Hi Jim, I support Francesca's thoughts on this. Please, find inline a few more comments.
Ciao, /Marco On 2017-10-20 15:20, Francesca Palombini wrote: > Hi Jim, > > I don't think that your statement is correct: as far as I understood the > oscoap-joining document, the RS is the group manager, while in the pubsub > document (even generalizing it and making a group communication profile as > Carsten was suggesting) the entity that does group management is the AS2. > > I consider these differences a reason to have separate documents, yes, they > could be described in the same draft, but I don't see how that simplifies the > specifications. > > One more comment inline. > > Thanks, > Francesca > >> -----Original Message----- >> From: Jim Schaad [mailto:[email protected]] >> Sent: den 20 oktober 2017 07:42 >> To: [email protected]; draft-palombini-ace-coap- >> [email protected] >> Cc: [email protected] >> Subject: Comments on draft-tiloca-ace-oscoap-joining >> >> After the interim meeting, I read this document through in order to produce >> a review. Instead you are going to get a meta-review. >> >> I am having a hard to seeing why this document exists in its current form and >> it is not some type of simple profile of the pub-sub security draft. >> While I am not sure that this document is a sub-set of that document, it >> appears to be about 90-99% a sub set of that document. Consider the >> following: >> >> You have both the publisher and subscriber roles as in the pub-sub draft. >> >> You have an entity which is doing key distribution in the system. For the >> pub- >> sub draft this is AS2 for you it is the RS, but they are performing the exact >> same set of tasks. >> > Yes, they are performing the same set of tasks on a high level, but they are > using the ACE framework differently in practice. For example the publisher > and subscriber acquire the keys without using the token. > >> The pub-sub draft as and endpoint which holds the encrypted messages, in >> its place you are using the multi-cast UDP channel. In both cases they are >> basically unprotected-untrusted entities to distribute the content message. >> The only difference is that in the pub-sub model the RS will also provide >> restricted access to publishing which is not enforceable here. >> >> Both of these documents are missing what I would consider to be core >> pieces. >> The pub-sub document does initial key distribution, while this document >> does not. Neither document does any discussion of how subsequent key >> distribution is done to deal with forward and backward security of messages. As to the "initial key distribution", I guess you refer to the group keying material that the Group Manager provides to the joining endpoint. From a previous discussion we had on this in Prague, I thought you were suggesting to specify the actual group OSCOAP key material provisioning on the group OSCOAP draft, rather than in this document. Of course, one of them has to describe such key provisioning. As to the "subsequent key distribution", we were trying to keep the definition of the specific group key revocation/renewal scheme enforced by the Group Manager out of the scope of both the group OSCOAP draft and this joining document. On the other hand, both documents acknowledge the importance of such service and discuss it in the "Security considerations" section. Such considerations cover both backward and forward security in the group OSCOAP draft, while only backward security on this document as related solely to the join process. >> >> This document probably needs to define a new relationship, which might be >> more generally used, to say - this URL is where you get the security >> information for this URL which is published in the directory - esp in the >> case >> of multi-cast address URLs in the resource directory. You might also find >> that >> the correct answer is not to use a separate resource for each channel, but to >> allow for the use of URI path elements to define the security for a resource. Thanks, we will think more on this. >> >> Jim >> > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace -- Marco Tiloca, PhD Research Institutes of Sweden RISE ICT/SICS Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.sics.se https://www.sics.se/~marco/ The RISE institutes Innventia, SP and Swedish ICT have merged in order to become a stronger research and innovation partner for businesses and society. SICS Swedish ICT AB, has now changed name to RISE SICS AB.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
