Discussion:
[core] Repeat And Request-Tag
Hannes Tschofenig
2017-09-01 19:09:12 UTC
Permalink
Hi draft-amsuess-core-repeat-request-tag-00-authors.

I have unfortunately missed the first session of the CORE meeting at the
Prague IETF meeting where this draft was presented. From the recording I
understand that there is a separate problem statement document.

Could you point me to that document?

Ciao
Hannes
Göran Selander
2017-09-04 04:25:46 UTC
Permalink
Hi Hannes,

If you glance at the first paragraph of section 1.1
https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00#section-1.1
you find one of the main references.

If you glance at the second paragraph of 1.2
https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00#section-1.2
you find the other.

(The latter is also linked from the top of the page of https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00
after "Versions:", before "00".)

:-)

Göran
Post by Hannes Tschofenig
Hi draft-amsuess-core-repeat-request-tag-00-authors.
I have unfortunately missed the first session of the CORE meeting at the
Prague IETF meeting where this draft was presented. From the recording I
understand that there is a separate problem statement document.
Could you point me to that document?
Ciao
Hannes
_______________________________________________
core mailing list
https://www.ietf.org/mailman/listinfo/core
Hannes Tschofenig
2017-09-04 13:09:28 UTC
Permalink
Section 1.1 references the "Controlling Actuators with CoAP" and Section
1.2 references several documents, including "Request-Tag option".

Since I have not followed the prior work I am just trying to figure out
what document(s) I have to read in order to understand what problem is
being solved here. I prefer to understand the problem first before
seeing the solution(s).

The referenced documents go into great deal describing the solution. Are
you saying that I have to read the two solution documents
- "Controlling Actuators with CoAP", and
- "Request-Tag option"
to get an idea what the problem is?

Ciao
Hannes
Post by Göran Selander
Hi Hannes,
If you glance at the first paragraph of section 1.1
https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00#section-1.1
you find one of the main references.
If you glance at the second paragraph of 1.2
https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00#section-1.2
you find the other.
(The latter is also linked from the top of the page
of https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00
after "Versions:", before "00".)
:-)
Göran
Post by Hannes Tschofenig
Hi draft-amsuess-core-repeat-request-tag-00-authors.
I have unfortunately missed the first session of the CORE meeting at the
Prague IETF meeting where this draft was presented. From the recording I
understand that there is a separate problem statement document.
Could you point me to that document?
Ciao
Hannes
_______________________________________________
core mailing list
https://www.ietf.org/mailman/listinfo/core
Ludwig Seitz
2017-09-04 14:17:40 UTC
Permalink
Post by Hannes Tschofenig
Section 1.1 references the "Controlling Actuators with CoAP" and Section
1.2 references several documents, including "Request-Tag option".
Since I have not followed the prior work I am just trying to figure out
what document(s) I have to read in order to understand what problem is
being solved here. I prefer to understand the problem first before
seeing the solution(s).
The referenced documents go into great deal describing the solution. Are
you saying that I have to read the two solution documents
- "Controlling Actuators with CoAP", and
- "Request-Tag option"
to get an idea what the problem is?
Ciao
Hannes
Since the draft proposes two extensions to CoAP, you need indeed to read
two texts on the backgrounds.

Controlling actuators with CoAP is not a solution document really, it
describes security problems when using CoAP to control actuators and
suggests a solution, but in nowhere enough detail to call it a "solution
document". This motivates the option presented in section 2.

draft-amsuess-core-request-tag describes a security problem with
blockwise, and presents a solution, if I'm not mistaken the solution was
transplanted to the document we are discussing, while the motivation wasn't.


/Ludwig
--
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
Göran Selander
2017-09-04 14:55:58 UTC
Permalink
On 2017-09-04 16:17, "core on behalf of Ludwig Seitz"
Post by Ludwig Seitz
Post by Hannes Tschofenig
Section 1.1 references the "Controlling Actuators with CoAP" and Section
1.2 references several documents, including "Request-Tag option".
Since I have not followed the prior work I am just trying to figure out
what document(s) I have to read in order to understand what problem is
being solved here. I prefer to understand the problem first before
seeing the solution(s).
The referenced documents go into great deal describing the solution. Are
you saying that I have to read the two solution documents
- "Controlling Actuators with CoAP", and
- "Request-Tag option"
to get an idea what the problem is?
Ciao
Hannes
Since the draft proposes two extensions to CoAP, you need indeed to read
two texts on the backgrounds.
Controlling actuators with CoAP is not a solution document really, it
describes security problems when using CoAP to control actuators and
suggests a solution, but in nowhere enough detail to call it a "solution
document". This motivates the option presented in section 2.
draft-amsuess-core-request-tag describes a security problem with
blockwise, and presents a solution, if I'm not mistaken the solution was
transplanted to the document we are discussing, while the motivation wasn't.
Yes. There are two problem statements, described in section 1.1 and
section 1.2, respectively. It would be great if someone who read these
sections could let us know if there is anything unclear.

The reason why this draft are working on two problem statements is
feedback from IETF#98 that we should compile a draft on "security updates
to CoAP”, and also that both are dealing server-oriented issues.

The proposal for how to structure the content was presented at IETF#99 in
slides 98 and 99 of the “consolidated slides”:

https://datatracker.ietf.org/meeting/99/materials/slides-99-core-consolidat
ed-slides

- specifically that both problem statements should go into an update of
core-coap-actuators.


Göran

Carsten Bormann
2017-09-04 13:19:34 UTC
Permalink
Hi Göran,

how about copying over these paragraphs and submitting a new version?
(And getting rid of “Repeat” in the process :-)

Grüße, Carsten
Post by Göran Selander
Hi Hannes,
If you glance at the first paragraph of section 1.1
https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00#section-1.1
you find one of the main references.
If you glance at the second paragraph of 1.2
https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00#section-1.2
you find the other.
(The latter is also linked from the top of the page of https://tools.ietf.org/html/draft-amsuess-core-repeat-request-tag-00
after "Versions:", before "00".)
:-)
Göran
Post by Hannes Tschofenig
Hi draft-amsuess-core-repeat-request-tag-00-authors.
I have unfortunately missed the first session of the CORE meeting at the
Prague IETF meeting where this draft was presented. From the recording I
understand that there is a separate problem statement document.
Could you point me to that document?
Ciao
Hannes
_______________________________________________
core mailing list
https://www.ietf.org/mailman/listinfo/core
_______________________________________________
core mailing list
https://www.ietf.org/mailman/listinfo/core
Loading...