Hi Hannes, I must admit I didn't understand that was the conclusion. So, is source authentication mandatory or not?
"decoupled" meant that we could work on a solution which allowed to be adapted to all symmetric or asymmetric keys, much in the sense Abhinav expressed in the referred link. Göran > On 12 okt. 2016, at 13:50, Hannes Tschofenig <[email protected]> > wrote: > > Hi Goeran, > > there was never any doubt that we can use COSE to design a security > solution using the already existing building blocks. > > Btw, in the meanwhile we have actually concluded the discussion in ACE > on the group communication security topic, see > https://www.ietf.org/mail-archive/web/ace/current/msg01967.html > > Ciao > Hannes > > PS: You cannot decouple the question of adoption of > draft-somaraju-ace-multicast-01 from the question of source > authentication since this was the core issue of the debate. > >> On 10/12/2016 01:31 PM, Göran Selander wrote: >> >> Hi Hannes, >> >> I’m a bit surprised at your reaction. If you have followed the discussion >> on OSCOAP you know that one recurring request has been on support for >> multicast. This draft is addressing that request. >> >> draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group >> communication and we propose this draft to be the way to extend OSCOAP for >> that purpose. >> >> In the "controversial, long, and tough” discussion you refer to, one >> central issue relates to the use of symmetric keys only in group >> communication. Our draft mandates the use of asymmetric keys since that >> provides source authentication. Should it be agreed that source >> authentication for some purpose is not necessary, it is a simple >> modification of this draft - simply making the counter signature in the >> COSE object non-mandatory. >> >> It was our hope that we in this way can decouple the question of adoption >> of draft-somaraju-ace-multicast-01 from the question of source >> authentication. >> >> Göran >> >> >> >> >> On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig" >> <[email protected] on behalf of [email protected]> wrote: >> >>> Hi Marco, Hi Francesca, Hi Goeran, >>> >>> I am a bit surprised about your document submission since you guys have >>> been pretty silent in the group communication security discussion, which >>> was quite controversial, long, and tough. That's where your support >>> would have been needed. Adding the few small bits to the already written >>> draft isn't the problem. >>> >>> Ciao >>> Hannes >>> >>>> On 10/12/2016 10:12 AM, Marco Tiloca wrote: >>>> Dear CoRE/ACE, >>>> >>>> We have submitted a draft on secure group communication for CoAP >>>> addressing security for the setting of a multicast CoAP request with >>>> unicast responses as described in RFC7390. >>>> >>>> This draft builds on the recently updated version of OSCOAP, extended >>>> with mandatory Sender ID and multiple Recipient Contexts. It also >>>> enables source authentication with asymmetric signatures implemented as >>>> counter signatures included with the COSE objects defined by OSCOAP. >>>> >>>> We hope that by submitting now we could get some first discussion to >>>> allow updates before the cutoff. >>>> >>>> This draft provides the missing link between >>>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP. >>>> >>>> Best regards, >>>> Marco >>>> >>>> >>>> ---------- Forwarded message ---------- >>>> From: ** <[email protected] <mailto:[email protected]>> >>>> Date: Wed, Oct 12, 2016 at 9:27 AM >>>> Subject: New Version Notification for >>>> draft-tiloca-core-multicast-oscoap-00.txt >>>> To: Marco Tiloca <[email protected] <mailto:[email protected]>>, Goeran Selander >>>> <[email protected] <mailto:[email protected]>>, >>>> Francesca Palombini <[email protected] >>>> <mailto:[email protected]>> >>>> >>>> >>>> >>>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt >>>> has been successfully submitted by Francesca Palombini and posted to the >>>> IETF repository. >>>> >>>> Name: draft-tiloca-core-multicast-oscoap >>>> Revision: 00 >>>> Title: Secure group communication for CoAP >>>> Document date: 2016-10-12 >>>> Group: Individual Submission >>>> Pages: 15 >>>> URL: >>>> >>>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0 >>>> 0.txt >>>> >>>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap- >>>> 00.txt> >>>> Status: >>>> https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/ >>>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/> >>>> Htmlized: >>>> https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00 >>>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00> >>>> >>>> >>>> Abstract: >>>> This document describes a method for application layer protection of >>>> messages exchanged with the Constrained Application Protocol (CoAP) >>>> in a group communication context. The proposed approach relies on >>>> Object Security of CoAP (OSCOAP) and the CBOR Object Signing and >>>> Encryption (COSE) format. All security requirements fulfilled by >>>> OSCOAP are maintained for multicast CoAP request messages and related >>>> unicast CoAP response messages. Source authentication of all >>>> messages exchanged within the group is ensured, by means of digital >>>> signatures produced through asymmetric private keys of sender devices >>>> and embedded in the protected CoAP messages. >>>> >>>> >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of >>>> submission >>>> until the htmlized version and diff are available at tools.ietf.org >>>> <http://tools.ietf.org>. >>>> >>>> The IETF Secretariat >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ace mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/ace >> >> _______________________________________________ >> Ace mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ace >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
