Thanks a lot Ari for the review! Answers inline.
Francesca > -----Original Message----- > From: Ace [mailto:[email protected]] On Behalf Of Ari Keränen > Sent: den 15 oktober 2017 18:06 > To: [email protected]; [email protected] > Subject: [Ace] draft-palombini-ace-coap-pubsub-profile-01 review > > Hi, > > I had a look at the CoAP pub/sub profile draft and overall it looked good to > me. This mechanism is essential for e2e security with the CoAP pub/sub > broker, so I'm happy to see this going forward. > > Couple of comments below; I'll send nits separately off-list. > > > Section 2: > > Good to mention early enough that AS1 and AS2 can be (and commonly are?) > the same host. > Ok, will add. > Sec 5: > > The (G) message is the subscription of the > > Subscriber, which is unprotected. > > Can't G be protected with regular DTLS? > Yes it could, but currently the model does not require a security association between Subscriber and Broker, since I did not consider critical for the broker to only accept subscription from subscribers that are authorized (an unauthorized subscriber would not be able to read the encrypted content of the notifications anyway). The protection of subscription could be easily added, making it similar to publications, which are protected with regular DTLS (or alternatives); the overhead would be that each subscriber should access the AS and get all the information to start a secure exchange with the broker. I will add some considerations about that in the draft. > I think the considerations about symmetric crypto could be worth lifting from > security considerations to a separate section. That would be interesting to > explore more; unless we want to keep that out of scope. > Ok. > > Cheers, > Ari > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
