[Ace] Comments on draft-ietf-ace-pubsub-profile-00
Marco Tiloca <marco.tiloca@ri.se> Fri, 10 January 2020 15:33 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29BB912009E for <ace@ietfa.amsl.com>; Fri, 10 Jan 2020 07:33:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GD0DIEJ5UAl5 for <ace@ietfa.amsl.com>; Fri, 10 Jan 2020 07:33:02 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130051.outbound.protection.outlook.com [40.107.13.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA8D2120026 for <ace@ietf.org>; Fri, 10 Jan 2020 07:33:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ki6eNaWq6fNVACzLwH9iDST9diy2T7NAj/2vhioym0PjdfJDDppPlSgjrstiaSRoBHiYS2W39W/KrYdr1gKLq25ltHlBGkLc63oeD7TPJjxxAq1UoG5k/Xq/BOMXdkbw0bgVnsKjY0AiHQuU1A7M8IPDLQYSx6Ibj2sc4DkatsRERooVd6MdjOur/UlKQa1Et3672omvQcZ35fxx1GLvRRg/aSSYUYESofIVDukWfDU2nJK/7VKgk1tD7JCfqFutMnmPQlEmtN0f6ouHx5vYvY/6aaepluJzJNGMzFo27noBrYziAW3eHmTUI1/2NaYKv05VRZRKXHJAvvK1XOnFuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UHZiDNSWdAVnu4uOoGOGkWIzRW40tzc5XLAplxgIBuo=; b=na75+/spqKoZBXVOwurwel5vVZULjADqvuc7Wpa35/D1BZj+nF2+K/lWAEwj00yBnVe2NF7pZ5sN8gKLBhltCgw+pp7fY46djtF9RbqVUdYyV6T5xtMXokHdhu+ReeQqlXTFiONv+or9XdDs7VpTUVx0OTAmTHeB4h1HAmlfk+dRu9Aha2uhx1qY81TjF7cru1TONRFs6P+ix0PP/H6dNWaJuRkHpb3pGZWfmT/kTx+wIojnC9bS/Wh/t61SDoMg14AkD8srxgcp6jMbRwf7PoFR35mpsvBHtVVJFEJRsfd+dNLsqoocsZb+MsnpsQGl5kPFT2ZyZ46fbzPuxtKd5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UHZiDNSWdAVnu4uOoGOGkWIzRW40tzc5XLAplxgIBuo=; b=dPFmvq17lQfxABuijWTCI0nryDj8gwoeIybKbFitOfyuR9Aog3aJrHk5yvRtLvhlM3ioXN+S/uqtEV5hrMihrUJkVSXD6ewntfp59E2mLj2ycbzCNYY61+/GOz9/dcrtzeUafs2ghm+asddhf7mpMMULtDKUBEu4JXGYR+IPZYU=
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (10.165.195.159) by VI1P189MB0415.EURP189.PROD.OUTLOOK.COM (10.165.190.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.12; Fri, 10 Jan 2020 15:32:58 +0000
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::3485:ce83:891b:469]) by VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::3485:ce83:891b:469%4]) with mapi id 15.20.2623.013; Fri, 10 Jan 2020 15:32:58 +0000
Received: from [10.8.1.17] (37.120.141.36) by AM0PR0102CA0035.eurprd01.prod.exchangelabs.com (2603:10a6:208:14::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.8 via Frontend Transport; Fri, 10 Jan 2020 15:32:58 +0000
From: Marco Tiloca <marco.tiloca@ri.se>
To: Ace Wg <ace@ietf.org>
Thread-Topic: Comments on draft-ietf-ace-pubsub-profile-00
Thread-Index: AQHVx8s8hSnXuthea0qcDZSa3WhTDA==
Date: Fri, 10 Jan 2020 15:32:58 +0000
Message-ID: <372a4f53-9e7e-008c-ce70-5e97ace4f953@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR0102CA0035.eurprd01.prod.exchangelabs.com (2603:10a6:208:14::48) To VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=marco.tiloca@ri.se;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [37.120.141.36]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f0ea6924-f5fb-4580-f680-08d795e25eef
x-ms-traffictypediagnostic: VI1P189MB0415:
x-microsoft-antispam-prvs: <VI1P189MB041556FD805EFC864B1C195199380@VI1P189MB0415.EURP189.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02788FF38E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(346002)(136003)(366004)(396003)(189003)(199004)(44832011)(316002)(16576012)(36756003)(5660300002)(31686004)(8676002)(2616005)(66476007)(86362001)(478600001)(81166006)(31696002)(66616009)(66556008)(956004)(66946007)(66446008)(8936002)(64756008)(966005)(186003)(6486002)(66574012)(81156014)(16526019)(71200400001)(2906002)(26005)(52116002)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P189MB0415; H:VI1P189MB0398.EURP189.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ri.se does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: A52sESht6amatbyMAC8z0lGjXZY7UCvLQo6fZBY9nD+nCU4h33KTtzI5pVnSeJODrn2Ng9Y/n4woI8hOslTwfS93fDUNCaxDQuJqnucr1Xha+bwVqO25Bvkb2J4SvjD9SFWYH9rNlsqYPTcUaDTjCDtqpZUc7f0SMfIN4JounFl9yqIVrfP6kiHD7u/TRWX2lg4UaWj0TxJpEcikIvQk8HGr/fFIahFwYm7dsL5O2nvMzCAbXipKdo1ghv2ZxyW3zYcHkudzfDSFzQdiyUvqJgUqZIhUsujKq/d5R6m2xqkNvtCiAJWRm/tIzZN0M5vzpaCTI0m4KC8+B+dd9AOhxnil8r1vWs0Y4fxBhur/vpxskPB15mgrD8hXAzr8wZWUuzhSBjz/N4PupI4Z8JIZDQQeAqLOMfp9ybGVFBhuhcc15YiaoSTdZ9auL1hoOyBfmOYa+RmzsT0+b2uRut9BqOkm4jORmz/qu9h70dmbVicXiD6x03GFQqV2dlSog7BUdNGeRLlSa5Ax3F3w08mjUA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="05pb8WwI62siv49hNlEzhKh5lEUjZcTm6"
MIME-Version: 1.0
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: f0ea6924-f5fb-4580-f680-08d795e25eef
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jan 2020 15:32:58.6135 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sYSbkPkn1ZJmA3+Xz7fDW7fS60iENSrLNJRB4GdkQ7Er2THCqpKnpP4fCuJS2asdelwHZx6NQrSql1z5gJgBuA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P189MB0415
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/4zjxQtwMZ0jHQPSTL9-g56uI5O4>
Subject: [Ace] Comments on draft-ietf-ace-pubsub-profile-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 15:33:08 -0000
Hi, Please, see below a couple of comments and thoughts on this profile. 1. In Section 7, the second paragraph says "critical that only authorized Publishers can publish", i.e. it points at an authorization aspect. However, the sentence continues with opening for a purely symmetric key-based solution, in case source-authentication is not strictly needed and anonymity is desired. I suppose that this paragraph is actually intended to discuss the latter aspect, so it may be better to rephrase it to clarify its focus on source- vs. group- authentication, rather than on authorization to publish. That is, authorization to publish to that topic is still enforced in either case, by AS2 providing the topic-related symmetric key to the publisher. 2. The document needs to define how to construct the AEAD nonce used to protect/verify a published message. Unless only one publisher per topic is admitted, this seems to require to have also a Publisher ID to use for constructing the nonce. Publisher IDs would have to be unique under the same topic, which AS2 is in a position to ensure. A possible way to manage and distribute Publisher IDs can be: a) In the joining request payload (see Figure 5), the publisher provides its own public key in 'client_cred' but without a 'kid'. b) The joining response (see Figure 6) includes a new parameter, specifying a Publisher ID "PID" determined by AS2 and unique within that topic. This is similar to what is done in ace-key-groupcomm-oscore by the Group Manager upon a new member's joining. c) AS2 stores the publisher's public key, adding as its 'kid' field the "PID" from step (b). d) A subscriber learns the Publisher ID "PID", whenever retrieving the public key of that publisher from AS2. e) When publishing a message, the publisher includes its own Publisher ID "PID" received at step (b) above, in the 'kid' of the unprotected field of 'countersign' (see Figure 12). This should still be aligned to what described now in the draft, but entrusting AS2 to manage the 'kid' of public keys as Publisher IDs, so ensuring their uniquess within a topic. Then the actual nonce construction can possibly be along the lines of the one for (Group) OSCORE, see https://tools.ietf.org/html/rfc8613#section-5.2 Best, /Marco -- Marco Tiloca Ph.D., Senior Researcher RISE Research Institutes of Sweden Division ICT Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.ri.se
- [Ace] Comments on draft-ietf-ace-pubsub-profile-00 Marco Tiloca