Hi guys,
You may be interested to hear that a group of people working on Internet of
Things security believe they have found a solution to deal with the challenges
we had in protecting HTTP requests/responses.
Here is the draft:
https://tools.ietf.org/html/draft-ietf-core-object-security-07
(T
Hi Hannes, and all
Thanks for the announcement.
To be a little bit more precise, the statement is that a CoAP-mappable
HTTP message can be mapped to CoAP (using RFC 8075), protected with OSCORE
(as specified in the referenced draft) and transported with HTTP (as
exemplified in the referenced dra
Hi Göran,
Maybe you can then answer the question whether this is useful / applicable to a
HTTP. Asked differently, under what conditions does the OSCORE not work for
HTTP. This would help the folks in the group, including me, to determine
whether this actually something we should be looking int
Hi Hannes,
Including Dave who may want to provide some background to the use case.
As I said, this was a proposed construction and was straightforward to
include in the draft. I’m not the right person to answer whether this is
useful for OAuth, but I’m interested in the answer.
Göran
On 2018-0
As Göran said, yes the original rationale was end-to-end communication through
proxies where each leg might be CoAP or might be HTTP,
the most common case being a single COAP-to-HTTP or HTTP-to-COAP proxy. For
the subset of HTTP that is mappable to CoAP
(i.e., simple RESTful calls), I'm not awa
Is there any implementation / prototyping experience with this work, Dave?
Here is what we have been working on in the context of OAuth: With OAuth 1.0:
https://tools.ietf.org/html/rfc5849 one of the problems there was the fields we
computed the digest over were changed by proxies, and other mid
Oscore was designed by looking at the specs for HTTP/COAP proxying, so that it
should work with any such proxy that's compliant to the spec.
I'm not aware if there's implementation experience yet, but the key concept is
that fields that have to be preserved end-to-end are tunneled through the
pr
