IETF Logo Mail Archive

Re: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)

Göran Selander <goran.selander@ericsson.com> Fri, 03 July 2020 07:11 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BF13A0DBD for <ace@ietfa.amsl.com>; Fri, 3 Jul 2020 00:11:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmR1nMW9Cg-m for <ace@ietfa.amsl.com>; Fri, 3 Jul 2020 00:11:27 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2066.outbound.protection.outlook.com [40.107.20.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E9703A0DB4 for <ace@ietf.org>; Fri, 3 Jul 2020 00:11:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fCu58QC8wjHYXIUqtCW78fhkCL0PC97lOycpx5JchQ4cLX91XAvOFOU2CuzhUSPQAjDpM0dFCQrP68totKNEsOfFeboIyB+4sj2+IoBSLjvp6jZGEzc/r+nJFc9tWuzNGFnRSwELZqLDkWp/IGoo0vwtDRnKuFT6qe6XzFmOPDieOVHGFHawEDvM6omr4g1yj0mqDwH8iQ27lJdiXn4boZ4uQ+RScv+rF66Xd920zNIkcdJ8QaoPPNtfrrPHlXUxM0Fogo10wAht5MOToUu6VE534yaoXFO0yCYjTqkY2DEizQs421mL7CBrtRAUl8jfWbmRuQxsWmtKdUfe98zbBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s8qvGTfcBgMlPObUXEByi6xUzhgI2RaOCO8HTGPW6NE=; b=fCEPgo5ifrPkHwd64bSUd0sPRn427oExdRf+FMxmsrqTYsskAx6w3+nCGWbREKG4Z9R19+1+eTffFQ/1GLkQe/Zu88rIHChC+BuVOTq9M9YbMFCFNbb2OK4EvLcm+n9knQvRxAeYlQMWLllnee4Cths5Ur9KnH3SUnWQXHtgIdH1WAB/9z4Tcvz8lYlYAJ6hDuHJDs3sBjMfs5tA+JVWFDNo8LMAcr/Q33PlDsGqf1HED1bMGY0oXO/KdQ1B5IhnnqzmSgbHc9aJrua3Ygk1v4/yMpzCXM94b6qvIvm8PnOvMMohFLffLvawbaX6cwO/AaOeCY0Z3Hc8pxQrC0yIug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s8qvGTfcBgMlPObUXEByi6xUzhgI2RaOCO8HTGPW6NE=; b=mVd/SZ7bWPCrhMNqdAe+pa8talerwP0Ato+KyP3BxbymqUMCL1HcCT+wr/wIcxsRjh2VudEV32iPrCgCSNizQ4QOwrF50fThc9K639zDuF0K2KqiFgYN5Af4vSiTSkwVGUAG3w0G4jQufHdJEBiu+sdVhhlqZiman2vrAtYskAA=
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com (2603:10a6:208:1e::21) by AM0PR07MB6260.eurprd07.prod.outlook.com (2603:10a6:20b:15a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.10; Fri, 3 Jul 2020 07:11:25 +0000
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e]) by AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e%4]) with mapi id 15.20.3153.028; Fri, 3 Jul 2020 07:11:25 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)
Thread-Index: AQHWUQcOALKntCrXyUOckpzNX7iTSKj1kcsA
Date: Fri, 03 Jul 2020 07:11:24 +0000
Message-ID: <0402CE8F-001C-4333-8C64-662B1C13E6F0@ericsson.com>
References: <CADZyTknUKEazjkfQvC_r0_bzEvuYwHMTP1pF_-HYVL6y15_DUw@mail.gmail.com> <20200703065558.GA559393@hephaistos.amsuess.com>
In-Reply-To: <20200703065558.GA559393@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.251.145.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d12a6999-73a3-4e21-60aa-08d81f204c2d
x-ms-traffictypediagnostic: AM0PR07MB6260:
x-microsoft-antispam-prvs: <AM0PR07MB62606248755D27541EC19661F46A0@AM0PR07MB6260.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 045315E1EE
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: plTjQrj+w8pSIrTPVyW7G+x0wzcL2VzXPwr+vDR97QCg0nzvohkKHX9ExDeswv+PN/NWsBpubqbWVageCL7d2Jbj2S8SU/Fz8ES2CC9DQqatkhld1IKs2sGn2+IG/FQmSbMWqnocJjpB78z72huin4fDT+xIbb4uN5kEYfv4IF8I8xXIqFHuSJaVM6tKUbewiY9zeX+M2I0T0p/Fb0mRT4XeJO7DveUpNkPIf/sL5WSxnQCi3veAJbkkCn5+/6k1rdKVrtqcdFVBmfFTjLAEVUYCaom2nQvEW25GBrGCWyt734MAVMEa0aCg9k2bvE/TkobPCqW5K/nQvU5gsldPaQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3665.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(366004)(136003)(346002)(396003)(376002)(478600001)(33656002)(66556008)(186003)(5660300002)(66476007)(2616005)(83380400001)(91956017)(66574015)(76116006)(66946007)(6486002)(71200400001)(316002)(8676002)(8936002)(64756008)(85182001)(86362001)(6916009)(6506007)(6512007)(2906002)(66446008)(85202003)(26005)(36756003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: NOWnuMBTCiRkNzcXCrLCPTq23w8vD74WlIFCc/l3czlLfFEQtbZ7awrArlGZMOT1wl+BtQxNw/6i9j1rJOkysZBUyw6E15hMUyFPVXx7kMu9xK6q8qC3GslItPzm49Zo3oObeDXiDw7xDMEoz6xVeVzfWura78V8Jh6FjTlZu2o84TJYl2/tEMBgTObwsXBiRv6NXer2AfxR7QkGbzuRPkVVurv6AeGyw1GUoi3T/wzWW31CHJVUXzBLAzMbXidWWZJoUrnIbINw9YRonyMsiFhgBOW8oHOQ/wbrkHoKVH1OfEpJsWFViA79rOxZVTcWOzP4GG7ty7z/B33Et1+yKhQZwkqP3+/HyWIRZf8A0fXr/VdW7GDhzyJABRE+BVDD1xkNGwvIFSs1rtLD4jes/8d+qZ7KWjab5DrKr3xNttYk284XfTbUmBD4m9Hkx1JS0tFcZNY4/c34Ar9uePuA56q0mGj8Rb7zRFM2xxlfA0V6dsNI5zb/wYBqzYZhMnGv
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <794F979D03E0B6448F30E9596A63F47C@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3665.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d12a6999-73a3-4e21-60aa-08d81f204c2d
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2020 07:11:24.9922 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E+WpzNfWEblotD5ewiMMcBdcOT57CSQN5oATQdw/I76i+EtLKgC+YjO5UGpqV6+ddkn7CpXFISyEooBCRZEZNBwXqCnQcTmyWlVlHvW33y4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6260
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/7HxhLP7EP4boa0GEx9yoeJ5rRYw>
Subject: Re: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2020 07:11:29 -0000

>    I've read through draft-tiloca-ace-oscore-gm-admin. Its value is in that
>    it fixes a gap in the set of current drafts on the topic:

>    Without (something like) this, group deployment applications need
>    application specific group managers, and as the GM is not trivial to
>    implement, I'd expect that they would bundle the GM with their
>    on-at-deployment-time tools rather than ship a constrained and
>    well-specified always-on GM that's just managed by their deployment
>    tools -- leading to much more error prone deployments that can't
>    leverage OSCORE group communication in full.

+1 

I support adoption.

Göran



On 2020-07-03, 08:56, "Ace on behalf of Christian Amsüss" <ace-bounces@ietf.org on behalf of christian@amsuess.com> wrote:

    Hello ACE,

    I've read through draft-tiloca-ace-oscore-gm-admin. Its value is in that
    it fixes a gap in the set of current drafts on the topic:

    Without (something like) this, group deployment applications need
    application specific group managers, and as the GM is not trivial to
    implement, I'd expect that they would bundle the GM with their
    on-at-deployment-time tools rather than ship a constrained and
    well-specified always-on GM that's just managed by their deployment
    tools -- leading to much more error prone deployments that can't
    leverage OSCORE group communication in full.

    I don't quite see myself in a position to advocate adoption in this WG I
    haven't actively contributed to before, but I do support this document
    being processed somewhere in the IETF.

    Best regards
    Christian


    PS: Small by-catch issues for the authors:

    The pct-encoded names in the group name sound odd to me. What do those
    names have to do with URI components?

    The "is fixed" and "is a default name" terminology around resources is
    probably confusing to people who don't know ahead of time what it's
    supposed to mean; moreover, demanding that the URI be fixed is a pretty
    harsh requirement for something that may move around in the network;
    furthermore, while an I-D should avoid creating URI aliasing, it
    shouldn't rule out that the server may do that either. (And if it
    supports different transports, right now it needs to). Later in 2.5.3,
    it even sounds like the path is prescribed.

    Other than this being an ACE document, is there a particular reason
    "Getting Access to the Group Manager" is prescribed to use ACE? The
    whole 2.1 section sounds quite repetitive when read in the context of
    ACE, and unnecessary when different methods are employed. Maybe if there
    were talk about different admins and whether they may change each
    other's groups that'd be conveniently be expressed in terms of ACE
    scopes (not sure), but as of now it isn't.

    Why is "Update a Group Configuration" a PUT and not a PATCH? It does not
    replace the resource, it just modifies it.

    -- 
    To use raw power is to make yourself infinitely vulnerable to greater powers.
      -- Bene Gesserit axiom

v2.23.0 | Report a Bug | By Email