Thanks, Markus. inline. On Thu, Sep 17, 2015 at 11:53 AM, Markus Stenberg <[email protected]> wrote: > On 16.9.2015, at 22.46, Kathleen Moriarty <[email protected]> > wrote: >> I just have one thing I'd like to discuss that should be easy enough to >> resolve. >> >> Section 8 mentions that DTLS or TLS MAY be used and that it is up to the >> DNCP profile. I'd be interested to see the security considerations that >> would lead to a recommendation of using session transport for the DNCP >> profiles. If it is in another RFC, could you add a pointer? If it is >> not, could this be added to the security considerations section since it >> could be an important consideration? > > Thanks for the comment. > > I am actually planning to write one more appendix to the text for -10; it > will contain datagram(=e.g. UDP) <> stream(=e.g. TCP) pros and cons as I have > been thinking about it every now and then, and I think it would make life of > someone else defining a DNCP-based protocol bit easier. > > From the security standpoint, there isn’t much of a difference, as the > TLS/DTLS state is more or less same for both cases. You will anyway need > either up to date sessions (TLS(+DTLS)) and-or long lived session caching > (DTLS(+TLS)), as you cannot afford too many new sessions that actually > involve the authz step per given time interval. So essentially even DTLS is > session-based transport in this case from my point of view. > > The rest, I will write it tomorrow and you (and Brian H. who also raised > interest on the different transport options) can check it once we publish -10 > if it matches the requirements; we plan to publish -10 either tomorrow or on > Monday.
Great, if you could put a couple of lines in the security considerations section as general guidance, I think that would be very helpful. I'm taking tomorrow off (and the rest of today), so Monday is fine for me. Thanks, Kathleen > >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks for your detailed work on this draft to provide all of the >> security related options in section 8. > > Thanks ;) Section 8.3 is actually somewhat novel I think, the others > (8.1/8.2) are relatively .. mundane. > > Cheers, > > -Markus -- Best regards, Kathleen _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
