You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: draft-ietf-core-groupcomm-proxy.md
+19-24
Original file line number
Diff line number
Diff line change
@@ -5,23 +5,13 @@ title: Proxy Operations for CoAP Group Communication
5
5
abbrev: Proxy Operations for Group Communication
6
6
docname: draft-ietf-core-groupcomm-proxy-latest
7
7
8
-
9
-
# stand_alone: true
10
-
11
-
ipr: trust200902
12
-
area: Internet
13
8
wg: CoRE Working Group
14
9
kw: Internet-Draft
15
10
cat: std
16
11
submissiontype: IETF
17
12
updates: 7252
18
13
19
14
coding: utf-8
20
-
pi: # can use array (if all yes) or hash here
21
-
22
-
toc: yes
23
-
sortrefs: # defaults to yes
24
-
symrefs: yes
25
15
26
16
author:
27
17
-
@@ -37,7 +27,6 @@ author:
37
27
ins: E. Dijk
38
28
name: Esko Dijk
39
29
org: IoTconsultancy.nl
40
-
street: \________________\
41
30
city: Utrecht
42
31
country: The Netherlands
43
32
email: esko.dijk@iotconsultancy.nl
@@ -66,8 +55,7 @@ informative:
66
55
I-D.tiloca-core-oscore-discovery:
67
56
I-D.amsuess-core-cachable-oscore:
68
57
I-D.ietf-ace-key-groupcomm-oscore:
69
-
I-D.tiloca-core-oscore-capable-proxies:
70
-
RFC6347:
58
+
I-D.ietf-core-oscore-capable-proxies:
71
59
RFC7515:
72
60
RFC7967:
73
61
RFC8446:
@@ -99,7 +87,7 @@ Finally, this document defines a caching model for proxies and specifies how the
99
87
100
88
## Terminology ## {#terminology}
101
89
102
-
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 {{RFC2119}} {{RFC8174}} when, and only when, they appear in all capitals, as shown here.
90
+
{::boilerplate bcp14-tagged}
103
91
104
92
Readers are expected to be familiar with terms and concepts defined in CoAP {{RFC7252}}, Group Communication for CoAP {{I-D.ietf-core-groupcomm-bis}}, CBOR {{RFC8949}}, OSCORE {{RFC8613}} and Group OSCORE {{I-D.ietf-core-oscore-groupcomm}}.
105
93
@@ -252,9 +240,9 @@ This document assumes that the following requirements are fulfilled.
252
240
253
241
* REQ2. The proxy MUST identify a client sending a unicast group request to be proxied, in order to verify whether the client is allowed-listed to do so. For example, this can rely on one of the following security associations.
254
242
255
-
* A TLS {{RFC8446}} or DTLS {{RFC6347}}{{RFC9147}} channel between the client and the proxy, where the client has been authenticated during the secure channel establishment.
243
+
* A TLS {{RFC8446}} or DTLS {{RFC9147}} channel between the client and the proxy, where the client has been authenticated during the secure channel establishment.
256
244
257
-
* A pairwise OSCORE {{RFC8613}} Security Context between the client and the proxy, as defined in {{I-D.tiloca-core-oscore-capable-proxies}}.
245
+
* A pairwise OSCORE {{RFC8613}} Security Context between the client and the proxy, as defined in {{I-D.ietf-core-oscore-capable-proxies}}.
258
246
259
247
* REQ3. If secure, end-to-end communication is required between the client and the servers in the CoAP group, exchanged messages MUST be protected by using Group OSCORE {{I-D.ietf-core-oscore-groupcomm}}, as discussed in {{Section 5 of I-D.ietf-core-groupcomm-bis}}. This requires the client and the servers to have previously joined the correct OSCORE group, for instance by using the approach described in {{I-D.ietf-ace-key-groupcomm-oscore}}. The correct OSCORE group to join can be pre-configured or alternatively discovered, for instance by using the approach described in {{I-D.tiloca-core-oscore-discovery}}.
260
248
@@ -622,7 +610,7 @@ Fundamentally, this requires to define the possible use of the ETag option also
622
610
623
611
Since validation of responses assumes that cacheability of responses is possible in the first place, it would be convenient to define the use of ETag as outer option in {{I-D.amsuess-core-cachable-oscore}}.
624
612
625
-
In case OSCORE is also used between the proxy and an individual origin server as per {{I-D.tiloca-core-oscore-capable-proxies}}, then the outer ETag option would be seamlessly protected with the OSCORE Security Context shared between the proxy and the origin server.
613
+
In case OSCORE is also used between the proxy and an individual origin server as per {{I-D.ietf-core-oscore-capable-proxies}}, then the outer ETag option would be seamlessly protected with the OSCORE Security Context shared between the proxy and the origin server.
626
614
627
615
The following text can be used to replace the last paragraph above.
628
616
@@ -634,7 +622,7 @@ As discussed in {{sec-group-caching}}, the following applies when Group OSCORE {
634
622
635
623
* If a cached response included an outer ETag option intended to the proxy, then the proxy can perform revalidatation of the cached response, by making a request to the unicast URI targeting the server, and including outer ETag Option(s).
636
624
637
-
This is possible also in case the proxy and the origin server use OSCORE to further protect the exchanged request and response, as defined in {{I-D.tiloca-core-oscore-capable-proxies}}. In such a case, the originally outer ETag option is protected with the OSCORE Security Context shared between the proxy and the origin server, before transferring the message over the communication leg between the proxy and origin server.
625
+
This is possible also in case the proxy and the origin server use OSCORE to further protect the exchanged request and response, as defined in {{I-D.ietf-core-oscore-capable-proxies}}. In such a case, the originally outer ETag option is protected with the OSCORE Security Context shared between the proxy and the origin server, before transferring the message over the communication leg between the proxy and origin server.
638
626
639
627
\]
640
628
@@ -660,7 +648,7 @@ As discussed in {{sec-group-caching}}, the following applies when Group OSCORE {
660
648
661
649
* If a cached response included an outer ETag option intended to the proxy, then the proxy can perform revalidatation of the cached response, by making a request to the group URI targeting the CoAP group, and including outer ETag Option(s).
662
650
663
-
This is possible also in case the proxy and the origin servers use Group OSCORE to further protect the exchanged request and response, as defined in {{I-D.tiloca-core-oscore-capable-proxies}}. In such a case, the originally outer ETag option is protected with the Group OSCORE Security Context shared between the proxy and the origin server, before transferring the message over the communication leg between the proxy and origin server.
651
+
This is possible also in case the proxy and the origin servers use Group OSCORE to further protect the exchanged request and response, as defined in {{I-D.ietf-core-oscore-capable-proxies}}. In such a case, the originally outer ETag option is protected with the Group OSCORE Security Context shared between the proxy and the origin server, before transferring the message over the communication leg between the proxy and origin server.
664
652
665
653
\]
666
654
@@ -1070,7 +1058,7 @@ The security association between the client and the proxy MUST provide message i
1070
1058
1071
1059
The security association between the client and the proxy SHOULD also provide message confidentiality. Otherwise, any further intermediaries between the two as well as any on-path passive adversaries would be able to simply access the option content, and thus learn for how long the client is willing to receive responses from the servers in the group via the proxy. This may in turn be used to perform a more efficient, selective suppression of responses from the servers.
1072
1060
1073
-
When the client protects the unicast request sent to the proxy using OSCORE (see {{I-D.tiloca-core-oscore-capable-proxies}}) and/or (D)TLS, both message integrity and message confidentiality are achieved in the leg between the client and the proxy.
1061
+
When the client protects the unicast request sent to the proxy using OSCORE (see {{I-D.ietf-core-oscore-capable-proxies}}) and/or (D)TLS, both message integrity and message confidentiality are achieved in the leg between the client and the proxy.
1074
1062
1075
1063
The same considerations above about security associations apply when a chain of proxies is used (see {{sec-proxy-chain}}), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers.
1076
1064
@@ -1080,7 +1068,7 @@ The Response-Forwarding Option is of class U for OSCORE {{RFC8613}}. Hence, also
1080
1068
1081
1069
Since the security association between the client and the proxy provides message integrity, any further intermediaries between the two as well as any on-path active adversaries are not able to undetectably remove the Response-Forwarding Option from a forwarded server response. This ensures that the client can correctly distinguish the different responses and identify their corresponding origin server.
1082
1070
1083
-
When the proxy protects the response forwarded back to the client using OSCORE (see {{I-D.tiloca-core-oscore-capable-proxies}}) and/or (D)TLS, message integrity is achieved in the leg between the client and the proxy.
1071
+
When the proxy protects the response forwarded back to the client using OSCORE (see {{I-D.ietf-core-oscore-capable-proxies}}) and/or (D)TLS, message integrity is achieved in the leg between the client and the proxy.
1084
1072
1085
1073
The same considerations above about security associations apply when a chain of proxies is used (see {{sec-proxy-chain}}), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers.
1086
1074
@@ -1094,15 +1082,15 @@ Altering the option content in a group request would result in the proxy replyin
1094
1082
1095
1083
The security association between the client and the proxy SHOULD also provide message confidentiality. Otherwise, any further intermediaries between the two as well as any on-path passive adversaries would be able to simply access the option content, and thus learn the rate and pattern according to which the group resource in question changes over time, as inferable from the entity values read over time.
1096
1084
1097
-
When the client protects the unicast request sent to the proxy using OSCORE (see {{I-D.tiloca-core-oscore-capable-proxies}}) and/or (D)TLS, both message integrity and message confidentiality are achieved in the leg between the client and the proxy.
1085
+
When the client protects the unicast request sent to the proxy using OSCORE (see {{I-D.ietf-core-oscore-capable-proxies}}) and/or (D)TLS, both message integrity and message confidentiality are achieved in the leg between the client and the proxy.
1098
1086
1099
1087
The same considerations above about security associations apply when a chain of proxies is used (see {{sec-proxy-chain}}), with each proxy but the last one in the chain acting as client with the next hop towards the origin servers.
1100
1088
1101
1089
When caching of Group OSCORE secured responses is enabled at the proxy, the same as defined in {{sec-proxy-caching}} applies, with respect to cache entries and the way they are maintained.
Consistently with what is discussed in {{sec-security-considerations-client-auth}}, an HTTP client has to authenticate to the HTTP-to-CoAP proxy, and they SHOULD rely on a full-fledged pairwise secure association. This can rely on a TLS {{RFC8446}} channel as also recommended in {{Section 12.1 of RFC8613}} for when OSCORE is used with HTTP, or on a pairwise OSCORE {{RFC8613}} Security Context between the client and the proxy as defined in {{I-D.tiloca-core-oscore-capable-proxies}}.
1093
+
Consistently with what is discussed in {{sec-security-considerations-client-auth}}, an HTTP client has to authenticate to the HTTP-to-CoAP proxy, and they SHOULD rely on a full-fledged pairwise secure association. This can rely on a TLS {{RFC8446}} channel as also recommended in {{Section 12.1 of RFC8613}} for when OSCORE is used with HTTP, or on a pairwise OSCORE {{RFC8613}} Security Context between the client and the proxy as defined in {{I-D.ietf-core-oscore-capable-proxies}}.
1106
1094
1107
1095
\[ TODO
1108
1096
@@ -1501,8 +1489,15 @@ C P S1 S2
1501
1489
~~~~~~~~~~~
1502
1490
{: #workflow-example-reverse-3 title="Workflow example with reverse-proxy standing in for only the whole group of servers, but not for each individual server"}
1503
1491
1492
+
# Document Updates # {#sec-document-updates}
1493
+
{:removeinrfc}
1494
+
1495
+
## Version -00 to -01 ## {#sec-00-01}
1496
+
1497
+
* Editorial fixes and improvements.
1498
+
1504
1499
# Acknowledgments # {#acknowldegment}
1505
-
{: numbered="no"}
1500
+
{:unnumbered}
1506
1501
1507
1502
The authors sincerely thank {{{Christian Amsüss}}}, {{{Carsten Bormann}}}, {{{Rikard Höglund}}}, {{{Jim Schaad}}}, and {{{Göran Selander}}} for their comments and feedback.
0 commit comments