From 9cadac612de1370079c170e2cf43a95d0bf6624c Mon Sep 17 00:00:00 2001 From: ID Bot Date: Wed, 11 Oct 2023 17:25:15 +0000 Subject: [PATCH] Script updating gh-pages from 3af4bab. [ci skip] --- john-comments/draft-ietf-core-groupcomm-bis.html | 4 ++-- john-comments/draft-ietf-core-groupcomm-bis.txt | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/john-comments/draft-ietf-core-groupcomm-bis.html b/john-comments/draft-ietf-core-groupcomm-bis.html index 7c57a3d..f8cac21 100644 --- a/john-comments/draft-ietf-core-groupcomm-bis.html +++ b/john-comments/draft-ietf-core-groupcomm-bis.html @@ -2532,7 +2532,7 @@

The NoSec mode does not require and does not make use of a security group. Indications that endpoints can use the NoSec mode MUST NOT rely on setting up and advertising a pseudo security group with name "NoSec" or any of its lowercase/uppercase combinations.

A CoAP server in NoSec mode MUST NOT be accessible through the public Internet. It is NOT RECOMMENDED to use CoAP group communication in NoSec mode.

-

The possible, exceptional use of the NoSec mode ought to be limited to: applications that are proven to be neither sensitive nor critical; and specific, well-defined steps where security is not viable or is intrinsically unattainable, e.g., early discovery of devices and resources (see Section 6.1).

+

The possible, exceptional use of the NoSec mode ought to be limited to specific, well-defined steps that are proven to not require security or to not be able to attain it, e.g., early discovery of devices and resources (see Section 6.1).

Before possibly and exceptionally using the NoSec mode in such circumstances, the security implications in Section 6.1 must be very well considered and understood, especially as to the risk and impact of amplification attacks (see Section 6.3). Consistently with such security implications, the use of the NoSec mode should still be avoided whenever possible.

@@ -2636,7 +2636,7 @@

6.2. Group OSCORE

Group OSCORE provides end-to-end application-level security. This has many desirable properties, including maintaining security assurances while forwarding traffic through intermediaries (proxies). Application-level security also tends to more cleanly separate security from the specific dynamics of security group membership (e.g., the problem of distributing security keys across large groups with many members that come and go).

-

CoAP group communication MUST be protected by using Group OSCORE as specified in [I-D.ietf-core-oscore-groupcomm], with the possible exception of: applications that are proven to be neither sensitive nor critical; and specific, well-defined steps where security is not viable or is intrinsically unattainable (e.g., early discovery).

+

CoAP group communication MUST be protected by using Group OSCORE as specified in [I-D.ietf-core-oscore-groupcomm], with the possible exception of specific, well-defined steps that are proven to not require security or to not be able to attain it (e.g., early discovery).

The same security considerations from Section 13 of [I-D.ietf-core-oscore-groupcomm] hold for this specification.

diff --git a/john-comments/draft-ietf-core-groupcomm-bis.txt b/john-comments/draft-ietf-core-groupcomm-bis.txt index 6d0250c..b8d3681 100644 --- a/john-comments/draft-ietf-core-groupcomm-bis.txt +++ b/john-comments/draft-ietf-core-groupcomm-bis.txt @@ -2053,9 +2053,8 @@ Table of Contents NoSec mode. The possible, exceptional use of the NoSec mode ought to be limited - to: applications that are proven to be neither sensitive nor - critical; and specific, well-defined steps where security is not - viable or is intrinsically unattainable, e.g., early discovery of + to specific, well-defined steps that are proven to not require + security or to not be able to attain it, e.g., early discovery of devices and resources (see Section 6.1). Before possibly and exceptionally using the NoSec mode in such @@ -2317,9 +2316,9 @@ Table of Contents CoAP group communication MUST be protected by using Group OSCORE as specified in [I-D.ietf-core-oscore-groupcomm], with the possible - exception of: applications that are proven to be neither sensitive - nor critical; and specific, well-defined steps where security is not - viable or is intrinsically unattainable (e.g., early discovery). + exception of specific, well-defined steps that are proven to not + require security or to not be able to attain it (e.g., early + discovery). The same security considerations from Section 13 of [I-D.ietf-core-oscore-groupcomm] hold for this specification.