Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

Mike Jones <Michael.Jones@microsoft.com> Tue, 03 July 2018 16:21 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2808613112F for <ace@ietfa.amsl.com>; Tue, 3 Jul 2018 09:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AqFpMwjn-pBL for <ace@ietfa.amsl.com>; Tue, 3 Jul 2018 09:21:04 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640094.outbound.protection.outlook.com [40.107.64.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47D131310C2 for <ace@ietf.org>; Tue, 3 Jul 2018 09:15:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wdvJor7LTZzslkc+fFrhup4BpFYWnWLKAhpXE2QgTww=; b=AXsKqCtU6MtuUQ8456zgxFv1dwXeYnxRI+oP+jmW5EnjVJyQHpSQp6HpXldEMDvkrT/O8SXu3xmOoqEYFshoFznRdHi6C9B8u7yH6CQZ07FE6LP5DSeoc4uoRqIBEO4uf7AOb82V/jdGQzt0xuUtrbRkcKdAI0FtBEdNZcQoxTo=
Received: from DM5PR00MB0293.namprd00.prod.outlook.com (52.132.128.34) by DM5PR00MB0293.namprd00.prod.outlook.com (52.132.128.34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.967.0; Tue, 3 Jul 2018 16:15:50 +0000
Received: from DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::4585:e342:2207:ca93]) by DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::4585:e342:2207:ca93%4]) with mapi id 15.20.0967.000; Tue, 3 Jul 2018 16:15:50 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ludwig Seitz <ludwig.seitz@ri.se>, 'ace' <ace@ietf.org>
Thread-Topic: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
Thread-Index: AQHUCmm+QBbDlvIEiEKYiqnkeWTVYaRsv4gggAGeToCAALQmgIADqRiAgAANlYCAAN+nAIAAEUqAgAIeFQCAAO96AIAGhVmAgAAAWICAAG5L8A==
Date: Tue, 3 Jul 2018 16:15:50 +0000
Message-ID: <DM5PR00MB0293BEE0B514964B7D9D2D4BF5420@DM5PR00MB0293.namprd00.prod.outlook.com>
References: <VI1PR0801MB2112C4D6D3CED7C15D9AE886FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com> <20180622204344.GP64617@kduck.kaduk.org> <MW2PR00MB02986BC1E87754046C8CDC6AF5750@MW2PR00MB0298.namprd00.prod.outlook.com> <20180623212956.GE99689@kduck.kaduk.org> <027401d40b93$6b73b470$425b1d50$@augustcellars.com> <VI1PR0801MB2112611C298A9E68AC9B2402FA490@VI1PR0801MB2112.eurprd08.prod.outlook.com> <00e701d40d6e$c09b3db0$41d1b910$@augustcellars.com> <CAOB_DJkX_gA8Yyv7sQZWWFSYMjShLgsArGuH2M1MQ6TxpQRZEQ@mail.gmail.com> <013301d40de7$39660220$ac320660$@augustcellars.com> <CAF2hCbagrxvd5Nd6t2R4=HRiXVSA+R4HMpD9gA_EqqoN67mQjQ@mail.gmail.com> <027e01d40f6e$01e326b0$05a97410$@augustcellars.com> <2bbc8011-ccac-b2ed-12cf-921ee6f3a672@ri.se> <ace8aa27-0020-910e-4a76-3a1610981dd4@ri.se>
In-Reply-To: <ace8aa27-0020-910e-4a76-3a1610981dd4@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.80.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR00MB0293; 6:mzevd6GUEaWxNsDa0yNkw1pRPHEU1SX69nom4mqBenjrTG2RxeYhThvaDJ/tjwRoy9Z3Ur2s8abecD7+DP8EuRZOlt2isEFLSljLeQRSIhUfgyUg5Wq48ojeXynxQgd7Y/0RluvciEFYOTsrswfQns/dHvjq/xDTuzGcTvGhboMemJpWDXUI3dXEOyDzgtjz820uo35RPeaf6uQOfPG5kkqdPgDAmsxtZvGHDdTz11XGudALs/HODpv7ZbN9VZnpHJP+81dqnQEAVrkh4QREUEh8XB0UcMBHBio1p6j3STSoQ+lbIPOVZkHFuc+h7vYS5FM3rLfEGAJh6rJUvQpG92PhJq1LQZw54J9tI34FPPUh0YHPjbB0+NmOwGYaQuLyjvQ/4JWtn+ZOsww626TpbskoX1Q4Kzs0TA2pN9A3P2sm/IwpA1rMgHzwe/RA2s7TGXLSURgVu+zvVeCqonLqSQ==; 5:yUDe8+ZI0J9OslKWDSm+lIO+24o8cK0dMNK0dGXGZ1yJgirIy3vstRInCXp8LVdEwar6wt2zFVcqFDsmoCwTMn8d3YKSge3gyRrrfH+QB1+XCxv4owD2iXXONDt4ZxlpecAbFlCCEi2grUXBWmZioSGH3YutkbVcDHjtBU0ILWs=; 7:y54qX+hGIFwchEfXAaK5PZ1b16AOaS/MDoo3OYTEs61PMzpklZEghWI1LfKw0DZ9J37IkTNGkje7k20hGMvAbd91HW4wDsxpZx8kCO3iKv899BZpPGhS+6vynGEXcjon/q685BZXMrwg085rYWXT9heeW42OGTc7cSMO6iXleR2m7jtdKYfctWzR+8E4JQXzJHAGRMoXkQzfEG91VMOaobCFOUw8mb6gvkatC+we2v2xXEIqm2nlnKcLv486cnvA
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 61e69393-30f4-43e7-0ce9-08d5e1003e3d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7193020); SRVR:DM5PR00MB0293;
x-ms-traffictypediagnostic: DM5PR00MB0293:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR00MB029326C3A8706D9E2989C284F5420@DM5PR00MB0293.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3002001)(10201501046)(93006095)(93001095)(3231280)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM5PR00MB0293; BCL:0; PCL:0; RULEID:; SRVR:DM5PR00MB0293;
x-forefront-prvs: 0722981D2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(366004)(136003)(346002)(376002)(199004)(189003)(13464003)(14454004)(229853002)(68736007)(25786009)(22452003)(486006)(14444005)(478600001)(10090500001)(7696005)(966005)(6246003)(76176011)(316002)(72206003)(74316002)(7736002)(6306002)(55016002)(5250100002)(305945005)(86362001)(6436002)(86612001)(2906002)(256004)(9686003)(26005)(8936002)(6116002)(3846002)(106356001)(2900100001)(186003)(110136005)(93886005)(66066001)(33656002)(8990500004)(5660300001)(97736004)(446003)(11346002)(6506007)(53546011)(105586002)(8676002)(81156014)(81166006)(10290500003)(102836004)(99286004)(53936002)(476003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0293; H:DM5PR00MB0293.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 5NYp/SyQId0Gj9h58m+A/cbKs9o9xNGVVRXP0lUWB6Ha5F6tmj9ojIxItto1eXy50oJR76F4+IqEjl/NDwT64QKnJzh7pMdToCfrErgcpE1ESBJJ15bBrIMYOwKVpG7j5PK9yzuAvMKuJydc4hNLrnisLPhLBc/GBQOyQ9Hf3bXK+7HPYhlFNjB4rVdsM0UVEhP63ebzPZ0nBb9nQT8lhWSKBk5ZMEGz7tvOBFWrLj0eluPAM3LZBYaooEtBT1dv+EODeJovylddGC8jOeptbi97+is+//cvoLSjfaKTrvNowaovWfgDLKbs8lvKKmjqZKmu9BWfqn+ygV731HnNfqcLhd40HywSTvK7FojN19M=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 61e69393-30f4-43e7-0ce9-08d5e1003e3d
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2018 16:15:50.1580 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0293
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Ikxkv91XdAs6MzAbADL8Js2ybiM>
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 16:21:20 -0000

Thanks, Ludwig.  Note that last paragraph of the new Operational Considerations section at https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-03#section-6 addresses this issue.  In particular, the last sentence of the section talks about the need to keep keys used in different contexts separate if there is otherwise any chance of confusion.

I'll also note that for the constrained environments that ACE is addressing, I expect that deployments with exactly one PoP key to be predominant use case.  In this use case, such confusion is impossible in the first place.

				-- Mike

-----Original Message-----
From: Ace <ace-bounces@ietf.org>; On Behalf Of Ludwig Seitz
Sent: Tuesday, July 3, 2018 2:33 AM
To: 'ace' <ace@ietf.org>;
Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

On 2018-07-03 11:31, Ludwig Seitz wrote:

> 
> 6. Client B gets 2 from AS bound via the cnf claim to KID="A"
> 
This should of course read:

Client B gets T2 from AS ...


/Ludwig

-- 
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace