Göran Selander
2017-09-29 18:04:37 UTC
Hi,
Here is version -05 of the protocol formerly known as OSCOAP. More about
the name below.
https://tools.ietf.org/html/draft-ietf-core-object-security-05
This version is based on a number of inputs and change proposals since
(and including) the Prague F2F meeting, and also closed most old issues.
It took longer than expected, sorry for the delay. The main changes are:
- CoAP Code is now encrypted
- Support for end-to-end REST
- A new proxy section discussing CoAP-CoAP, HTTP-CoAP and CoAP-HTTP
- Simplified description of Option processing
- Simplified nonce construction also reducing the size of the security
context
- Optimized COSE compression
- Optional context hint for simplifying retrieval of security context
- More detailed error processing
- Name changed to OSCORE
Several other minor updates and clarifications were made, see CoRE’s
Github for details [1].
And now for the name. OCF was reviewing OSCOAP during the spring and
requested (channelled through Dave Thaler) that the protocol should be
specified to handle translation between CoAP and HTTP while maintaining
end-to-end security of the RESTful exchange. This turned out to not
require too many changes and Dave kindly made a rewrite of the document in
this regard. Since the protocol is no longer limited to CoAP, Dave also
proposed a name change to Object Security for Constrained Restful
Environments (OSCORE).
We decided to include all changes into one version to simplify the
discussion. The document is now ready for review.
Any comments are welcome!
Göran on behalf of the editing team
[1] https://github.com/core-wg/oscoap
Here is version -05 of the protocol formerly known as OSCOAP. More about
the name below.
https://tools.ietf.org/html/draft-ietf-core-object-security-05
This version is based on a number of inputs and change proposals since
(and including) the Prague F2F meeting, and also closed most old issues.
It took longer than expected, sorry for the delay. The main changes are:
- CoAP Code is now encrypted
- Support for end-to-end REST
- A new proxy section discussing CoAP-CoAP, HTTP-CoAP and CoAP-HTTP
- Simplified description of Option processing
- Simplified nonce construction also reducing the size of the security
context
- Optimized COSE compression
- Optional context hint for simplifying retrieval of security context
- More detailed error processing
- Name changed to OSCORE
Several other minor updates and clarifications were made, see CoRE’s
Github for details [1].
And now for the name. OCF was reviewing OSCOAP during the spring and
requested (channelled through Dave Thaler) that the protocol should be
specified to handle translation between CoAP and HTTP while maintaining
end-to-end security of the RESTful exchange. This turned out to not
require too many changes and Dave kindly made a rewrite of the document in
this regard. Since the protocol is no longer limited to CoAP, Dave also
proposed a name change to Object Security for Constrained Restful
Environments (OSCORE).
We decided to include all changes into one version to simplify the
discussion. The document is now ready for review.
Any comments are welcome!
Göran on behalf of the editing team
[1] https://github.com/core-wg/oscoap
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Constrained RESTful Environments WG of
the IETF.
Title : Object Security for Constrained RESTful
Environments (OSCORE)
Authors : Göran Selander
John Mattsson
Francesca Palombini
Ludwig Seitz
Filename : draft-ietf-core-object-security-05.txt
Pages : 45
Date : 2017-09-29
This document defines Object Security for Constrained RESTful
Environments (OSCORE), a method for application-layer protection of
the Constrained Application Protocol (CoAP), using CBOR Object
Signing and Encryption (COSE). OSCORE provides end-to-end
encryption, integrity and replay protection, as well as a secure
message binding. OSCORE is designed for constrained nodes and
networks and can be used over any layer and across intermediaries,
and also with HTTP. OSCORE may be used to protect group
communications as is specified in a separate draft.
https://datatracker.ietf.org/doc/draft-ietf-core-object-security/
https://tools.ietf.org/html/draft-ietf-core-object-security-05
https://datatracker.ietf.org/doc/html/draft-ietf-core-object-security-05
https://www.ietf.org/rfcdiff?url2=draft-ietf-core-object-security-05
Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
core mailing list
https://www.ietf.org/mailman/listinfo/core
directories.
This draft is a work item of the Constrained RESTful Environments WG of
the IETF.
Title : Object Security for Constrained RESTful
Environments (OSCORE)
Authors : Göran Selander
John Mattsson
Francesca Palombini
Ludwig Seitz
Filename : draft-ietf-core-object-security-05.txt
Pages : 45
Date : 2017-09-29
This document defines Object Security for Constrained RESTful
Environments (OSCORE), a method for application-layer protection of
the Constrained Application Protocol (CoAP), using CBOR Object
Signing and Encryption (COSE). OSCORE provides end-to-end
encryption, integrity and replay protection, as well as a secure
message binding. OSCORE is designed for constrained nodes and
networks and can be used over any layer and across intermediaries,
and also with HTTP. OSCORE may be used to protect group
communications as is specified in a separate draft.
https://datatracker.ietf.org/doc/draft-ietf-core-object-security/
https://tools.ietf.org/html/draft-ietf-core-object-security-05
https://datatracker.ietf.org/doc/html/draft-ietf-core-object-security-05
https://www.ietf.org/rfcdiff?url2=draft-ietf-core-object-security-05
Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
core mailing list
https://www.ietf.org/mailman/listinfo/core