Skip to content

Commit

Permalink
Script updating gh-pages from 8fb215f. [ci skip]
Browse files Browse the repository at this point in the history
  • Loading branch information
ID Bot committed Jun 1, 2024
1 parent b989dbd commit 605cce3
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 31 deletions.
22 changes: 11 additions & 11 deletions draft-ietf-core-oscore-capable-proxies.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1489,7 +1489,7 @@ <h3 id="name-protection-of-coap-options">
<p id="section-3.1-3.1.4.1.1">The OSCORE Option present as the result of the OSCORE layer immediately previously applied for an OSCORE endpoint different than X, when the sender endpoint is an origin endpoint.<a href="#section-3.1-3.1.4.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-3.1-3.1.4.2">
<p id="section-3.1-3.1.4.2.1">The EDHOC Option defined in <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span>, when the sender endpoint is the EDHOC Initiator.<a href="#section-3.1-3.1.4.2.1" class="pilcrow"></a></p>
<p id="section-3.1-3.1.4.2.1">The EDHOC Option defined in <span>[<a href="#I-D.ietf-core-oscore-edhoc" class="cite xref">I-D.ietf-core-oscore-edhoc</a>]</span>, when the sender endpoint is the EDHOC Initiator.<a href="#section-3.1-3.1.4.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-3.1-3.1.4.3">
<p id="section-3.1-3.1.4.3.1">The Request-Hash Option defined in <span>[<a href="#I-D.amsuess-core-cachable-oscore" class="cite xref">I-D.amsuess-core-cachable-oscore</a>]</span>, when X is not an origin endpoint.<a href="#section-3.1-3.1.4.3.1" class="pilcrow"></a></p>
Expand Down Expand Up @@ -1551,7 +1551,7 @@ <h3 id="name-protection-of-coap-options">
<p id="section-3.1-3.3.4.1.1">The OSCORE Option present as the result of the OSCORE layer immediately previously applied for an OSCORE endpoint different than X, when the sender endpoint is not an origin endpoint.<a href="#section-3.1-3.3.4.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-3.1-3.3.4.2">
<p id="section-3.1-3.3.4.2.1">The EDHOC Option defined in <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span>, when the sender endpoint is not the EDHOC Initiator.<a href="#section-3.1-3.3.4.2.1" class="pilcrow"></a></p>
<p id="section-3.1-3.3.4.2.1">The EDHOC Option defined in <span>[<a href="#I-D.ietf-core-oscore-edhoc" class="cite xref">I-D.ietf-core-oscore-edhoc</a>]</span>, when the sender endpoint is not the EDHOC Initiator.<a href="#section-3.1-3.3.4.2.1" class="pilcrow"></a></p>
</li>
</ul>
</li>
Expand Down Expand Up @@ -1704,11 +1704,11 @@ <h2 id="name-establishment-of-oscore-sec">
<p id="section-5-2">At the same time, the following applies, depending on the two peers using OSCORE or Group OSCORE <span>[<a href="#I-D.ietf-core-oscore-groupcomm" class="cite xref">I-D.ietf-core-oscore-groupcomm</a>]</span> to protect their communications.<a href="#section-5-2" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-5-3.1">
<p id="section-5-3.1.1">When using OSCORE, the establishment of the OSCORE Security Context can rely on the authenticated key establishment protocol EDHOC <span>[<a href="#I-D.ietf-lake-edhoc" class="cite xref">I-D.ietf-lake-edhoc</a>]</span>.<a href="#section-5-3.1.1" class="pilcrow"></a></p>
<p id="section-5-3.1.1">When using OSCORE, the establishment of the OSCORE Security Context can rely on the authenticated key establishment protocol EDHOC <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span>.<a href="#section-5-3.1.1" class="pilcrow"></a></p>
<p id="section-5-3.1.2">
Assuming that OSCORE has to be used both between the two origin application endpoints as well as between the origin client and the first proxy in the chain, it is expected that the origin client first runs EDHOC with the first proxy in the chain, and then with the origin server through the chain of proxies (see the example in <a href="#sec-example-edhoc" class="auto internal xref">Appendix A.4</a>).<a href="#section-5-3.1.2" class="pilcrow"></a></p>
<p id="section-5-3.1.3">
Furthermore, the additional use of the combined EDHOC + OSCORE request defined in <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span> is particularly beneficial in this case (see the example in <a href="#sec-example-edhoc-comb-req" class="auto internal xref">Appendix A.5</a>), and especially when relying on a long chain of proxies.<a href="#section-5-3.1.3" class="pilcrow"></a></p>
Furthermore, the additional use of the combined EDHOC + OSCORE request defined in <span>[<a href="#I-D.ietf-core-oscore-edhoc" class="cite xref">I-D.ietf-core-oscore-edhoc</a>]</span> is particularly beneficial in this case (see the example in <a href="#sec-example-edhoc-comb-req" class="auto internal xref">Appendix A.5</a>), and especially when relying on a long chain of proxies.<a href="#section-5-3.1.3" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-5-3.2">
<p id="section-5-3.2.1">The use of Group OSCORE is expected to be limited between the origin applications endpoints, e.g., between the origin client and multiple origin servers. In order to join the same OSCORE group and obtain the corresponding Group OSCORE Security Context, those endpoints can use the approach defined in <span>[<a href="#I-D.ietf-ace-key-groupcomm-oscore" class="cite xref">I-D.ietf-ace-key-groupcomm-oscore</a>]</span> and based on the ACE framework for authentication and authorization in constrained environments <span>[<a href="#RFC9200" class="cite xref">RFC9200</a>]</span>.<a href="#section-5-3.2.1" class="pilcrow"></a></p>
Expand Down Expand Up @@ -1876,13 +1876,13 @@ <h3 id="name-informative-references">
<dd>
<span class="refAuthor">Tiloca, M.</span>, <span class="refAuthor">Höglund, R.</span>, <span class="refAuthor">Amsüss, C.</span>, and <span class="refAuthor">F. Palombini</span>, <span class="refTitle">"Observe Notifications as CoAP Multicast Responses"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-core-observe-multicast-notifications-08</span>, <time datetime="2024-03-04" class="refDate">4 March 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-core-observe-multicast-notifications-08">https://datatracker.ietf.org/doc/html/draft-ietf-core-observe-multicast-notifications-08</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.ietf-core-transport-indication">[I-D.ietf-core-transport-indication]</dt>
<dt id="I-D.ietf-core-oscore-edhoc">[I-D.ietf-core-oscore-edhoc]</dt>
<dd>
<span class="refAuthor">Amsüss, C.</span> and <span class="refAuthor">M. S. Lenders</span>, <span class="refTitle">"CoAP Transport Indication"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-core-transport-indication-05</span>, <time datetime="2024-03-18" class="refDate">18 March 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-core-transport-indication-05">https://datatracker.ietf.org/doc/html/draft-ietf-core-transport-indication-05</a>&gt;</span>. </dd>
<span class="refAuthor">Palombini, F.</span>, <span class="refAuthor">Tiloca, M.</span>, <span class="refAuthor">Höglund, R.</span>, <span class="refAuthor">Hristozov, S.</span>, and <span class="refAuthor">G. Selander</span>, <span class="refTitle">"Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained Application Protocol (CoAP) and Object Security for Constrained RESTful Environments (OSCORE)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-core-oscore-edhoc-11</span>, <time datetime="2024-04-09" class="refDate">9 April 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-edhoc-11">https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-edhoc-11</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.ietf-lake-edhoc">[I-D.ietf-lake-edhoc]</dt>
<dt id="I-D.ietf-core-transport-indication">[I-D.ietf-core-transport-indication]</dt>
<dd>
<span class="refAuthor">Selander, G.</span>, <span class="refAuthor">Mattsson, J. P.</span>, and <span class="refAuthor">F. Palombini</span>, <span class="refTitle">"Ephemeral Diffie-Hellman Over COSE (EDHOC)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-lake-edhoc-23</span>, <time datetime="2024-01-22" class="refDate">22 January 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-23">https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-23</a>&gt;</span>. </dd>
<span class="refAuthor">Amsüss, C.</span> and <span class="refAuthor">M. S. Lenders</span>, <span class="refTitle">"CoAP Transport Indication"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-core-transport-indication-05</span>, <time datetime="2024-03-18" class="refDate">18 March 2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-core-transport-indication-05">https://datatracker.ietf.org/doc/html/draft-ietf-core-transport-indication-05</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="LwM2M-Core">[LwM2M-Core]</dt>
<dd>
Expand Down Expand Up @@ -2645,7 +2645,7 @@ <h3 id="name-example-4">
<p id="appendix-A.4-2.2.1">Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.<a href="#appendix-A.4-2.2.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="appendix-A.4-3">The example also shows how the client establishes an OSCORE Security Context CTX_C_P with the proxy and CTX_C_S with the server, by using the key establishment protocol EDHOC <span>[<a href="#I-D.ietf-lake-edhoc" class="cite xref">I-D.ietf-lake-edhoc</a>]</span>.<a href="#appendix-A.4-3" class="pilcrow"></a></p>
<p id="appendix-A.4-3">The example also shows how the client establishes an OSCORE Security Context CTX_C_P with the proxy and CTX_C_S with the server, by using the key establishment protocol EDHOC <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span>.<a href="#appendix-A.4-3" class="pilcrow"></a></p>
<span id="name-use-of-oscore-between-client-s"></span><div id="fig-example-edhoc">
<figure id="figure-4">
<div id="appendix-A.4-4.1">
Expand Down Expand Up @@ -3112,8 +3112,8 @@ <h3 id="name-example-5">
<p id="appendix-A.5-2.2.1">Between the client and the proxy. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.<a href="#appendix-A.5-2.2.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="appendix-A.5-3">The example also shows how the client establishes an OSCORE Security Context CTX_C_P with the proxy and CTX_C_S with the server, by using the key establishment protocol EDHOC <span>[<a href="#I-D.ietf-lake-edhoc" class="cite xref">I-D.ietf-lake-edhoc</a>]</span>.<a href="#appendix-A.5-3" class="pilcrow"></a></p>
<p id="appendix-A.5-4">In particular, the client relies on the EDHOC + OSCORE request defined in <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span> and denoted as COMB_REQ, in order to transport the last EDHOC message_3 and the first OSCORE-protected application CoAP request combined together.<a href="#appendix-A.5-4" class="pilcrow"></a></p>
<p id="appendix-A.5-3">The example also shows how the client establishes an OSCORE Security Context CTX_C_P with the proxy and CTX_C_S with the server, by using the key establishment protocol EDHOC <span>[<a href="#RFC9528" class="cite xref">RFC9528</a>]</span>.<a href="#appendix-A.5-3" class="pilcrow"></a></p>
<p id="appendix-A.5-4">In particular, the client relies on the EDHOC + OSCORE request defined in <span>[<a href="#I-D.ietf-core-oscore-edhoc" class="cite xref">I-D.ietf-core-oscore-edhoc</a>]</span> and denoted as COMB_REQ, in order to transport the last EDHOC message_3 and the first OSCORE-protected application CoAP request combined together.<a href="#appendix-A.5-4" class="pilcrow"></a></p>
<span id="name-use-of-oscore-between-client-se"></span><div id="fig-example-edhoc-comb-req">
<figure id="figure-5">
<div id="appendix-A.5-5.1">
Expand Down
43 changes: 23 additions & 20 deletions draft-ietf-core-oscore-capable-proxies.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -538,8 +538,8 @@ Table of Contents
immediately previously applied for an OSCORE endpoint different
than X, when the sender endpoint is an origin endpoint.

- The EDHOC Option defined in [RFC9528], when the sender endpoint
is the EDHOC Initiator.
- The EDHOC Option defined in [I-D.ietf-core-oscore-edhoc], when
the sender endpoint is the EDHOC Initiator.

- The Request-Hash Option defined in
[I-D.amsuess-core-cachable-oscore], when X is not an origin
Expand Down Expand Up @@ -587,8 +587,8 @@ Table of Contents
immediately previously applied for an OSCORE endpoint different
than X, when the sender endpoint is not an origin endpoint.

- The EDHOC Option defined in [RFC9528], when the sender endpoint
is not the EDHOC Initiator.
- The EDHOC Option defined in [I-D.ietf-core-oscore-edhoc], when
the sender endpoint is not the EDHOC Initiator.

Appendix B provides an overview as a state diagram.

Expand Down Expand Up @@ -873,7 +873,7 @@ Table of Contents

* When using OSCORE, the establishment of the OSCORE Security
Context can rely on the authenticated key establishment protocol
EDHOC [I-D.ietf-lake-edhoc].
EDHOC [RFC9528].

Assuming that OSCORE has to be used both between the two origin
application endpoints as well as between the origin client and the
Expand All @@ -883,9 +883,9 @@ Table of Contents
Appendix A.4).

Furthermore, the additional use of the combined EDHOC + OSCORE
request defined in [RFC9528] is particularly beneficial in this
case (see the example in Appendix A.5), and especially when
relying on a long chain of proxies.
request defined in [I-D.ietf-core-oscore-edhoc] is particularly
beneficial in this case (see the example in Appendix A.5), and
especially when relying on a long chain of proxies.

* The use of Group OSCORE is expected to be limited between the
origin applications endpoints, e.g., between the origin client and
Expand Down Expand Up @@ -1149,20 +1149,23 @@ Table of Contents
<https://datatracker.ietf.org/doc/html/draft-ietf-core-
observe-multicast-notifications-08>.

[I-D.ietf-core-oscore-edhoc]
Palombini, F., Tiloca, M., Höglund, R., Hristozov, S., and
G. Selander, "Using Ephemeral Diffie-Hellman Over COSE
(EDHOC) with the Constrained Application Protocol (CoAP)
and Object Security for Constrained RESTful Environments
(OSCORE)", Work in Progress, Internet-Draft, draft-ietf-
core-oscore-edhoc-11, 9 April 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-core-
oscore-edhoc-11>.

[I-D.ietf-core-transport-indication]
Amsüss, C. and M. S. Lenders, "CoAP Transport Indication",
Work in Progress, Internet-Draft, draft-ietf-core-
transport-indication-05, 18 March 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-core-
transport-indication-05>.

[I-D.ietf-lake-edhoc]
Selander, G., Mattsson, J. P., and F. Palombini,
"Ephemeral Diffie-Hellman Over COSE (EDHOC)", Work in
Progress, Internet-Draft, draft-ietf-lake-edhoc-23, 22
January 2024, <https://datatracker.ietf.org/doc/html/
draft-ietf-lake-edhoc-23>.

[LwM2M-Core]
Open Mobile Alliance, "Lightweight Machine to Machine
Technical Specification - Core, Approved Version 1.2, OMA-
Expand Down Expand Up @@ -1566,7 +1569,7 @@ A.4. Example 4

The example also shows how the client establishes an OSCORE Security
Context CTX_C_P with the proxy and CTX_C_S with the server, by using
the key establishment protocol EDHOC [I-D.ietf-lake-edhoc].
the key establishment protocol EDHOC [RFC9528].

Client Proxy Server
| | |
Expand Down Expand Up @@ -1786,12 +1789,12 @@ A.5. Example 5

The example also shows how the client establishes an OSCORE Security
Context CTX_C_P with the proxy and CTX_C_S with the server, by using
the key establishment protocol EDHOC [I-D.ietf-lake-edhoc].
the key establishment protocol EDHOC [RFC9528].

In particular, the client relies on the EDHOC + OSCORE request
defined in [RFC9528] and denoted as COMB_REQ, in order to transport
the last EDHOC message_3 and the first OSCORE-protected application
CoAP request combined together.
defined in [I-D.ietf-core-oscore-edhoc] and denoted as COMB_REQ, in
order to transport the last EDHOC message_3 and the first OSCORE-
protected application CoAP request combined together.

Client Proxy Server
| | |
Expand Down

0 comments on commit 605cce3

Please sign in to comment.