Re: [cf-dev] Californium/Scandium; Server side sending "ClientHello"

[Simon Bernard <contact@xxxxxxxxxxxxxxx>]

If you have dynamic IP addresses, you could not send the HelloRequest 
too. The only solution, I see for now, is that the client should use 
resume session at DTLS level and update registration at LwM2m level  to 
update the IP.
(But maybe there is use cases that make sense to specify a role at DTLS 
level and so restrict Handshakers available for a DTLSConnector)

Le 02/10/2015 14:04, Kraus Achim (INST/ESY4) a écrit :
> Hi,
>
> > About the PSK issue, If the server try to talk to a client, there should know that client and so it know which Identity is must used.
> > (In Scandium, there is a String getIdentity(InetSocketAddress inetAddress) on PSKStore to help to do that)
> > About the Exchanging role, if you use DTLS to secure a pur CoAP connection in a more peer to peer way,
> > you are in the case there is not really an Applicative Server and an Application Client. "Client" just means "initiate the connection".
> The "IP to identity" mapping may be unreliable for dynamic IP addresses.
> In my opinion, having "roles" therefore helps to make the PSK handshake reliable.
> So we will see, how robust "PSK without roles" will work in the "real live".
>
> Mit freundlichen Grüßen / Best regards
>
> Achim Kraus
>
> Bosch Software Innovations GmbH
> Communications (INST/ESY4)
> Stuttgarter Straße 130
> 71332 Waiblingen
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> achim.kraus@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach; Michael Hahn
>
>
> Von: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx] Im Auftrag von Simon Bernard
> Gesendet: Freitag, 2. Oktober 2015 12:54
> An: cf-dev@xxxxxxxxxxx
> Betreff: Re: [cf-dev] Californium/Scandium; Server side sending "ClientHello"
>
> Sorry Achim, I don't give you the right commit link :/, this is fixed in this commit 55d9d668e99789f7864a0379f821f1c42734055c which will be integrated in master as soon as we get a new californium release.
>
> About the HelloRequest and renegociation, Maybe I missunderstand the spec but :
>
> https://tools.ietf.org/html/rfc5246#section-7.4.1.1 :
> "HelloRequest is a simple notification that the client should begin the negotiation process anew."
> https://tools.ietf.org/html/rfc5246#section-7.4.1.2 :
> " When a client first connects to a server, it is required to send the ClientHello as its first message.  The client can also send a ClientHello in response to a HelloRequest or on its own initiative in order to renegotiate the security parameters in an existing connection."
> About the PSK issue, If the server try to talk to a client, there should know that client and so it know which Identity is must used. (In Scandium, there is a String getIdentity(InetSocketAddress inetAddress) on PSKStore to help to do that)
>
> About the Exchanging role, if you use DTLS to secure a pur CoAP connection in a more peer to peer way, you are in the case there is not really an Applicative Server and an Application Client. "Client" just means "initiate the connection".
>
> Le 02/10/2015 09:39, Kraus Achim (INST/ESY4) a écrit :
> Hi,
>
>    Since commit 7a1473683d544c41b7ab2374b21e9748c8d7d49f, Leshan should not send CLOSE_NOTIFY on deregistration.
>
> Mystic to me. As far as I know, "deregister" is not handled in the "handlePOST", which was changed by that commit,
> it's handled in " handleDELETE" where the close() is still called.
> So, how did you test your statement above, that Leshan doesn't send CLOSE_NOTIFY on deregister?
> But by the way "close()" is discussed in bug #478535, may be the information should be better reported there.
>
> In this case the Leshan Server will be the Client at DTLS meaning and so send a ClientHello. (This is not a renegotiation)
>
> Exchanging the roles in the handshake is on my opinion still wrong (and dangerous), at least for PSK (see arguments below in my first message).
> I could not find any evidence, that exchange the handshake role is intended and reliable behavior. So, if you have some information how DTLS
> handshake would work reliable with exchanged roles, it would be great, if you can share this.
>
> According TLS, RFC 5246
>
> "7.4.1.1. Hello Request
> When this message will be sent:
> The HelloRequest message MAY be sent by the server at any time."
>
> a "Hello Request" could be used "at any time", so I don't see that it must be a "renegotiation" (if you ment that).
>
>
> Mit freundlichen Grüßen / Best regards
>
> Achim Kraus
>
> Bosch Software Innovations GmbH
> Communications (INST/ESY4)
> Stuttgarter Straße 130
> 71332 Waiblingen
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> achim.kraus@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach; Michael Hahn
>
>
> Von: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx] Im Auftrag von Simon Bernard
> Gesendet: Donnerstag, 1. Oktober 2015 18:39
> An: Californium (Cf) developer discussions
> Betreff: Re: [cf-dev] Californium/Scandium; Server side sending "ClientHello"
>
> Hi,
>    Since commit 7a1473683d544c41b7ab2374b21e9748c8d7d49f, Leshan should not send CLOSE_NOTIFY on deregistration.
>    About the "HelloRequest", as I understand the spec this should be used by the server to ask for a new renegotiation(also called "rehandshake") in an existing connection.
>    (see https://tools.ietf.org/html/rfc5246#section-7.4.1.1 and https://tools.ietf.org/html/rfc5246#section-7.4.1.2)
>    In your case, the CLOSE_NOTIFY close the DTLS connection, then the Leshan server want to respond to the Leshan client, but as there is no connection, the Leshan Server will initiate a new handshake for a new connection. In this case the Leshan Server will be the Client at DTLS meaning and so send a ClientHello. (This is not a renegotiation)
> Simon
> Le 25/09/2015 17:12, Kraus Achim (INST/ESY4) a écrit :
> Hi All,
>
> I'm not sure, if my observation is a "feature" or "bug", so I just report it (and didn't use the "bug-report"):
> Setup:
> Leshan Client using DTLS/PSK
> Leshan Server
> Both using Californium/Scandium.
>
> When the lwm2m-client deregisters (lwm2m operation), the lwm2m-server response with a message and then closes the dtls session.
> Sometimes this is executed by scandium in reverse order, because the message is sent "async via a queue" but the close is executed "sync".
> If the execution is reversed, the server tries to send the response message without a DTLSSession and therefore starts a new handshake
> with a "ClientHello" (see log below). But in my opinion, this is wrong. The server should send a "HelloRequest".
> RFC 6347, page 23, says
> "When the server desires a rehandshake, it transitions from the
> FINISHED state to the PREPARING state to transmit the HelloRequest.
> When the client receives a HelloRequest, it transitions from FINISHED
> to PREPARING to transmit the ClientHello."
>
> May be this doesn't clearly cover the situation above, but when the server sends a "ClientHello", the roles in the PSK
> Handshake are exchanged. Therefore the server (now the handshake client) have to guess the "PSK identity" using the ip-address.
> Using the "HelloRequest" will preserve the roles and therefore the handshake would run as "usual".
>
> Mit freundlichen Grüßen / Best regards
>
> Achim Kraus
>
> Bosch Software Innovations GmbH
> Communications (INST/ESY4)
> Stuttgarter Straße 130
> 71332 Waiblingen
> GERMANY
> www.bosch-si.de
> www.blog.bosch-si.com
>
> achim.kraus@xxxxxxxxxxxx
>
> Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
> Executives: Dr.-Ing. Rainer Kallenbach; Michael Hahn
>
> ######################################## wireshark log ###############################################################
> (client sends deregister)
> No.     Time           Source                Destination           Protocol Length Info
>       88 13.647679000   192.168.10.111        192.168.10.103        DTLSv1.2 93     Application Data
> (server close)
> No.     Time           Source                Destination           Protocol Length Info
>       89 13.692304000   192.168.10.103        192.168.10.111        DTLSv1.2 73     Encrypted Alert
> (server send "Client Hello", PSK handshake roles exchanged!)
> No.     Time           Source                Destination           Protocol Length Info
>       90 13.747024000   192.168.10.103        192.168.10.111        DTLSv1.2 147    Client Hello
>
> No.     Time           Source                Destination           Protocol Length Info
>       91 13.758528000   192.168.10.111        192.168.10.103        DTLSv1.2 102    Hello Verify Request
>
> _______________________________________________
> cf-dev mailing list
> cf-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/cf-dev
>
> _______________________________________________
> cf-dev mailing list
> cf-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/cf-dev
>
> _______________________________________________
> cf-dev mailing list
> cf-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/cf-dev