Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
+1 Stevie Beck From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Dijk, Esko Sent: Wednesday, March 08, 2017 11:38 AM To: ace@ietf.org Subject: Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 Hello Kepeng, all, I support the adoption of draft-somaraju-ace-multicast-02 as an ACE working group draft. There was some discussion whether the scope and requirements are clear enough. Perhaps adding dedicated "scope" and "requirements" sections early in the draft could help to address this? Currently this information is rather scattered over the various sections. best regards Esko Dijk _ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. smime.p7s Description: S/MIME cryptographic signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
Hello Kepeng, all, I support the adoption of draft-somaraju-ace-multicast-02 as an ACE working group draft. There was some discussion whether the scope and requirements are clear enough. Perhaps adding dedicated "scope" and "requirements" sections early in the draft could help to address this? Currently this information is rather scattered over the various sections. best regards Esko Dijk The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
It might just take one more update for me to feel happy with this. However, an update of the document has not yet been forth coming since I asked for a couple of different types of things for the security solutions and so forth. I would hope that the authors are not waiting for the outcome of this adoption call as a gating factor to produce such an update. jim > -Original Message- > From: peter van der Stok [mailto:stokc...@xs4all.nl] > Sent: Tuesday, March 7, 2017 12:33 AM > To: Jim Schaad > Cc: 'Kepeng Li' ; Ace@ietf.org > Subject: Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 > > After reading Jim's statement, my position is a bit different. > Multicast security is severely needed. > Not making it a WG document augments the risk that the subject is frozen > and no progress is made. > To guarantee progress, adoption seems to me the right way forward. > > Peter > > Jim Schaad schreef op 2017-03-07 02:55: > > After thinking about this for a long time, I will reluctantly state a > > position. > > > > I do not believe that the WG should adopt this document at least until > > such a time as a version has been released which does a substantially > > better job of restricting the scope of the problem to be solved. If > > the WG then decides to relax that scope so be it. > > > > Jim > > > > FROM: Ace [mailto:ace-boun...@ietf.org] ON BEHALF OF Kepeng Li > > SENT: Thursday, February 23, 2017 1:48 AM > > TO: Ace@ietf.org > > CC: Kathleen Moriarty ; Hannes > > Tschofenig > > SUBJECT: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 > > > > Hello all, > > > > This note begins a Call For Adoption for > > draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working > > group item, and added in the charter. The call ends on Mar 7, 2017. > > > > Keep in mind that adoption of a document does not mean the document > > as-is is ready for publication. It is merely acceptance of the > > document as a starting point for what will be the final product of the > > ACE working group. The working group is free to make changes to the > > document according to the normal consensus process. > > > > Please reply on this thread with expressions of support or opposition, > > preferably with comments, regarding accepting this as a work item. > > > > Thanks, > > > > Kind Regards > > > > Kepeng (ACE co-chair) > > > > [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ > > ___ > > Ace mailing list > > Ace@ietf.org > > https://www.ietf.org/mailman/listinfo/ace ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
And of course, the asymmetric solution is not the one that is currently in the document. > -Original Message- > From: Hannes Tschofenig [mailto:hannes.tschofe...@gmx.net] > Sent: Tuesday, March 7, 2017 11:14 AM > To: Derek Atkins ; peter van der Stok > > Cc: Jim Schaad ; 'Kepeng Li' inc.com>; consulta...@vanderstok.org; Ace@ietf.org > Subject: Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 > > Hi Derek > > we discussed the requirements quite a bit in the group already and the > conclusion of the discussion was that we provide two solutions, one based > on symmetric keys and the other based on asymmetric keys. > > The asymmetric key solution provides authentication of the individual sender > where the symmetric key solution demonstrates knowledge of the group > key. > > Ciao > Hannes > > > On 03/07/2017 06:23 PM, Derek Atkins wrote: > > Peter, > > > > peter van der Stok writes: > > > >> After reading Jim's statement, my position is a bit different. > >> Multicast security is severely needed. > >> Not making it a WG document augments the risk that the subject is > >> frozen and no progress is made. > >> To guarantee progress, adoption seems to me the right way forward. > > > > Can you please define what you mean by "Multicast Security"? Are you > > just looking for Group Confidentiality? Do you want Group Message > > Integrity without Source Authentication? Do you want Source > > Authentication? "multicast security" is too generic a term by itself > > and as others have pointed out depending on which specific security > > services you're talking about you will get a multitude of (potentially > > conflicting) requirements. For example, you cannot get source > > authentication with a shared-key-only solution. > > > > I recommend that, before adoption, an explicit set of requirements be > > defined and inserted into the scope. > > > >> Peter > >> > >> Jim Schaad schreef op 2017-03-07 02:55: > >>> After thinking about this for a long time, I will reluctantly state > >>> a position. > >>> > >>> I do not believe that the WG should adopt this document at least > >>> until such a time as a version has been released which does a > >>> substantially better job of restricting the scope of the problem to > >>> be solved. If the WG then decides to relax that scope so be it. > >>> > >>> Jim > > > > -derek > > ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
Hi Derek we discussed the requirements quite a bit in the group already and the conclusion of the discussion was that we provide two solutions, one based on symmetric keys and the other based on asymmetric keys. The asymmetric key solution provides authentication of the individual sender where the symmetric key solution demonstrates knowledge of the group key. Ciao Hannes On 03/07/2017 06:23 PM, Derek Atkins wrote: > Peter, > > peter van der Stok writes: > >> After reading Jim's statement, my position is a bit different. >> Multicast security is severely needed. >> Not making it a WG document augments the risk that the subject is >> frozen and no progress is made. >> To guarantee progress, adoption seems to me the right way forward. > > Can you please define what you mean by "Multicast Security"? Are you > just looking for Group Confidentiality? Do you want Group Message > Integrity without Source Authentication? Do you want Source > Authentication? "multicast security" is too generic a term by itself > and as others have pointed out depending on which specific security > services you're talking about you will get a multitude of (potentially > conflicting) requirements. For example, you cannot get source > authentication with a shared-key-only solution. > > I recommend that, before adoption, an explicit set of requirements be > defined and inserted into the scope. > >> Peter >> >> Jim Schaad schreef op 2017-03-07 02:55: >>> After thinking about this for a long time, I will reluctantly state a >>> position. >>> >>> I do not believe that the WG should adopt this document at least until >>> such a time as a version has been released which does a substantially >>> better job of restricting the scope of the problem to be solved. If >>> the WG then decides to relax that scope so be it. >>> >>> Jim > > -derek > signature.asc Description: OpenPGP digital signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
Peter, peter van der Stok writes: > After reading Jim's statement, my position is a bit different. > Multicast security is severely needed. > Not making it a WG document augments the risk that the subject is > frozen and no progress is made. > To guarantee progress, adoption seems to me the right way forward. Can you please define what you mean by "Multicast Security"? Are you just looking for Group Confidentiality? Do you want Group Message Integrity without Source Authentication? Do you want Source Authentication? "multicast security" is too generic a term by itself and as others have pointed out depending on which specific security services you're talking about you will get a multitude of (potentially conflicting) requirements. For example, you cannot get source authentication with a shared-key-only solution. I recommend that, before adoption, an explicit set of requirements be defined and inserted into the scope. > Peter > > Jim Schaad schreef op 2017-03-07 02:55: >> After thinking about this for a long time, I will reluctantly state a >> position. >> >> I do not believe that the WG should adopt this document at least until >> such a time as a version has been released which does a substantially >> better job of restricting the scope of the problem to be solved. If >> the WG then decides to relax that scope so be it. >> >> Jim -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
On 7 Mar 2017, at 02:55, Jim Schaad wrote: > > After thinking about this for a long time, I will reluctantly state a > position. > > I do not believe that the WG should adopt this document at least until such a > time as a version has been released which does a substantially better job of > restricting the scope of the problem to be solved. If the WG then decides to > relax that scope so be it. I believe this editorial issue is exactly the kind of thing the WG process is very good in fixing. So I support adoption at this time; this is not a WGLC. Grüße, Carsten ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
On 3/6/2017 8:55 PM, Jim Schaad wrote: After thinking about this for a long time, I will reluctantly state a position. I do not believe that the WG should adopt this document at least until such a time as a version has been released which does a substantially better job of restricting the scope of the problem to be solved. If the WG then decides to relax that scope so be it. Jim I also cannot support the adoption of this document. After listening to the arguments about latency and cost and hearing assurances that the protocol could be restricted to limit the impact of symmetric key multicast for control, I spent another few days with the document and I don't see how that (restrictions) would be possible. I support the adoption of an asymmetric key multicast solution for IOT control. I cannot support any version, including this one, of a symmetric key multicast control system. As I've noted before, this proposal and document are based on a highly constrained, and as far as I can tell somewhat unique, set of limitations related to cost and latency (e.g. lighting control systems). Let me reiterate that I believe the small subset of folk that are dealing in this space should instead generate an informational "Here's how we do it" RFC rather than attempt to place this proposal on the standards track. With respect to Peter and Elliot's +1s on adoption, yes we could use a multicast based control system, and no, a symmetric key multicast system does not have the characteristics needed for secure control. Lastly, the latency requirement argues, or perhaps screams that this would be better handled at the L2 link layer rather than an IP based system. Simply IP routing the packet in an IOT system could consume most of the 250ms that the lighting folk argue is the maximum acceptable latency from throwing the switch until the lights go on. The argument about multiple technologies mostly doesn't hold water (e.g. you could use a consistent framing inside the various bearer RF and hard link link-layer standards). Mike *From:*Ace [mailto:ace-boun...@ietf.org] *On Behalf Of *Kepeng Li *Sent:* Thursday, February 23, 2017 1:48 AM *To:* Ace@ietf.org *Cc:* Kathleen Moriarty ; Hannes Tschofenig *Subject:* [Ace] Call for adoption for draft-somaraju-ace-multicast-02 Hello all, This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working group item, and added in the charter. The call ends on Mar 7, 2017. Keep in mind that adoption of a document does not mean the document as-is is ready for publication. It is merely acceptance of the document as a starting point for what will be the final product of the ACE working group. The working group is free to make changes to the document according to the normal consensus process. Please reply on this thread with expressions of support or opposition, preferably with comments, regarding accepting this as a work item. Thanks, Kind Regards Kepeng (ACE co-chair) [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
+1. On 3/7/17 9:33 AM, peter van der Stok wrote: > After reading Jim's statement, my position is a bit different. > Multicast security is severely needed. > Not making it a WG document augments the risk that the subject is > frozen and no progress is made. > To guarantee progress, adoption seems to me the right way forward. > > Peter signature.asc Description: OpenPGP digital signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
After reading Jim's statement, my position is a bit different. Multicast security is severely needed. Not making it a WG document augments the risk that the subject is frozen and no progress is made. To guarantee progress, adoption seems to me the right way forward. Peter Jim Schaad schreef op 2017-03-07 02:55: After thinking about this for a long time, I will reluctantly state a position. I do not believe that the WG should adopt this document at least until such a time as a version has been released which does a substantially better job of restricting the scope of the problem to be solved. If the WG then decides to relax that scope so be it. Jim FROM: Ace [mailto:ace-boun...@ietf.org] ON BEHALF OF Kepeng Li SENT: Thursday, February 23, 2017 1:48 AM TO: Ace@ietf.org CC: Kathleen Moriarty ; Hannes Tschofenig SUBJECT: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 Hello all, This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working group item, and added in the charter. The call ends on Mar 7, 2017. Keep in mind that adoption of a document does not mean the document as-is is ready for publication. It is merely acceptance of the document as a starting point for what will be the final product of the ACE working group. The working group is free to make changes to the document according to the normal consensus process. Please reply on this thread with expressions of support or opposition, preferably with comments, regarding accepting this as a work item. Thanks, Kind Regards Kepeng (ACE co-chair) [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
After thinking about this for a long time, I will reluctantly state a position. I do not believe that the WG should adopt this document at least until such a time as a version has been released which does a substantially better job of restricting the scope of the problem to be solved. If the WG then decides to relax that scope so be it. Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Kepeng Li Sent: Thursday, February 23, 2017 1:48 AM To: Ace@ietf.org Cc: Kathleen Moriarty ; Hannes Tschofenig Subject: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 Hello all, This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working group item, and added in the charter. The call ends on Mar 7, 2017. Keep in mind that adoption of a document does not mean the document as-is is ready for publication. It is merely acceptance of the document as a starting point for what will be the final product of the ACE working group. The working group is free to make changes to the document according to the normal consensus process. Please reply on this thread with expressions of support or opposition, preferably with comments, regarding accepting this as a work item. Thanks, Kind Regards Kepeng (ACE co-chair) [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
> The call ends on Mar 7, 2017. Sorry, let me make a correction on this. Usually the call for adoption should take two weeks. It started from 24 Feb, and should end on 10 Mar. Kindly remind you to provide your feedback before the deadline. Thanks, Kind Regards Kepeng 发件人: Ace on behalf of Li Kepeng 日期: Thursday, 23 February 2017 at 5:48 PM 至: 抄送: Kathleen Moriarty , Hannes Tschofenig 主题: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 Hello all, This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working group item, and added in the charter. The call ends on Mar 7, 2017. Keep in mind that adoption of a document does not mean the document as-is is ready for publication. It is merely acceptance of the document as a starting point for what will be the final product of the ACE working group. The working group is free to make changes to the document according to the normal consensus process. Please reply on this thread with expressions of support or opposition, preferably with comments, regarding accepting this as a work item. Thanks, Kind Regards Kepeng (ACE co-chair) [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
This document is only the starting point for the work and the content will change as the working group works on it. Group communication security work has been contributed earlier to the group and has received a lot of attention. For this reason the call for adoption happens earlier. The call for adoption of other documents, some of them have only recently been submitted to the group, will happen soon. Kind Regards Kepeng 发件人: Göran Selander 日期: Friday, 24 February 2017 at 3:34 PM 至: Li Kepeng , "Ace@ietf.org" , Hannes Tschofenig 抄送: Kathleen Moriarty 主题: Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 I’m in favour of adopting a profile of the ACE framework [1] providing the functionality outlined in this draft. It was acknowledged in the latest ACE interim that this draft will be transformed into an ACE profile, but currently the mapping to ACE is not very clear: - Many of the "Requirements on Profiles” (Appendix C of [1]) are not fulfilled, e.g. how is the "resource server" of the ACE framework mapped? Is it the KDC? - Will the proposed ACE-DTLS profile [2] be used or will we have different methods for authorising DTLS in different profiles? There has been a lot of discussion of this draft, whereas "non-controversial” profiles of ACE ([2], [3], [4]) has been disregarded in the process. If one profile is being adopted without consideration of other profiles it may lead to duplication of specification, or different mechanisms being defined doing the same thing. Chairs: What is the plan for coordinating the functionality in the different ACE profiles being adopted? Göran [1] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz [2] https://tools.ietf.org/html/draft-gerdes-ace-dtls-authorize [3] https://tools.ietf.org/html/draft-seitz-ace-oscoap-profile [4] https://tools.ietf.org/html/draft-sengul-kirby-ace-mqtt-tls-profile From: Ace on behalf of Kepeng Li Date: Thursday 23 February 2017 at 10:48 To: "Ace@ietf.org" Cc: Kathleen Moriarty , Hannes Tschofenig Subject: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 > Hello all, > > This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] > to be adopted as an ACE working group item, and added in the charter. The call > ends on Mar 7, 2017. > > Keep in mind that adoption of a document does not mean the document as-is is > ready for publication. It is merely acceptance of the document as a starting > point for what will be the final product of the ACE working group. The working > group is free to make changes to the document according to the normal > consensus process. > > Please reply on this thread with expressions of support or opposition, > preferably with comments, regarding accepting this as a work item. > > Thanks, > > Kind Regards > Kepeng (ACE co-chair) > > > [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
I’m in favour of adopting a profile of the ACE framework [1] providing the functionality outlined in this draft. It was acknowledged in the latest ACE interim that this draft will be transformed into an ACE profile, but currently the mapping to ACE is not very clear: - Many of the "Requirements on Profiles” (Appendix C of [1]) are not fulfilled, e.g. how is the "resource server" of the ACE framework mapped? Is it the KDC? - Will the proposed ACE-DTLS profile [2] be used or will we have different methods for authorising DTLS in different profiles? There has been a lot of discussion of this draft, whereas "non-controversial” profiles of ACE ([2], [3], [4]) has been disregarded in the process. If one profile is being adopted without consideration of other profiles it may lead to duplication of specification, or different mechanisms being defined doing the same thing. Chairs: What is the plan for coordinating the functionality in the different ACE profiles being adopted? Göran [1] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz [2] https://tools.ietf.org/html/draft-gerdes-ace-dtls-authorize [3] https://tools.ietf.org/html/draft-seitz-ace-oscoap-profile [4] https://tools.ietf.org/html/draft-sengul-kirby-ace-mqtt-tls-profile From: Ace mailto:ace-boun...@ietf.org>> on behalf of Kepeng Li mailto:kepeng@alibaba-inc.com>> Date: Thursday 23 February 2017 at 10:48 To: "Ace@ietf.org<mailto:Ace@ietf.org>" mailto:Ace@ietf.org>> Cc: Kathleen Moriarty mailto:kathleen.moriarty.i...@gmail.com>>, Hannes Tschofenig mailto:hannes.tschofe...@gmx.net>> Subject: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 Hello all, This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working group item, and added in the charter. The call ends on Mar 7, 2017. Keep in mind that adoption of a document does not mean the document as-is is ready for publication. It is merely acceptance of the document as a starting point for what will be the final product of the ACE working group. The working group is free to make changes to the document according to the normal consensus process. Please reply on this thread with expressions of support or opposition, preferably with comments, regarding accepting this as a work item. Thanks, Kind Regards Kepeng (ACE co-chair) [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] Call for adoption for draft-somaraju-ace-multicast-02
Hello all, This note begins a Call For Adoption for draft-somaraju-ace-multicast-02 [1] to be adopted as an ACE working group item, and added in the charter. The call ends on Mar 7, 2017. Keep in mind that adoption of a document does not mean the document as-is is ready for publication. It is merely acceptance of the document as a starting point for what will be the final product of the ACE working group. The working group is free to make changes to the document according to the normal consensus process. Please reply on this thread with expressions of support or opposition, preferably with comments, regarding accepting this as a work item. Thanks, Kind Regards Kepeng (ACE co-chair) [1] https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace