Hi Hannes,

I must admit I didn't understand that was the conclusion. So, is source 
authentication mandatory or not?

"decoupled" meant that we could work on a solution which allowed to be adapted 
to all symmetric or asymmetric keys, much in the sense Abhinav expressed in the 
referred link. 

Göran

> On 12 okt. 2016, at 13:50, Hannes Tschofenig <hannes.tschofe...@gmx.net> 
> wrote:
> 
> Hi Goeran,
> 
> there was never any doubt that we can use COSE to design a security
> solution using the already existing building blocks.
> 
> Btw, in the meanwhile we have actually concluded the discussion in ACE
> on the group communication security topic, see
> https://www.ietf.org/mail-archive/web/ace/current/msg01967.html
> 
> Ciao
> Hannes
> 
> PS: You cannot decouple the question of adoption of
> draft-somaraju-ace-multicast-01 from the question of source
> authentication since this was the core issue of the debate.
> 
>> On 10/12/2016 01:31 PM, Göran Selander wrote:
>> 
>> Hi Hannes,
>> 
>> I’m a bit surprised at your reaction. If you have followed the discussion
>> on OSCOAP you know that one recurring request has been on support for
>> multicast. This draft is addressing that request.
>> 
>> draft-somaraju-ace-multicast-01 is referring to OSCOAP for secure group
>> communication and we propose this draft to be the way to extend OSCOAP for
>> that purpose.
>> 
>> In the "controversial, long, and tough” discussion you refer to, one
>> central issue relates to the use of symmetric keys only in group
>> communication. Our draft mandates the use of asymmetric keys since that
>> provides source authentication. Should it be agreed that source
>> authentication for some purpose is not necessary, it is a simple
>> modification of this draft - simply making the counter signature in the
>> COSE object non-mandatory.
>> 
>> It was our hope that we in this way can decouple the question of adoption
>> of draft-somaraju-ace-multicast-01 from the question of source
>> authentication.
>> 
>> Göran
>> 
>> 
>> 
>> 
>> On 2016-10-12 10:40, "Ace on behalf of Hannes Tschofenig"
>> <ace-boun...@ietf.org on behalf of hannes.tschofe...@gmx.net> wrote:
>> 
>>> Hi Marco, Hi Francesca, Hi Goeran,
>>> 
>>> I am a bit surprised about your document submission since you guys have
>>> been pretty silent in the group communication security discussion, which
>>> was quite controversial, long, and tough. That's where your support
>>> would have been needed. Adding the few small bits to the already written
>>> draft isn't the problem.
>>> 
>>> Ciao
>>> Hannes
>>> 
>>>> On 10/12/2016 10:12 AM, Marco Tiloca wrote:
>>>> Dear CoRE/ACE,
>>>> 
>>>> We have submitted a draft on secure group communication for CoAP
>>>> addressing security for the setting of a multicast CoAP request with
>>>> unicast responses as described in RFC7390.
>>>> 
>>>> This draft builds on the recently updated version of OSCOAP, extended
>>>> with mandatory Sender ID and multiple Recipient Contexts. It also
>>>> enables source authentication with asymmetric signatures implemented as
>>>> counter signatures included with the COSE objects defined by OSCOAP.
>>>> 
>>>> We hope that by submitting now we could get some first discussion to
>>>> allow updates before the cutoff.
>>>> 
>>>> This draft provides the missing link between
>>>> https://tools.ietf.org/html/draft-somaraju-ace-multicast and OSCOAP.
>>>> 
>>>> Best regards,
>>>> Marco
>>>> 
>>>> 
>>>> ---------- Forwarded message ----------
>>>> From: ** <internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>>
>>>> Date: Wed, Oct 12, 2016 at 9:27 AM
>>>> Subject: New Version Notification for
>>>> draft-tiloca-core-multicast-oscoap-00.txt
>>>> To: Marco Tiloca <ma...@sics.se <mailto:ma...@sics.se>>, Goeran Selander
>>>> <goran.selan...@ericsson.com <mailto:goran.selan...@ericsson.com>>,
>>>> Francesca Palombini <francesca.palomb...@ericsson.com
>>>> <mailto:francesca.palomb...@ericsson.com>>
>>>> 
>>>> 
>>>> 
>>>> A new version of I-D, draft-tiloca-core-multicast-oscoap-00.txt
>>>> has been successfully submitted by Francesca Palombini and posted to the
>>>> IETF repository.
>>>> 
>>>> Name:           draft-tiloca-core-multicast-oscoap
>>>> Revision:       00
>>>> Title:          Secure group communication for CoAP
>>>> Document date:  2016-10-12
>>>> Group:          Individual Submission
>>>> Pages:          15
>>>> URL:           
>>>> 
>>>> https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-0
>>>> 0.txt
>>>> 
>>>> <https://www.ietf.org/internet-drafts/draft-tiloca-core-multicast-oscoap-
>>>> 00.txt>
>>>> Status:       
>>>> https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/
>>>> <https://datatracker.ietf.org/doc/draft-tiloca-core-multicast-oscoap/>
>>>> Htmlized:     
>>>> https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00
>>>> <https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-00>
>>>> 
>>>> 
>>>> Abstract:
>>>>   This document describes a method for application layer protection of
>>>>   messages exchanged with the Constrained Application Protocol (CoAP)
>>>>   in a group communication context.  The proposed approach relies on
>>>>   Object Security of CoAP (OSCOAP) and the CBOR Object Signing and
>>>>   Encryption (COSE) format.  All security requirements fulfilled by
>>>>   OSCOAP are maintained for multicast CoAP request messages and related
>>>>   unicast CoAP response messages.  Source authentication of all
>>>>   messages exchanged within the group is ensured, by means of digital
>>>>   signatures produced through asymmetric private keys of sender devices
>>>>   and embedded in the protected CoAP messages.
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Please note that it may take a couple of minutes from the time of
>>>> submission
>>>> until the htmlized version and diff are available at tools.ietf.org
>>>> <http://tools.ietf.org>.
>>>> 
>>>> The IETF Secretariat
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Ace mailing list
>>>> Ace@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ace
>> 
>> _______________________________________________
>> Ace mailing list
>> Ace@ietf.org
>> https://www.ietf.org/mailman/listinfo/ace
> 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to