[Ace] Comments on draft-ietf-ace-key-groupcomm-02
Jim Schaad <ietf@augustcellars.com> Fri, 12 July 2019 16:52 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBCAE12026D; Fri, 12 Jul 2019 09:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YyXcTvPUTplM; Fri, 12 Jul 2019 09:52:02 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FB5E1201E6; Fri, 12 Jul 2019 09:52:02 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 12 Jul 2019 09:51:55 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-ace-key-groupcomm@ietf.org
CC: ace@ietf.org
Date: Fri, 12 Jul 2019 09:51:55 -0700
Message-ID: <006501d538d2$1e344f90$5a9ceeb0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdU3eNA6c9mofJxHSGiD+iIXzRM8LQ==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/6yqJzQm4u-MZYifhzyKhz5BAerQ>
Subject: [Ace] Comments on draft-ietf-ace-key-groupcomm-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 16:52:05 -0000
1. Figure 2 is a bit odd in that the marker for the ACE framework appears to be attached to the Dispatcher and not to the set of messages w/ the AS and KDC. One of the things you might want to consider is to move to the V3 xml2rfc language where you can do this is SVG and get a cleaner picture. (Although this requires some changes on the datatracker and I am not sure how fast they are coming in.) 2. Section 3 - I am not sure that the last line of the second paragraph matches what you are doing in this document. I would expect that there is either no content type of ace+cbor as a general rule. 3. Section 3.1 - I already noted this but I think you need to be able to specify multiple elements in the scope. Look at the scope definition in the MQTT draft. Additionally - is the default common to implement one or the only one? 4. Section 3.3 - Is there going to be a method to get these values if I post the token as part of a symmetric DTLS connection to the KDC? 5. Section 4.1 - I don't like signing just the nonce from the KDC for client_cred_verify - never sign something that you are not supplying some data for or you have an oracle. 6. Section 4.2 - I am wondering if you considered using 'cnf' to in all of the places where you are passing keys around? 7. Section 6 - The end of the first paragraph is confusing me. I don't understand the conditions and actions that are being documented here. 8. I am trying to understand what the structure that this is placing on the KDC is, at least in concept. If you start with KDC has resources /post tokens here /group id 1 /group id 2 ... /group id n So far I have no problems with this. You next apparently have the conceptual structure of /group id x /scope 1 /scope 2 /scope 3 Now the problem I have with this is that all of these scopes are going to have the same group id and thus will have the same group keying context. If this is the case, then I am not sure that I fully understand why having multiple scopes makes any sense. Jim