Re: [Uta] comments on draft-ietf-uta-tls13-iot-profile-04:
Michael Richardson <mcr+ietf@sandelman.ca> Sun, 03 April 2022 20:01 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AE633A1371; Sun, 3 Apr 2022 13:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uBlglF7Mlw-V; Sun, 3 Apr 2022 13:01:38 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EB3E3A119A; Sun, 3 Apr 2022 13:01:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A56CE38A37; Sun, 3 Apr 2022 16:12:34 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id DvYc2XoKCRz0; Sun, 3 Apr 2022 16:12:33 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id D577E38A23; Sun, 3 Apr 2022 16:12:33 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1649016753; bh=XEgkMuizH8lbJ/xjstk1WezNBHS4EtOUOJnwi1R3SGQ=; h=From:To:Subject:In-Reply-To:References:Date:From; b=AxNpqknsOYZT1zGf5FmS0EIYqDBHPxhYy8Ip3vpnlrKY46L4alVwx6cjGgDNEUcVR 9P9ykxaG6nxwkBGdGlrJB7po2vOfSELy3yJcLphQdS28/JIBJYxutBAiiog9hVhXA/ TYx4IASB/opHC+D2VC98/wnXCJ6tH6O/T0rr3JcCY3pyBKKzMWvikO81t273Tttub3 TlCnoHYFoJD5ZBvsPUEfHT9npDKysE+Q+Z4/Nc97sYpecUBPpZP+e9GBVmvMXfXRZr taQpZD+bA1E27ZDl4uYhOLI/Ue2XQOikCfaTSBYd8FSyDeDd7pSj4cEwMLTMssk3VE D0PUAOz1aWoaQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 74E9D774; Sun, 3 Apr 2022 16:01:32 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Thomas Fossati <Thomas.Fossati@arm.com>, "uta@ietf.org" <uta@ietf.org>, "core@ietf.org" <core@ietf.org>, "iotops@ietf.org" <iotops@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
In-Reply-To: <DB9PR08MB652404F2CC3773FA66BC89229CE09@DB9PR08MB6524.eurprd08.prod.outlook.com>
References: <59686.1648298525@dooku> <DB9PR08MB652404F2CC3773FA66BC89229CE09@DB9PR08MB6524.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 03 Apr 2022 16:01:32 -0400
Message-ID: <23712.1649016092@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/qcv7ev0RdTHo48VvhsI4FzjGqUM>
Subject: Re: [Uta] comments on draft-ietf-uta-tls13-iot-profile-04:
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2022 20:01:46 -0000
Thomas Fossati <Thomas.Fossati@arm.com> wrote: >> Reading through the lines, it appears that a server that can't >> handle early data needs to send an error code. But such a server >> probably doesn't know about the error code. > The option is marked critical so if the server does not understand, it > will reject with 4.02. If it understands it and does not want to serve > the resource (say, because there is some associated state change) it > will reject with 4.25 (or whatever number IANA will assign to this > response code). In either cases, the client will not repeat an "early > data" request for that resource. Okay, I understand this. I wonder if this is significant enough a feature that it justifies the complexity in the client. >> I'm also concerned that this requires too much cross-layer >> communication between DTLS layer and CoAP layer. > It doesn't seem the case to me: the indication is carried within the CoAP > request so it just flows end to end from an application endpoint to the > other. But maybe I am missing something. Can you unpack your > concern a bit more? The DTLS layer has to pass the early data up to the CoAP layer so that it can reject with 4.02. If it can do that, then it can probably just be coded to process early data. In my server side, the DTLS layer is buried down in openssl C code, while the CoAP layer is in ruby. >> Validation of client certificates (whether factory provisioned >> IDevIDs, or locally enrolled LDevIDs) is a topic that I care a lot >> about, and this text is inadequate. >> >> As the (industrial) IoT market embraces IDevID certificates, there is >> some concern that different markets will put different requirements on >> IDevID contents. So far it does not appear that anyone has created a >> situation where a single (fat) IDevID certificate couldn't be used in >> a variety of market verticals, the concern remains. >> >> It was my intention to introduce a document about this issue. I think >> that it's something that only the IETF can do. Perhaps that would fit >> into this UTA document, or perhaps parts of this section 15 goes into >> another document. > This looks to me like it'd be a great addition to this document. > I've opened [4]; we can discuss about scope there if you want. I'm concerned about slowing your document down too much, but perhaps the timing is okay, and it might also help in getting external to the IETF review of this profile. When/if we are ready, I think that DANCE should be asked to review. but, yes, let's discuss more. I'll try to send some proposed text in the next two weeks. Even if it doesn't go into this document, then it might form the basis of another document. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Uta] comments on draft-ietf-uta-tls13-iot-profil… Michael Richardson
- Re: [Uta] comments on draft-ietf-uta-tls13-iot-pr… Thomas Fossati
- Re: [Uta] comments on draft-ietf-uta-tls13-iot-pr… Michael Richardson
- Re: [Uta] comments on draft-ietf-uta-tls13-iot-pr… Thomas Fossati
- Re: [Uta] comments on draft-ietf-uta-tls13-iot-pr… Hannes Tschofenig
- Re: [Uta] [Iotops] comments on draft-ietf-uta-tls… Michael Richardson