Pascal Thubert (pthubert) <[email protected]> wrote: > I'm looking for a consensus on how to address the following review > comment on the 6TiSCH Architecture by Benjamin:
a) I don't think that any details about the Join Proxy belongs in the
architecture document.
Any text in the architecture document that says too much should be
deferring to minimal security.
b) It's not an HTTP PROXY with a CONNECT, and GET HTTP://.. support.
It's not really an COAP PROXY (RFC7252 section 5.7).
We describe it in section 4.3.2 as an application layer proxy.
It can only send traffic to the JRC, and no other place.
The description of it in section 7 of minimal-security as
a RFC7252 forward-proxy does imply that it provides any kind
of HTTP-proxy-like functionality.
>> I'd like to see some discussion somewhere that the Join Proxy needs to
>> take care
>> to not be an open redirector by which an unauthenticated pledge can
>> attack
>> arbitrary network elements (whether within the LLN or on the broader
>> network), e.g., by performing some validation on the claimed MASA
>> identifier.
>> Similarly, that the JRC will be exposed to lots of untrusted input and
>> needs to be
>> implemented in an especially robust manner.
The CoJP has no business looking into any of the packets, and should
not be looking at any MASA entities, because in 6tisch-minimal there is no
MASA.
It forward packets to a single destination at a time, and that's it.
> Then again I'd like to discuss the split of what goes in the
> architecture and what goes in Minimal security or elsewhere.
> What do you think?
I think that the architecture document is out of control, and I said that in
my review a few months ago :-)
It says way too much, anticipates way too much incomplete work,
and therefore has too many informative references, and thus we get into
the trouble we are here.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
