Re: [Ace] WGLC for draft-ietf-ace-oscore-profile

Francesca Palombini <francesca.palombini@ericsson.com> Thu, 25 October 2018 11:46 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E26C130E3D for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 04:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.77
X-Spam-Level:
X-Spam-Status: No, score=-4.77 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Zdq/z5I6; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Wf66IKg+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cxSwIp81G6J for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 04:46:44 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB75C1286E3 for <ace@ietf.org>; Thu, 25 Oct 2018 04:46:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1540468001; x=1543060001; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=bHmH815DWauc4hS6ozbnA9xsY2caxrA/caW+htYaukI=; b=Zdq/z5I6NThOK2/EM95bTrTAiv7a22FDoVb40BaIzAH3LMbSrNMWbEA+25LyGcHe skC5tWUv0TnmQ0Cl6ukpiZfgu4TyXJo4gvre3GsJSp3qxU/h4AssSA3C16RrueWG q5vf+HncqmQZ8LKXISJzSVR/6jj3Y3Uc536+e3Q1uGI=;
X-AuditID: c1b4fb30-1ebff70000007d19-18-5bd1ad204222
Received: from ESESBMB504.ericsson.se (Unknown_Domain [153.88.183.117]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id F1.03.32025.02DA1DB5; Thu, 25 Oct 2018 13:46:41 +0200 (CEST)
Received: from ESESBMB502.ericsson.se (153.88.183.169) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 25 Oct 2018 13:46:40 +0200
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB502.ericsson.se (153.88.183.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 25 Oct 2018 13:46:40 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bHmH815DWauc4hS6ozbnA9xsY2caxrA/caW+htYaukI=; b=Wf66IKg+HJRwYUZrUhtW5iBSxXRQIjkbM/RKKcERdbK8y+tjWajmeuerxOqXXoEQuuDjet+Dp7u7wDhbP1uYrK8Aslna3jALuYBOaZP3Z1+it2LwawkwhP35IEzYm9CPp5kuA7ibcr9LELaPzqH4BvFcYuXpTexxIfMSptXFalw=
Received: from HE1PR0701MB2746.eurprd07.prod.outlook.com (10.168.188.140) by HE1PR0701MB2219.eurprd07.prod.outlook.com (10.168.36.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.14; Thu, 25 Oct 2018 11:46:39 +0000
Received: from HE1PR0701MB2746.eurprd07.prod.outlook.com ([fe80::c05a:fd61:6104:51e5]) by HE1PR0701MB2746.eurprd07.prod.outlook.com ([fe80::c05a:fd61:6104:51e5%6]) with mapi id 15.20.1273.019; Thu, 25 Oct 2018 11:46:39 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>, "draft-ietf-ace-oscore-profile@ietf.org" <draft-ietf-ace-oscore-profile@ietf.org>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] WGLC for draft-ietf-ace-oscore-profile
Thread-Index: AdRfTqcrNFwepW1pRaiIJNs5VwRdUAK7AUGAAIueqwA=
Date: Thu, 25 Oct 2018 11:46:39 +0000
Message-ID: <45F876B9-6BF8-448B-9EFF-28609FC8A805@ericsson.com>
References: <065a01d45f4e$b738ae60$25aa0b20$@augustcellars.com> <028c01d46a3a$ae1b9e40$0a52dac0$@augustcellars.com>
In-Reply-To: <028c01d46a3a$ae1b9e40$0a52dac0$@augustcellars.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
x-originating-ip: [217.31.165.122]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR0701MB2219; 6:/gzwH3bCJ/5BBeZ5ITvS3ilKvDIT+kOJRAfZK3L1mRiUd9SAxuEEpnBR837jb1Fmss2yGYchlangzWNPToRmPc4KQdSntMHUxqU/01o+/ir7i0GKlFnzPH97AKlhXQ7q5YCqCGkL0Tq9Uz1mIe3ZwJOihz0QvDr3CM5o7WVcXwRyyibZcAZ7IhOs483YazRtkgQedHnEUzsv4Kdn5ufCjm/rEcVBNl9wp8WHIzvf+F+EiqxX1v002/hcd5XRprh9fU62l+K452smg1jDRBoz+LPdbz6JGrIEgGxoFEr0jxSTlyjIvD+5BNmw6agSOuJZIrkhHAcjBK64kvrGHd5+0YqPVYEshfFLS4EldEBY6DV/Rf/d6H6a9TYvkyBff3Km+HJPHxLD6CQI3+OLMbh/aNiUlLzdFbIqNai9C2FhLHrGEmEt+uMP5iMMDTJ5QY4w1JpWOFCtScD3fZSt3D4N5g==; 5:u8bwu0xHtpPyMwbn/VxV9iyNdX53Y0lKpI1VoHXjpalmlXHWAsvupOdzwKkIMiRWvD5iaKkZiWSJLxd+ZdMU2TVIq0AfnUx2qYsWzzxJCppKj8aYdL4nRWSBoCE6DaqAJRHoLuyGUpfcRn080PTfTYnDja2XoeYjorApxj7i+/Q=; 7:vPwem7vt20eMOOU3I++6CsS4jTXgVY5HPltWw6Hcv9uRb8hXMgqDbjJcERZMJrQNKkRj20jUL1Dpm0Ye0hXKL5uwWOJT7nCpD6HkL6OGcsDrdachzdeQbpLG2XeMi1UoX295037s7bwB2+uanqHOXQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 34705049-accf-4b4e-59f6-08d63a6f86d7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:HE1PR0701MB2219;
x-ms-traffictypediagnostic: HE1PR0701MB2219:
x-microsoft-antispam-prvs: <HE1PR0701MB2219C1A4C28A8AB69BA3811998F70@HE1PR0701MB2219.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(158342451672863)(192374486261705)(788757137089);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231355)(944501410)(52105095)(148016)(149066)(150057)(6041310)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:HE1PR0701MB2219; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0701MB2219;
x-forefront-prvs: 083691450C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(346002)(396003)(39860400002)(366004)(199004)(189003)(51444003)(13464003)(82746002)(486006)(476003)(7736002)(2616005)(229853002)(5660300001)(966005)(2900100001)(105586002)(33656002)(106356001)(5250100002)(6506007)(86362001)(53546011)(2501003)(102836004)(305945005)(6512007)(6306002)(6246003)(26005)(53936002)(97736004)(446003)(11346002)(44832011)(256004)(14444005)(8676002)(99286004)(8936002)(81166006)(14454004)(3846002)(478600001)(81156014)(76176011)(345774005)(6486002)(4326008)(186003)(68736007)(6116002)(6436002)(2906002)(36756003)(25786009)(66066001)(71190400001)(71200400001)(316002)(110136005)(83716004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2219; H:HE1PR0701MB2746.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Y0HaS2+euAV0BpYT+hlVLgPsVaF3tB/wvnbazJwwS2WOfo5xhUaSCrsqqbd7nnHJcANlyZH2tEqwnmyesEIPCmTr325pvAOOUWMHIF2o6WijuiHr9pt0lIc0c/R5NWW/WrmeDAX/RTKczWQNuyulnc2jmCnzkvlYoxatzJTgX3haHcsiEAMfd8oZGyi1+9CfS7NGFhfvwGF2lAWkTa0BW5eQFdMjK1J1klifDVs4Yos0J2qf2lClEOfe7indMU1Tj6aL6a4V8gtzl2SaXszuvVA/TUKBeateMIjrRi/BxSpFj+27tgksnN9PU8mUjTFyqbkhKFAZxusQMcn46CuZhFn6jt1lIv/fHIig5Neqqoc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <83298B3490A2E345AF59CCF8CC9B98C3@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 34705049-accf-4b4e-59f6-08d63a6f86d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2018 11:46:39.6353 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2219
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEKsWRmVeSWpSXmKPExsUyM2J7qa7i2ovRBruNLb5/62G2eLqtg9li 9fTvbA7MHhvnTGfzWLLkJ1MAUxSXTUpqTmZZapG+XQJXxvY9AgXrjCuerlVsYGwx6mLk5JAQ MJE4/GshSxcjF4eQwFFGiWWrm9khnG9Azo2ZjBDOEiaJuwfuMoM4LAITmCV6fi9mhcjMYJLo 2XUGquwZo8T6f2vZQSazCdhIXHj4nhXEFhGok7j/fjMLiM0soCixbk4fE4gtLGApcfP6Y0aI GiuJRT0zWGDsHU0PweawCKhK3Dx8mg3E5hWwl7h9cwKYLSRQKnHj+QOw+ZwCDhJz/m0Fm8ko ICvxpXE1M8QucYlbT+YzQXwqILFkz3lmCFtU4uXjf6wQ9ckSV273sUPElSQu/VkIVSMrcWl+ N9hjEgI32CROXDvNCpHQlfgwdSpUka/E7bVLoBacZJT43ZTYxcgBZOtIzD+kARHOl5jd2gTV mi2x88t0NghbTmJV70OWCYxGs5CcOguom1lAU2L9Ln2IsIfEimvfWWZBQ25K90P2WeCQEJQ4 OfMJywJG1lWMosWpxUm56UZGeqlFmcnFxfl5enmpJZsYgSnl4JbfBjsYXz53PMQowMGoxMP7 eO7FaCHWxLLiytxDjBIczEoivM5xQCHelMTKqtSi/Pii0pzU4kOM0hwsSuK8Fn6bo4QE0hNL UrNTUwtSi2CyTBycUg2Mbtn1vLlrHCYsf5JeeuG932cx/6IdlroWHrl6VzT2VNQ592q9vR0U 2rbtkZO9qni4gFMof4/X0YZq0cD7zHJtGew3yj3cInPbf3JUqGVHpVyqKPpUvfiWStXkmP2X 6ivNNQzsrzIf3a0gxFO8e81Tsffea9p2LnHadmBO+RH1iPDkQzerXymxFGckGmoxFxUnAgCq ok0tJQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/7SqU4nUs1EhXo96iC6b9j10-hmA>
Subject: Re: [Ace] WGLC for draft-ietf-ace-oscore-profile
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 11:46:46 -0000

Hi Jim,

Thank you for your review comments. We agree with all your points, and have opened issues: https://github.com/ace-wg/ace-oscore-profile/issues to get this fixed.

Inline some detailed answer.

Thanks,
Francesca

´╗┐On 22/10/2018, 21:09, "Jim Schaad" <ietf@augustcellars.com>; wrote:

    * Section 1 - I understand the reasoning behind having the server send back
    a nonce, although it would be good to have a description someplace about why
    this is being done.  (I would also make it optional as not all RS need to do
    this.)  I do not understand the reasoning behind having the client send a
    nonce to the server.

FP: The motivation for the nonce construction was in the security considerations, but I agree that having it in the Protocol Overview makes sense, so I opened an issue to fix that. The reason behind having the client create a nonce is that we are protecting against an attacker replaying an old RS message (containing an old nonce), which would provoke the creation of an old security context on the Client, and reuse of keys and nonces for a different (new) message.
    
    * Section 3.1 - This is more general than the section, but you should not
    use the URI path in the text, instead you should be using the name that is
    in the authz document.

FP: Agreed, issue opened to fix this.
    
    * Section 3.2 - Does it really make sense to use 'COSE_Key' to transport the
    key data?  Would a different field name be better?

FP: This was brought up several times, so we will make this change now.
    
    * Section 3.2 - Please provide a justification for the requirement that the
    ids must be unique over the set of all clients and RS.   I can see that the
    client ids need to be unique on a single RS and RS ids need to be unique for
    any given client but not the broader statement.

FP: You are right, this requirement is too wide. We will replace with your suggestion.
    
    * Please add an explicit section on when a RS and a client should discard
    the security context.

FP: Ok we will add this. As mentioned in the issue, I have now only this 3 cases in mind: Partial IV space ends (either C or RS); the kid context on the RS side does not match with N1 (RS); C receives a number of Unauthorized (C), although that is a consideration/recommendations, details would be application specific. Do you see any other case relevant for this section?
    
    * Section 6 - Ok I'll bite  - how does not echoing the nonce allow for a
    man-in-the-middle attack given that the salt and shared secret are still
    going to be known only to the C and RS and not to the MITM.  I can see a DOS
    attack being made, but that can be done even without this just by causing
    the response to never be delivered.

FP: Ok so our mistake here is to use the term MitM, so to solve this we will replace with "on-path attacker". The following sentence should be correct with that fix "Moreover, the client echoes the nonce created by the RS, which verifies it before deriving the Security Context, and this protects against an adversary acting as an on path attacker and substituting the nonce in transit from client to RS to provoke the creation of different Security Contexts in the client and RS." Yes this is a DOS, but could also lead to reuse of keys and nonces, as mentioned before.
    
    * Appendix - I am not sure that I think that the EDHOC profile should be in
    this document as oppose to being in it's own document.  The fact that we
    have not even tried to get this to work in any of the interop tests means
    that I am less sure that it is well baked.

FP: Agreed, we will remove this from this document and move it to its own document
    
    Jim
    
    
    > -----Original Message-----
    > From: Ace <ace-bounces@ietf.org>; On Behalf Of Jim Schaad
    > Sent: Monday, October 8, 2018 2:35 PM
    > To: ace@ietf.org
    > Subject: [Ace] WGLC for draft-ietf-ace-oscore-profile
    > 
    > The chairs believe that the set of documents dealing with the OAuth
    > framework for constrained environments is nearing the point that we should
    > be able to advance it to the IESG for publication.   We therefore want to
    > have a full list of issues that need to be dealt with at the Bangkok
    > meeting.
    > 
    > This starts a 2 week WGLC for draft-ietf-ace-oscore-profile
    > 
    > We know that the following issues are outstanding:
    > 
    > draft-ietf-ace-oscore-profile:
    > *  No current known issues
    > 
    > 
    > Jim & Roman
    > 
    > 
    > _______________________________________________
    > Ace mailing list
    > Ace@ietf.org
    > https://www.ietf.org/mailman/listinfo/ace