draft-ietf-core-object-security

Status Object Security for Constrained RESTful Environments (OSCORE)

Summary draft-ietf-core-object-security

Latest version https://tools.ietf.org/html/draft-ietf-core-object-security-08

In current CoAP environments, the DTLS security association is terminate at the proxies, making proxies capable of accessing and manipulating any part of the message payload and metadata.

OSCoRE protects CoAP (or HTTP) request-responses end-to-end across any intermediary nodes (i.e. proxies and translators). OSCORE supports the main CoRE RFCS (RFC7252, RFC7641, RFC7959, RFC7967, and RFC8132).

OSCORE essentially protects the RESTful interactions; the request method, the requested resource, the message payload, etc. OSCORE does neither protect the CoAP Messaging Layer nor the CoAP Token which may change between the endpoints. Additionally, since the message formats for CoAP/UDP and CoAP/TCP differ only in the messaging layer, OSCoRE can be used on both reliable and unreliable transports.

+-----------------------------------+
|            Application            |
+-----------------------------------+
+-----------------------------------+  \
|  Requests / Responses / Signaling |  |
|-----------------------------------|  |
|               OSCORE              |  | CoAP
|-----------------------------------|  |
| Messaging Layer / Message Framing |  |
+-----------------------------------+  /
+-----------------------------------+
|          UDP / TCP / ...          |
+-----------------------------------+

OSCORE requires that client and server establish a shared security context used to process the COSE objects. OSCORE uses COSE with an Authenticated Encryption with Additional Data (AEAD) algorithm for protecting message data between a client and a server.

OSCoRE also defines a security option that indicates that the CoAP message uses OSCORE.

+-----+---+---+---+---+-----------------+--------+--------+---------+
| No. | C | U | N | R | Name            | Format | Length | Default |
+-----+---+---+---+---+-----------------+--------+--------+---------+
| TBD | x |   |   |   | Object-Security |  (*)   | 0-255  | (none)  |
+-----+---+---+---+---+-----------------+--------+--------+---------+

The CoAP Payload is always encrypted in a COSE object.

As mentioned before, OSCORE encrypts some of the CoAP header fields. However some of them are required to be read by proxies, thus cannot be protected end-to-end between endpoints and are send in the clear.

+------------------+---+---+
| Field            | E | U |
+------------------+---+---+
| Version (UDP)    |   | x |
| Type (UDP)       |   | x |
| Length (TCP)     |   | x |
| Token Length     |   | x |
| Code             | x |   |
| Message ID (UDP) |   | x |
| Token            |   | x |
+------------------+---+---+

More details available in the latest draft version: https://tools.ietf.org/html/draft-ietf-core-object-security-08

There are some available implementations at:

Java (Californium): https://bitbucket.org/lseitz/oscoap_californium
C (Contiki, Erbium): https://github.com/Gunzter/contiki-oscoap
Python (aiocoap): https://github.com/chrysn/aiocoap
C# (CoAP-CSharp): https://github.com/Com-AugustCellars/CoAP-CSharp
Python (CoAP for openwsn): https://github.com/openwsn-berkeley/coap
C (openwsn-fw): https://github.com/openwsn-berkeley/openwsn-fw

Shepherd Writeup

Summary

Document Shepherd: Jaime Jiménez, jaime.jimenez@ericsson.com
Area Director: Alexey Melnikov, aamelnikov@fastmail.fm

This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.

The document is intended as a Standards Track document.

Review and Consensus

The document has gone through multiple expert reviews and has been discussed on multiple IETF meetings. Before the last IETF the WGLC was completed.

Intellectual Property

Each author has stated that they do not have direct, personal knowledge of any IPR related to this document. I am not aware of any IPR discussion about this document on the CoRE WG.

Other Points

There are RFC Editor comments that need to be edited out note to RFC Editor. There have been multiple (informal) interops that have been instrumental in improving the document.

Checklist

Does the shepherd stand behind the document and think the document is ready for publication?
Is the correct RFC type indicated in the title page header?
Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
Is the intent of the document accurately and adequately explained in the introduction?
Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?
Has the shepherd performed automated checks – idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on – and determined that the document passes the tests?
Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction? Does not apply
If this is a bis document, have all of the errata been considered? Does not apply

IANA Considerations:

IANA shall add 'kid context' to the COSE Header Parameters Registry. 
A new CoAP Option is created.
a new CoAP Signaling Option is created.
a new Header Field is added to the Message Headers registry.

Are the IANA Considerations clear and complete? Remember that IANA have to understand unambiguously what’s being requested, so they can perform the required actions.
Are all protocol extensions that the document makes associated with the appropriate reservations in IANA registries?
Are all IANA registries referred to by their exact names (check them in http://www.iana.org/protocols/ to be sure)?
Have you checked that any registrations made by this document correctly follow the policies and procedures for the appropriate registries?
For registrations that require expert review (policies of Expert Review or Specification Required), have you or the working group had any early review done, to make sure the requests are ready for last call?
For any new registries that this document creates, has the working group actively chosen the allocation procedures and policies and discussed the alternatives?
Have reasonable registry names been chosen (that will not be confused with those of other registries), and have the initial contents and valid value ranges been clearly specified?