[Ace] Comments on draft-ietf-ace-key-groupcomm-02

Jim Schaad <ietf@augustcellars.com> Fri, 12 July 2019 16:52 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id CBCAE12026D; Fri, 12 Jul 2019 09:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id YyXcTvPUTplM; Fri, 12 Jul 2019 09:52:02 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FB5E1201E6; Fri, 12 Jul 2019 09:52:02 -0700 (PDT)
Received: from Jude ( by mail2.augustcellars.com ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 12 Jul 2019 09:51:55 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: <draft-ietf-ace-key-groupcomm@ietf.org>
CC: <ace@ietf.org>
Date: Fri, 12 Jul 2019 09:51:55 -0700
Message-ID: <006501d538d2$1e344f90$5a9ceeb0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdU3eNA6c9mofJxHSGiD+iIXzRM8LQ==
X-Originating-IP: []
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/6yqJzQm4u-MZYifhzyKhz5BAerQ>
Subject: [Ace] Comments on draft-ietf-ace-key-groupcomm-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 16:52:05 -0000

1.  Figure 2 is a bit odd in that the marker for the ACE framework appears
to be attached to the Dispatcher and not to the set of messages w/ the AS
and KDC.  One of the things you might want to consider is to move to the V3
xml2rfc language where you can do this is SVG and get a cleaner picture.
(Although this requires some changes on the datatracker and I am not sure
how fast they are coming in.)

2.  Section 3 - I am not sure that the last line of the second paragraph
matches what you are doing in this document.  I would expect that there is
either no content type of ace+cbor as a general rule.

3. Section 3.1 - I already noted this but I think you need to be able to
specify multiple elements in the scope.  Look at the scope definition in the
MQTT draft.  Additionally - is the default common to implement one or the
only one?

4. Section 3.3 - Is there going to be a method to get these values if I post
the token as part of a symmetric DTLS connection to the KDC?

5.  Section 4.1 - I don't like signing just the nonce from the KDC for
client_cred_verify - never sign something that you are not supplying some
data for or you have an oracle.

6.  Section 4.2 - I am wondering if you considered using 'cnf' to in all of
the places where you are passing keys around?

7.  Section 6 - The end of the first paragraph is confusing me.  I don't
understand the conditions and actions that are being documented here.

8.  I am trying to understand what the structure that this is placing on the
KDC is, at least in concept.   If you start with

KDC has resources
	/post tokens here
	/group id 1
	/group id 2
	/group id n 
So far I have no problems with this.  You next apparently have the
conceptual structure of
	/group id x
		/scope 1
		/scope 2
		/scope 3

Now the problem I have with this is that all of these scopes are going to
have the same group id and thus will have the same group keying context.  If
this is the case, then I am not sure that I fully understand why having
multiple scopes makes any sense.