Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-key-groupcomm-17: (with COMMENT)
Paul Wouters <paul.wouters@aiven.io> Thu, 11 January 2024 23:21 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD62BC14F6FC for <ace@ietfa.amsl.com>; Thu, 11 Jan 2024 15:21:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wX-Aru0r3V4K for <ace@ietfa.amsl.com>; Thu, 11 Jan 2024 15:21:48 -0800 (PST)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CE10C14F6FA for <ace@ietf.org>; Thu, 11 Jan 2024 15:21:48 -0800 (PST)
Received: by mail-lj1-x22f.google.com with SMTP id 38308e7fff4ca-2cd0c17e42bso66630401fa.0 for <ace@ietf.org>; Thu, 11 Jan 2024 15:21:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1705015306; x=1705620106; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1NYlcHI0DD78PZEZnYrikw8RRt2y3DTY1Fbit1lWhbU=; b=hOBOXvAlfGFNjEjerqMfpZ4yzHhhJZTVD6ZZuardDgWEQk8WuRFMzcsynV1396RFBy kQ3F/C3zDAEwlN+bFINesu8e5PYLhsjijtLkxx/T1EkDs1T95kfWUDiV2XjXAjBAOwUx 9KqOFGE2P88W8CBh0EeCfAkP41LGBh8ix0sV0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705015306; x=1705620106; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1NYlcHI0DD78PZEZnYrikw8RRt2y3DTY1Fbit1lWhbU=; b=CjBW2X6SO7/tMdXiQvUB3Su+Lhdgzh9DE0Sbw1zqXLx/h0P1Tm57mbsNGECCTjotJR mmBVWyl6nw6bU5WDqkaenimKQnOBQxOxxUn3VJ2/w1WQGiiKAUVmjSVr2Iy6FsmLrIbN tOsqg7lt6WutlTaAVKw7HNeMKqvJZ/FORMQR4QJlk/vzGPocPxCir9WWe8Ku7mV7GbqE qBaNvZ1BXko0mAMe8ychPXaFuZ8rOsbMiYqoHaGJAWJcGA5QJimlclASX+zDR4iUtv7n mJqeyy1H+YgpShsdpvIHtfXczqtKTlPzjXpXOpZbOsABp9sSBQ4Z6APc5Ii0XbFOIVTC y00g==
X-Gm-Message-State: AOJu0YwGbBH5826TS5t/PAMB8ANgVSyO+Frlf/DZJiTQ400mKTZJ5kzL DviVtji0B7vd+c+iPG4hAxzqL/SGIzzbGLHmRI63HcAGMFBU/g==
X-Google-Smtp-Source: AGHT+IFUHDWr4ZWVbSnksQ8dBnzFioy8gTqmNB+RSYCRGZGgFyHabwNtM9EfAg6ayY2QCv15AtJZ3miDj21CoXqOHjY=
X-Received: by 2002:a2e:3816:0:b0:2cc:769e:723d with SMTP id f22-20020a2e3816000000b002cc769e723dmr223261lja.87.1705015305751; Thu, 11 Jan 2024 15:21:45 -0800 (PST)
MIME-Version: 1.0
References: <170120586760.59520.5336988551693979686@ietfa.amsl.com> <a9eea308-e8f9-475a-a312-0bb865595684@ri.se> <CAM4esxS-MK809xAE0iohTfEPWYQ-9vuOrw7pBMJiWpe1ChoM9Q@mail.gmail.com>
In-Reply-To: <CAM4esxS-MK809xAE0iohTfEPWYQ-9vuOrw7pBMJiWpe1ChoM9Q@mail.gmail.com>
From: Paul Wouters <paul.wouters@aiven.io>
Date: Thu, 11 Jan 2024 18:21:34 -0500
Message-ID: <CAGL5yWY=4U-HD670dULVxBW+gTYNwxxLAS-PtANo-_Gyeq4Sbw@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Marco Tiloca <marco.tiloca@ri.se>, draft-ietf-ace-key-groupcomm@ietf.org, ace-chairs@ietf.org, ace@ietf.org, mglt.ietf@gmail.com, Francesca Palombini <francesca.palombini@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000a33460060eb3cf12"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/3NrXem-QEaBM5EaAWQll8muaIng>
Subject: Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-key-groupcomm-17: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2024 23:21:52 -0000
Marco, I am still waiting on that PR to appear in an updated draft before I can move the document further. Paul On Tue, Dec 19, 2023 at 8:14 PM Martin Duke <martin.h.duke@gmail.com> wrote: > LGTM > > > On Fri, Dec 15, 2023 at 9:19 AM Marco Tiloca <marco.tiloca@ri.se> wrote: > >> Hello Martin, >> >> Thanks a lot for your review! Please find in line below our detailed >> replies to your comments. >> >> A Github PR where we have addressed your comments is available at [PR]. >> >> Unless any concern is raised, we plan to soon merge this PR (and the >> other ones related to other received reviews), and to submit the result as >> version -18 of the document. >> >> Thanks, >> /Marco >> >> [PR] https://github.com/ace-wg/ace-key-groupcomm/pull/164 >> >> On 2023-11-28 22:11, Martin Duke via Datatracker wrote: >> >> Martin Duke has entered the following ballot position for >> draft-ietf-ace-key-groupcomm-17: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C1359a87ce9cd413ae9a308dbf0568b50%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638368026718160171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J16AYuoNBuMg4tBidZr9DvGOfnY97NBL6wrdFnjdo5o%3D&reserved=0 >> for more information about how to handle DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-key-groupcomm%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C1359a87ce9cd413ae9a308dbf0568b50%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638368026718168118%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HatfmpKO8zy%2Fqwc2sNS9wIBHOo6xd15YgpKXqcQWvdA%3D&reserved=0 >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks to Vidhi Goel for the TSVART review. >> >> (2) "If it consists of an explicit entity such as a pub-sub Broker or a message >> relayer, the Dispatcher is comparable to an untrusted on-path intermediary, and >> as such it is able to read the messages sent by Clients in the group." >> >> Is this accurate? Why does the Dispatcher need the group key to relay messages? >> >> >> >> ==>MT >> >> We have rephrased the following two paragraphs of Section 2 as follows. >> >> OLD >> > Dispatcher: entity through which the Clients communicate with the >> group, when sending a message intended to multiple group members. That is, >> the Dispatcher distributes such a one-to-many message to the group members >> as intended recipients. A single-recipient message intended to only one >> group member may be delivered by alternative means, with no assistance from >> the Dispatcher. >> >> NEW (emphasis mine) >> Dispatcher: entity through which the Clients communicate with the group >> when sending a message intended to multiple group members. That is, the >> Dispatcher distributes such a one-to-many message to the group members as >> intended recipients. **The Dispatcher does not have access to the group >> keying material**. A single-recipient message intended to only one group >> member may be delivered by alternative means, with no assistance from the >> Dispatcher. >> >> OLD >> > If it consists of an explicit entity such as a pub-sub Broker or a >> message relayer, the Dispatcher is comparable to an untrusted on-path >> intermediary, and as such it is able to read the messages sent by Clients >> in the group. >> >> NEW (emphasis mine) >> > If it consists of an explicit entity such as a pub-sub Broker or a >> message relayer, the Dispatcher is comparable to an untrusted on-path >> intermediary, and as such it is able to **see the messages sent by Clients >> in the group, but not to decrypt them and read their plain content**. >> >> <== >> >> (3.3) s/since it allows to ask/since it allows the client to ask >> >> >> ==>MT >> >> Yes, now fixed. >> >> <== >> >> >> -- >> Marco Tiloca >> Ph.D., Senior Researcher >> >> Phone: +46 (0)70 60 46 501 >> >> RISE Research Institutes of Sweden AB >> Box 1263 >> 164 29 Kista (Sweden) >> >> Division: Digital Systems >> Department: Computer Science >> Unit: Cybersecurity >> https://www.ri.se >> >>
- [Ace] Martin Duke's No Objection on draft-ietf-ac… Martin Duke via Datatracker
- Re: [Ace] Martin Duke's No Objection on draft-iet… Marco Tiloca
- Re: [Ace] Martin Duke's No Objection on draft-iet… Martin Duke
- Re: [Ace] Martin Duke's No Objection on draft-iet… Paul Wouters