Dear CoRE and ACE, Apologies for cross-posting, this concerns the security for CoAP group communications (which is a CoRE draft) and the current specified method to retrieve public keys for group communication (which is an ACE draft).
When a node joins a group [0] there is a need for group members to get its public key. Section 4.5 of the current Github version of draft-ietf-ace-key-groupcomm "Key Provisioning for Group Communication using ACE" [1] describes procedures for retrieving the public keys, by accessing the resource "ace-group/GROUPNAME/pub-key" in the KDC. Section 4.3 in the same document describes the procedure to "make the ... resource Observable, and send notifications to Clients when the keying material is updated". 1. The use of notifications is good to avoid similar requests from several nodes in these cases. But the procedure is only mentioned briefly as quoted above. Would it be possible to expand on this and make it a recommended mechanism in this draft, or alternatively, a separate draft? 2. If the number of members in the group is large, it would be even better to send just one multicast notification [2] instead of many notifications with the same content, but this requires the sending node to be member of the group. The Group Manager is the authorized party distributing public keys to nodes of the group, but we don't think of it as member of that group. Is it worth to make the GM a group member by default to enable the use of [2] for distribution of the public key of a (re-)joining node? Göran [0] https://tools.ietf.org/html/draft-ietf-core-groupcomm-bis [1] https://ace-wg.github.io/ace-key-groupcomm/draft-ietf-ace-key-groupcomm.html#name-retrieval-of-public-keys-an [2] https://tools.ietf.org/html/draft-tiloca-core-observe-multicast-notifications _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
