDJ2g; Wed, 8 Mar 2017 11:08:55 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <D4E5582E.78797%goran.selander@ericsson.com>
Date: Wed, 08 Mar 2017 11:08:54 +0100
X-Mao-Original-Outgoing-Id: 510660534.395416-ced280a27a377af5c82020bdceb53174
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE24E6F2-4B93-4507-AD43-E490B81B7E66@tzi.org>
References: <c15a387f-9dd3-987e-2901-b86fd8f60108@gmx.net> <10144.1488908366@obiwan.sandelman.ca> <952c4a16-174f-2457-1f11-8f733e738f90@gmx.net> <D4E5582E.78797%goran.selander@ericsson.com>
To: Göran Selander <goran.selander@ericsson.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/sIjS7gAabA0nquAn_DAnAlsPeIE>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "t2trg@irtf.org" <T2TRG@irtf.org>
Subject: Re: [T2TRG] RESTful Design & Security
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 10:09:06 -0000

On 8 Mar 2017, at 09:30, Göran Selander <goran.selander@ericsson.com> wrote:
> 
> 1. Apply security above the web transfer layer, i.e. to CoAP/HTTP payload,
> e.g. by wrapping the payload in the COSE format. In this case the secure
> COSE object is independent of web transfer mechanism so you can switch
> between e.g. HTTP and CoAP. However, the web transfer metadata, including
> e.g. the RESTful method, resource etc. is not protected. This is anyway
> useful if the method/resource etc. is implicit or the application provides
> the context, e.g. CoAP pub/sub.

Apart from the HTTPS straightjacket I just discussed, this is the other interesting design issue about RESTful security.

Should we design all objects being interchanged in such a way that they can be signed by themselves, which implies that they don’t need context to interpret them?

E.g., if I

GET coap://bathroom.cabo.space/temperature

a typical result in a REST world might be a CBOR or JSON object saying

[{"u":"Cel","v":23.125}]

But there is no point in signing that object by itself; it does not mean anything useful.

A signed object would need to include the fact that this is about my bathroom, and some freshness information (such as the current time).  If you don’t want to use absolute time for freshness, you would include a request nonce, which makes this object useless for a different request, so you might as well bind it to the request in other ways (e.g., include the URI instead of some generic semantic information tying this to my bathroom).

The OSCOAP approach is to simply bind responses to the relevant information in the request, so all this happens “automatically” (you wish).

Grüße, Carsten

v2.23.0 | Report a Bug | By Email