**Session Date/Time:** 02 Feb 2022 15:00

# [CORE](../wg/core.html)

## Summary

The CORE Working Group held an interim meeting to review the status of several key documents. Discussions focused on the ongoing review of `coreconf-yang-sid` (CORECONF), updates for `coreconf-href` and `cose-coral`, and a significant discussion on the newly submitted `coap-attacks` document. The chairs announced a cancellation and rescheduling of the upcoming interim meeting.

## Key Discussion Points

*   **CORECONF Document (`coreconf-yang-sid`) Status:**
    *   Ongoing discussion regarding the relationship between Yang SIDs and Yang names, specifically Rob Wilton's proposal to simplify this relationship.
    *   The simplification aims to ease translation for intermediate devices but might reduce some functionality. The extent of this functionality loss is unclear.
    *   The document's current text is seen as "weaseling around" mandates, and the proposed changes would simplify the rules. These changes do not affect the "on-the-wire" protocol but impact the operation of designated experts and software generating SIDs.
    *   Concerns were raised about the timeline for potential last call rerun or ISG review, given the proximity to the ISG changeover in March.
    *   Working group members were encouraged to review the mailing list discussion (initiated by Rob Wilton under a "yang catalogue" subject) and provide feedback.
*   **HREF and COSE_CORAL Status:**
    *   **HREF:** Implementation work is ongoing, with efforts focused on cleaning up test vectors and resolving minor issues. The aim is to decide which examples to include in the document within the next two weeks, with the full set of test vectors to be made available on GitHub.
    *   **COSE_CORAL:** No specific updates to report.
*   **COAP-ATTACKS Document:**
    *   John W. Nilsen presented the `coap-attacks` document, an informational companion to the `echo-request-tag` document (soon to be RFC 9105).
    *   The document covers security properties for CoAP (especially actuators), describes known theoretical attacks on CoAP (some mitigated by Echo Request), and details attacks *using* CoAP (Denial of Service, amplification).
    *   Recent updates (version 02.02) included: addressing most comments, adding text on freshness, replay protection, and sequence numbers, updating references to RFC 9105.
    *   **Critical change:** All normative text has been removed, making the document purely informational. Other corrections include OSCORE's replay protection (not TCP) and HTTPS miss-binding attacks.
    *   Discussion ensued regarding the document's path and urgency:
        *   The `echo-request-tag` document is in the RFC Editor Queue (awaiting Joram's approval for publication).
        *   John W. Nilsen proposed publishing `coap-attacks` soon as an informational document, citing that attacks are ongoing and the IETF needs to demonstrate seriousness. He suggested working group adoption as the next step.
        *   Kirsten outlined concerns about the lack of consensus on attack severity and mitigation value. He suggested separating "attacks *on* CoAP" from "attacks *using* CoAP," with the latter (DoS/amplification) requiring more in-depth research, potentially in a research group (e.g., `seccore`), to fully understand costs and efficacy of mitigations before definitive recommendations or a BCP.
        *   John W. Nilsen agreed that more research is needed for a BCP but reiterated the need for an immediate informational document, even if it initially only describes the attacks without detailed mitigation guidance.
    *   A poll of those present indicated support for splitting the document.
*   **IETF 113 Session Planning:**
    *   The Working Group plans to request one 2-hour session for IETF 113.

## Decisions and Action Items

*   **CORECONF Document:**
    *   Kirsten to generate a Pull Request (PR) with proposed changes to the `coreconf-yang-sid` document if no stronger input is received on the mailing list within the next couple of days. The PR will allow the working group to review the specific text changes.
*   **COAP-ATTACKS Document:**
    *   The authors will split the `coap-attacks` document into two separate documents: one addressing "attacks *on* CoAP" and another addressing "attacks *using* CoAP" (DoS/amplification).
    *   The "attacks *on* CoAP" document will be put forward for Working Group adoption in the near future.
    *   The venue (WG or Research Group) and timeline for the "attacks *using* CoAP" document will be discussed further after the split.
*   **Next Interim Meeting:**
    *   The interim meeting scheduled for February 16th is cancelled due to chair unavailability.
    *   The interim meeting is rescheduled for **Thursday, February 24th, 15:00 UTC**.

## Next Steps

*   Working group members are encouraged to provide feedback on the `coreconf-yang-sid` discussion on the mailing list.
*   The authors of `coap-attacks` will proceed with splitting the document as decided.
*   The Working Group will hold its next interim meeting on February 24th, 15:00 UTC, and an additional interim on March 2nd.