Re: [core] Spencer Dawkins' No Objection on draft-ietf-core-groupcomm-21: (with COMMENT)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 20 August 2014 01:22 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E69871A06D9; Tue, 19 Aug 2014 18:22:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gk_sQukNx5QB; Tue, 19 Aug 2014 18:22:36 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 918A61A0AFD; Tue, 19 Aug 2014 18:22:35 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id pn19so6559216lab.38 for <multiple recipients>; Tue, 19 Aug 2014 18:22:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hdEo5AQ92JPbwecsxAopQba34u8421i7x4JHq582K18=; b=VDnDOSVu9zhzw2VoW1yJsCjnJEOWitVS8xeyeanv1r32eqLjHnN6uoQiPWiDqamf+l WSBETKZyJuPV6ZwpGLkjiMNfKTH7L0KQ1bSe1gYPmgMkRAzIin76ukezk10UxSdA+Uus UFI+z8oILmgrrAYWTzZYUHt8xz1TlmSINaD2wRqw/EM8wTZScSrsIyNzKfvsyK8jogtX bOwixbChL77JJYj5KSAR2J08r8d8KXp6ZwOo5OXQExxhBlcn3HoIa0n1VRdav1MU2Tn+ J0OogdzqEEasurKJoPpPNX8u4FNpFT98Ko6SQm1AzH5c8uSZQWlodUTD+WfOCndoPBxx YPEg==
MIME-Version: 1.0
X-Received: by 10.152.8.48 with SMTP id o16mr38793434laa.18.1408497753795; Tue, 19 Aug 2014 18:22:33 -0700 (PDT)
Received: by 10.152.206.36 with HTTP; Tue, 19 Aug 2014 18:22:33 -0700 (PDT)
In-Reply-To: <D60519DB022FFA48974A25955FFEC08C05DC0C8D@SAM.InterDigital.com>
References: <20140819214554.19309.61511.idtracker@ietfa.amsl.com> <D60519DB022FFA48974A25955FFEC08C05DC0C8A@SAM.InterDigital.com> <CAKKJt-f=x6U2CWZqagNY3dLreC8Mb-95LAsCGHZpN4iE+OOTQQ@mail.gmail.com> <D60519DB022FFA48974A25955FFEC08C05DC0C8D@SAM.InterDigital.com>
Date: Tue, 19 Aug 2014 20:22:33 -0500
Message-ID: <CAKKJt-fDTWy9fOSXwvjUT+6fmtqjP1BVRuJ0fwkxGPS90uwpWA@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
To: "Rahman, Akbar" <Akbar.Rahman@interdigital.com>
Content-Type: multipart/alternative; boundary="001a11c3640e4830d00501057021"
Archived-At: http://mailarchive.ietf.org/arch/msg/core/u6MzViA1N3zgsn34uVDLgKJuR6s
Cc: "core-chairs@tools.ietf.org" <core-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, "core@ietf.org" <core@ietf.org>, "draft-ietf-core-groupcomm@tools.ietf.org" <draft-ietf-core-groupcomm@tools.ietf.org>
Subject: Re: [core] Spencer Dawkins' No Objection on draft-ietf-core-groupcomm-21: (with COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 01:22:41 -0000
On Tuesday, August 19, 2014, Rahman, Akbar <Akbar.Rahman@interdigital.com> wrote: > Hi Spencer, > > > > > > >If I might make a suggestion, perhaps deleting the last sentence, and > saying something like this in its own paragraph? > > > > >"Because CoAP is often used with limited-power devices, it is RECOMMENDED > that disjoint groups do not attempt to share IP multicast addresses, > because all the devices using the same IP multicast address will see > traffic for all groups, only to discard traffic intended for other > groups based on UDP port." > > > > > > Response: > > ------------- > > Okay. Good suggestion. We will add it in that section. (Please leave us > editorial license to modify the wording slightly depending on what happens > on the other discussion regarding use of Normative language in the draft). > > Oh, heck, yeah! You folk are the experts on CoAP ... Spencer > > > > > Best Regards, > > > > > > Akbar > > > > > > *From:* Spencer Dawkins at IETF [mailto:spencerdawkins.ietf@gmail.com > <javascript:_e(%7B%7D,'cvml','spencerdawkins.ietf@gmail.com');>] > *Sent:* Tuesday, August 19, 2014 6:57 PM > *To:* Rahman, Akbar > *Cc:* The IESG; core-chairs@tools.ietf.org > <javascript:_e(%7B%7D,'cvml','core-chairs@tools.ietf.org');>; > draft-ietf-core-groupcomm@tools.ietf.org > <javascript:_e(%7B%7D,'cvml','draft-ietf-core-groupcomm@tools.ietf.org');>; > core@ietf.org <javascript:_e(%7B%7D,'cvml','core@ietf.org');> > *Subject:* Re: Spencer Dawkins' No Objection on > draft-ietf-core-groupcomm-21: (with COMMENT) > > > > Thank you for the quick response! > > On Tuesday, August 19, 2014, Rahman, Akbar <Akbar.Rahman@interdigital.com > <javascript:_e(%7B%7D,'cvml','Akbar.Rahman@interdigital.com');>> wrote: > > Hi Spencer, > > > Thanks for the good advice on the potential status for the document. > I'll wait for our AD (Barry) to make the final decision on that issue. > With regards to your final technical question: > > > > I'm probably missing something, but I'm not understanding this. If I > have two groups of IoT devices configured to use the same IP multicast > address, and each group uses its own UDP port, what doesn't work? > > Response: > ------------- > Yes, you could technically do this. But it would be a very inefficient > system as you would propagate multicast packets throughout the network > and have them received and decoded in a device's IP stack only to throw > it away at the last moment because it is on the wrong port. It would be > much saner/efficient to have different IP multicast addresses to > segregate the packets from the beginning instead of counting on > different UDP ports. > > > > This is up to you, but "cannot" doesn't mean "bad idea" to me :-) > > > > If I might make a suggestion, perhaps deleting the last sentence, and > saying something like this in its own paragraph? > > > > "Because CoAP is often used with limited-power devices, it is RECOMMENDED > that disjoint groups do not attempt to share IP multicast addresses, > because all the devices using the same IP multicast address will see > traffic for all groups, only to discard traffic intended for other > groups based on UDP port." > > > > Or maybe multicast people all know that? > > > > But do the right thing! > > > > Spencer > > > > > > Best Regards, > > > Akbar > > > > -----Original Message----- > From: core [mailto:core-bounces@ietf.org] On Behalf Of Spencer Dawkins > Sent: Tuesday, August 19, 2014 5:46 PM > To: The IESG > Cc: core-chairs@tools.ietf.org; > draft-ietf-core-groupcomm@tools.ietf.org; core@ietf.org > Subject: [core] Spencer Dawkins' No Objection on > draft-ietf-core-groupcomm-21: (with COMMENT) > > Spencer Dawkins has entered the following ballot position for > draft-ietf-core-groupcomm-21: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > http://datatracker.ietf.org/doc/draft-ietf-core-groupcomm/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I share the concerns Martin listed in his Discuss, but that conversation > is already underway. > > I saw that Martin is questioning whether this document should be > Informational, but > > 1.2. Scope > > While [RFC7252] supports various modes of DTLS based security for > CoAP over unicast IP, it does not specify any security modes for CoAP > over IP multicast. That is, [RFC7252] assumes that CoAP over IP > multicast is not encrypted, nor authenticated, nor access controlled. > This document assumes the same security model (see Section 5.1). > However, there are several promising security solutions being > developed that should be considered in the future for protecting CoAP > group communications (see Section 5.3.3). > > would make me uneasy about publishing it as standards-track in 2014. If > this specification was Experimental, I'd feel better, but as the > specification itself correctly points out: > > 5.4. Pervasive Monitoring Considerations > > A key additional threat consideration for group communication is > pointed to by [RFC7258] which warns of the dangers of pervasive > monitoring. CoAP group communication which is built on top of IP > multicast should pay particular heed to these dangers. This is > because IP multicast is easier to intercept (e.g., and to secretly > record) compared to unicast traffic. Also, CoAP traffic is meant for > the Internet of Things. This means that CoAP traffic is often used > for the control and monitoring of critical infrastructure (e.g., > lights, alarms, etc.) which may be prime targets for attack. > > Approving it as a Proposed Standard seems to be begging for someone to > deploy it without reading the warning labels ... would anyone who's > planning to use CoAP group communications without security (beyond > suggestions such as enabling WiFi security), be unwilling to use it at > Experimental? > > In this text: > > 2.3. Port and URI Configuration > > A CoAP server that is a member of a group listens for CoAP messages > on the group's IP multicast address, usually on the CoAP default UDP > port, 5683. If the group uses a specified non-default UDP port, be > careful to ensure that all group members are configured to use that > same port. Therefore different ports for the same IP multicast > address cannot be used to specify different CoAP groups. > > I'm probably missing something, but I'm not understanding this. If I > have two groups of IoT devices configured to use the same IP multicast > address, and each group uses its own UDP port, what doesn't work? > > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core > >
- [core] Spencer Dawkins' No Objection on draft-iet… Spencer Dawkins
- Re: [core] Spencer Dawkins' No Objection on draft… Rahman, Akbar
- Re: [core] Spencer Dawkins' No Objection on draft… Spencer Dawkins at IETF
- Re: [core] Spencer Dawkins' No Objection on draft… Rahman, Akbar
- Re: [core] Spencer Dawkins' No Objection on draft… Spencer Dawkins at IETF