On 2015-11-26 09:08, "Carsten Bormann" <cabo(_at_)tzi(_dot_)org> wrote:
Göran Selander wrote:
we should
not ignore these security issues in new standards.
Definitely, we shouldn't ignore these security issues when defining new
standards.
Now why is this a comment on the IETF last-call for an existing
specification?
I’m sorry if you find this comment coming a bit late. Let me expand on the
history.
As mentioned the object security work has been going on since a year
starting with CoAP. When turning to the other drafts in the CoAP suite, we
couldn't understand how blockwise works with proxies from the draft and
asked the question to the CORE list (June). The only answer we got was
actually wrong, in the sense that it gave the impression that this is not
a proxy operation that would be of any use - an indication that blockwise
proxy operations, although not invented yesterday, has not been well
understood.
It was not until the social event in Prague (July) where we learnt (in
private conversation) that this is not a corner case. In the mail
discussion that follow on the CoRE list I formulate this problem as a
question to you but I don’t get any answer (Sept. 2). In the CORE WG f2f
meeting in Yokohama I raised the issue with blockwise and proposed
solution in my presentation (Nov. 5), but there is no comment.
That is why this is a comment on the IETF last-call.
Göran