Hi Goeran,

there was never any doubt that we can use COSE to design a security
solution using the already existing building blocks.

Btw, in the meanwhile we have actually concluded the discussion in ACE
on the group communication security topic, see
https://www.ietf.org/mail-archive/web/ace/current/msg01967.html

Ciao
Hannes

PS: You cannot decouple the question of adoption of
draft-somaraju-ace-multicast-01 from the question of source
authentication since this was the core issue of the debate.

On 10/12/2016 01:31 PM, Göran Selander wrote:
> 
> Hi Hannes,
> 
> I’m a bit surprised at your reaction. If you have followed the discussion
> on OSCOAP you know that one recurring request has been on support for
> multicast. This draft is addressing that request.
> 
> draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group
> communication and we propose this draft to be the way to extend OSCOAP for
> that purpose.
> 
> In the "controversial, long, and tough” discussion you refer to, one
> central issue relates to the use of symmetric keys only in group
> communication. Our draft mandates the use of asymmetric keys since that
> provides source authentication. Should it be agreed that source
> authentication for some purpose is not necessary, it is a simple
> modification of this draft - simply making the counter signature in the
> COSE object non-mandatory.
> 
> It was our hope that we in this way can decouple the question of adoption
> of draft-somaraju-ace-multicast-01 from the question of source
> authentication.
> 
> Göran
> 
> 
> 
> 
> On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig"
> <ace-boun...@ietf.org on behalf of hannes.tschofe...@gmx.net> wrote:
> 
>> Hi Marco, Hi Francesca, Hi Goeran,
>>
>> I am a bit surprised about your document submission since you guys have
>> been pretty silent in the group communication security discussion, which
>> was quite controversial, long, and tough. That's where your support
>> would have been needed. Adding the few small bits to the already written
>> draft isn't the problem.
>>
>> Ciao
>> Hannes
>>
>> On 10/12/2016 10:12 AM, Marco Tiloca wrote:
>>> Dear CoRE/ACE,
>>>
>>> We have submitted a draft on secure group communication for CoAP
>>> addressing security for the setting of a multicast CoAP request with
>>> unicast responses as described in RFC7390.
>>>
>>> This draft builds on the recently updated version of OSCOAP, extended
>>> with mandatory Sender ID and multiple Recipient Contexts. It also
>>> enables source authentication with asymmetric signatures implemented as
>>> counter signatures included with the COSE objects defined by OSCOAP.
>>>
>>> We hope that by submitting now we could get some first discussion to
>>> allow updates before the cutoff.
>>>
>>> This draft provides the missing link between
>>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP.
>>>
>>> Best regards,
>>> Marco
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: ** <internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>>
>>> Date: Wed, Oct 12, 2016 at 9:27 AM
>>> Subject: New Version Notification for
>>> draft-tiloca-core-multicast-oscoap-00.txt
>>> To: Marco Tiloca <ma...@sics.se <mailto:ma...@sics.se>>, Goeran Selander
>>> <goran.selan...@ericsson.com <mailto:goran.selan...@ericsson.com>>,
>>> Francesca Palombini <francesca.palomb...@ericsson.com
>>> <mailto:francesca.palomb...@ericsson.com>>
>>>
>>>
>>>
>>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt
>>> has been successfully submitted by Francesca Palombini and posted to the
>>> IETF repository.
>>>
>>> Name:           draft-tiloca-core-multicast-oscoap
>>> Revision:       00
>>> Title:          Secure group communication for CoAP
>>> Document date:  2016-10-12
>>> Group:          Individual Submission
>>> Pages:          15
>>> URL:           
>>>
>>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0
>>> 0.txt
>>>
>>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-
>>> 00.txt>
>>> Status:       
>>>  https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/
>>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/>
>>> Htmlized:     
>>>  https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00
>>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00>
>>>
>>>
>>> Abstract:
>>>    This document describes a method for application layer protection of
>>>    messages exchanged with the Constrained Application Protocol (CoAP)
>>>    in a group communication context.  The proposed approach relies on
>>>    Object Security of CoAP (OSCOAP) and the CBOR Object Signing and
>>>    Encryption (COSE) format.  All security requirements fulfilled by
>>>    OSCOAP are maintained for multicast CoAP request messages and related
>>>    unicast CoAP response messages.  Source authentication of all
>>>    messages exchanged within the group is ensured, by means of digital
>>>    signatures produced through asymmetric private keys of sender devices
>>>    and embedded in the protected CoAP messages.
>>>
>>>
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of
>>> submission
>>> until the htmlized version and diff are available at tools.ietf.org
>>> <http://tools.ietf.org>.
>>>
>>> The IETF Secretariat
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ace mailing list
>>> Ace@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ace
>>>
>>
> 
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
> 

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to