IETF Logo Mail Archive

Re: [Ace] Review of draft-ietf-ace-oscore-profile

John Mattsson <john.mattsson@ericsson.com> Wed, 09 September 2020 06:47 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1428A3A0FCD for <ace@ietfa.amsl.com>; Tue, 8 Sep 2020 23:47:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsU9LsEHGXCJ for <ace@ietfa.amsl.com>; Tue, 8 Sep 2020 23:47:49 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60075.outbound.protection.outlook.com [40.107.6.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E7753A0FC8 for <ace@ietf.org>; Tue, 8 Sep 2020 23:47:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VsaoyMLSvxOTvnphcamaQuj/JRDXA6LcziHSGObTXPBXY+PNDSfStDPDMePXAvrf5VpINlMLtKgQi3tnBZlEMjBYVQyf9twyI5uG+bjBcn9IzsOnQ/E0FWfgggM6Xuf3+7aPSE4oib1hHJ8btZCVnzCxWzliIyiit/oZ5f02fgFG9YJH5DqnAZdlf+20DTahT4hEU28PaRT7alvXcH9olyI0+mAs3ELlt78fddQgiISc1gqA/toyHluiV8TyLnns3kwcMzS1shVaCPxfCqaiwVGRp6EJIH/o5h36JovDL9KCv44mSmC4PCmbnGvmOrzQyL8lb/cgacRNTr4jC1TfZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9AwezQg5xQ1rJhJjzEtJjxck7pOEN48C3s2birSj1lc=; b=Em+BFxVtKWYNufNDEQvvxcN8nq7bsCYZ6xAO+g4inH7PEnlHQyuP9JV7r9pXHAkLDlad8mIDzBjwoHYZqcjCkRAmWgBReQE+miz1UvQBXm9o/j+qszEMmqJF3GIa2H5fu3717wyp+QeZE4uf/OVQG0qko2qmXWDIQkDKX10pSSCQo0dtnt08qi4eq2WqOv8Sf/4q0+7Z7IB8BxEzX/Lb0Z7+J6mLlEK7UEHUi5fm/xdieDRG1CHvf2fFUl1rcnjk0t1a/r8lsdPgFcphRUB6kwCbjWWG4rQNAsP4D/wRBs60z2CVsJhc1eQjgGe4VoPJ01mcSgPrvI4EY+ngP3x0Rg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9AwezQg5xQ1rJhJjzEtJjxck7pOEN48C3s2birSj1lc=; b=vAFYjC6a/3kOW/cZyOL0cm58m4bYuz5y0rQuXigEQtazUea4mdGVHMbBfRsoVoRIEkuLgKgQJdOScPrPkUuRA+YrZlIGIyrEFkT0uUGw+WFaIuL6DivFeq3U3vy25f5F6yePkB9yUCz3IGq1nXswscgvN4bkn/ouGmBr24FN6ZU=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM5PR0701MB2578.eurprd07.prod.outlook.com (2603:10a6:203:78::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.12; Wed, 9 Sep 2020 06:47:46 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb%2]) with mapi id 15.20.3370.015; Wed, 9 Sep 2020 06:47:46 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>, Göran Selander <goran.selander@ericsson.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Review of draft-ietf-ace-oscore-profile
Thread-Index: AQHWhShMyduFrr/T3UaeI46XZXQfLKlefb+AgACgeoCAAOM8gA==
Date: Wed, 09 Sep 2020 06:47:46 +0000
Message-ID: <DE5257A1-E67F-41F4-8670-AB113F9ACD08@ericsson.com>
References: <643557DA-9A7E-43BD-AA92-7CA84EC29B2F@ericsson.com> <96C963A3-6984-480D-AF2B-7E68946B8528@ericsson.com> <02d001d68614$4752e090$d5f8a1b0$@augustcellars.com>
In-Reply-To: <02d001d68614$4752e090$d5f8a1b0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: augustcellars.com; dkim=none (message not signed) header.d=none;augustcellars.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b44fe95a-933c-499b-8b2c-08d8548c42e5
x-ms-traffictypediagnostic: AM5PR0701MB2578:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM5PR0701MB2578AA5780C257FAB2CD798289260@AM5PR0701MB2578.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sbFkhfBkttQGgumpCmXLKRy+apSr+B5fqnM31X6Q9ejnf3x+hABl8oLPgtzA2vxMCsCIdsYkT0x/+DODt4gWpLqKhK2TzvBeoFxahg+T8adftHg6tPS5piG2EOkuyfdwpIlru0VLOxH24VgGN87FH4u4B5pmMU7EFI5zuo25TsRnfKhxvdVhkDwWbF0bTnRrj+1MJln4ketdpSUcqaAQwsfB/ozXGcAs2wDm9VeVUzjoevCHg8dP8TiJA2KZDVBRSZF3Y6Fn6p7KE0fVkK947bYIODy3L87dIj38Cy7BTEg/rJqYecy+SkFFpJ3vr/m+GeHtu3pVWrjIvfY8AhynKf6V+0sy0Wua2YrKJ0qI/BAsaU6cubaIhrFFPew3JEhDIXfo6f8tqbOF8F+QWKFAJA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(376002)(39860400002)(366004)(136003)(478600001)(26005)(66574015)(6506007)(966005)(316002)(83080400001)(36756003)(6486002)(83380400001)(110136005)(186003)(5660300002)(91956017)(76116006)(44832011)(2906002)(8676002)(8936002)(71200400001)(6512007)(53546011)(64756008)(66946007)(2616005)(33656002)(66446008)(66476007)(66556008)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: OeVkO8syEIVNApdN6Lu2pU6gmpuQXONrvWrgi1WvMfuPd6ktqqtTbFcVVjgAr3YFV6+TWpowkl/uM9jqF74daXyiTEJevisrDxM5MxiS7X4hr3gWOHsIp5O4NdDP7lDyUY7Lqn5pQe0c9+YtxxTvLcUL1jojoBXdPd2i6O9tmjw7OIS69fsKTv5wrJqcegRy96YQ4rpjmeT7cz/fP9CTn4wej851jJ4KKCEW064ruGZwFs3UaG2+d2zufIWE8a8T7IikOB9k+LDQB9DmRv7RxRbrm/ajM1hQViASPQyRPYny/HCRptNaNAxgSKCG7YILsO2jicDmixXaNcv/nYG2yG/Dy/lYy2OO5vOQ9aUhgWiLJKU8PH6dDf5ErsyPyz5DlDxrGu69cGYzjhY0qfAqJfgjU4ghPJXr7ytuvGeb+KdCZXdUR3/Ajs7hjYUGVjCUEje6MS81qLEoUgD1cuazdBaKKbnsxrz/W0CDMCiMEuWy8SuLCd+QRUKCLoglJtRlK3XU0iZGo1FnxIqGTcGAdrkmBvoStFTt5RfplvmzJD+ahR5UMZpmjJ1yWx9n4XiKGXmyCdlJapPcMAJuNFl+S2kLgObuUrkDEmKMv35HD6x12bss5lRhdOQYmYasWWYkx+t1dZfvmkoiRJ9DV8erLw==
Content-Type: text/plain; charset="utf-8"
Content-ID: <9DF374390E0E4442B84A3300A793FFDF@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b44fe95a-933c-499b-8b2c-08d8548c42e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2020 06:47:46.6779 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O5RcB8oi1uIZsyRP0vkytA5azXs1zb7DpfoOkUUv42+rcWasJtXGhScRTsEgj40rq/SYPIxKmr/EQ0mZ16hzsbR7a8bTyVDHB3T93oogc/4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2578
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/8B4hRs8KiayPdaeIdx_QtUSASOc>
Subject: Re: [Ace] Review of draft-ietf-ace-oscore-profile
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2020 06:47:52 -0000

The question in my view is if this draft should create collisions. All other drafts that have ever been discussed in the IETF takes efforts to not create any collisions in the first place

https://tools.ietf.org/html/draft-selander-lake-edhoc-01
https://tools.ietf.org/html/draft-mattsson-ace-tls-oscore-00
https://tools.ietf.org/html/draft-friel-tls-atls-04

All these assignment mechanism can be used together collision-free without ID Context and with minimal length Sender ID / Recipient ID. So I don’t think the statement that “Collisions are going to be a common problem across all of these different ways of getting OSCORE contexts established.” is correct.

Group OSCORE is a different story, there the assignment mechanism have to handle collisions with ID Contexts (unless the deployment is strictly local, e.g. when used only over a local radio technology). 

One option is that this draft recommends the use of an ID context and that a bis version of the draft makes the simple changes to not get collisions in the first place.

It would as you say have been very good if RFC 8613 discussed how to negotiate Sender ID / Recipient ID. If there is ever a bis version, this should definitly be added. 

John

-----Original Message-----
From: Jim Schaad <ietf@augustcellars.com>
Date: Tuesday, 8 September 2020 at 21:14
To: John Mattsson <john.mattsson@ericsson.com>, Göran Selander <goran.selander@ericsson.com>, "ace@ietf.org" <ace@ietf.org>
Subject: RE: [Ace] Review of draft-ietf-ace-oscore-profile

John,

I am wondering if this is really the document that should be dealing with this collision problem.   A number of the collisions that might occur are going to be out of the ACE scope and a more general discussion of the problem should probably occur in a BIS version of the CoRE OSCORE document itself.   Memory says that the document does not claim to deal with how names are assigned to contexts, but I think that having a centralized location that LAKE, ACE (AS, Groupcomm and pub-sub) and perhaps other methods that we don’t currently have in our radar.  Collisions are going to be a common problem across all of these different ways of getting OSCORE contexts established.

Jim


-----Original Message-----
From: Ace <ace-bounces@ietf.org> On Behalf Of John Mattsson
Sent: Tuesday, September 8, 2020 12:40 AM
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>; ace@ietf.org
Subject: Re: [Ace] Review of draft-ietf-ace-oscore-profile

Hi,

Just want to say that I don't have any strong opinions on how to proceed. I just wanted to point out the collision problems with the draft are more severe that the group have discussed. Ignoring collisions seems like a mistake, and to my understanding there seems to be no benefits of the AS dictating Sender and Recipient IDs.

I think Jim has a good point in that the solution with symmetric key authentication comes with a lot of limitations anyway.

/John 

-----Original Message-----
From: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
Date: Monday, 7 September 2020 at 17:05
To: John Mattsson <john.mattsson@ericsson.com>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] Review of draft-ietf-ace-oscore-profile

Hi,

Just want to acknowledge, as was discussed in the WG meeting today, that the major comment below is alternatively a possible -bis update. I think this is good functionality, and even though related problem statements have been discussed before, this solution has not. And although the change is small it comes at a late stage. But if it doesn't make it for this version then let's make it in an update soon. 

Göran


On 2020-09-05, 14:51, "Ace on behalf of John Mattsson" <ace-bounces@ietf.org on behalf of john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:

    Hi,

    I have reviewed the latest GitHub version of draft-ietf-ace-oscore-profile
    https://protect2.fireeye.com/v1/url?k=cd0dd5df-93bc0ebf-cd0d9544-86e2237f51fb-51fc8fb4bf065a0f&q=1&e=5ecc1a37-faa1-4082-857b-150aa2dc3b9a&u=https%3A%2F%2Face-wg.github.io%2Face-oscore-profile%2Fdraft-ietf-ace-oscore-profile.html

    In general this draft looks very good. I have one major comments, and several more minor comments.

    Major comment
    -------------------

    - Asignment of OSCORE Sender and Recipient IDs

    I think the specified mechanism where the AS dictates the OSCORE connection parameters is unfortunate. It introduces several current and future limitations. The current assignment mechanisms only works without problems in close systems where the RS does not have any other non-AS OSCORE connections, where the CoAP client and CoAP server roles are fixed and cannot be switched, and where only draft-ietf-ace-oscore-profile is used. In systems where the OSCORE nodes can switch between CoAP client and CoAP server (a feature explicitly supported by OSCORE) the current mechanism is likely to lead to RecipientID collisions. Also in future systems where the AS also supports a more modern key management with PFS using e.g. a future draft-ace-edhoc-oscore-profile, the mechanism would not work together in an efficient way. My understanding is that the authors would like the solution to work with both role switching and EDHOC.

    How to negotiate these type of connection identifiers (in this case OSCORE Sender and Recipient IDs) have been studied and specified several times in e.g. draft-selander-lake-edhoc, draft-ietf-tls-dtls-connection-id. A solution where each party choses its OSCORE recipient ID for the connection always work without collisions. Such a negotiation could quite easily be added to the roundtrip with the nonces N1 and N2. My feeling is that it would be worthwhile to do such a change. This would also require a new identifier for the OSCORE_Security_Context Object, either a new objectID or a hash of the object could be used. I think this would be a good change as the current "hack" of using the ACE client sender Id and and ID context to identify the object might lead to other future limitations.

    The suggested changes would lead quite equal message sizes and storage requirements, they might even lead to some small improvements.

    Minor comments
    -------------------

    - "server authentication"

    My understanding is that server authentication with this draft requires two additional things. That C trusts AS and that RS sends an OSCORE response back. The draft should point this out similarly to the way it points out that a OSCORE request is required for proof-of-possession. As C trust in AS, and RS sending an OSCORE response back are both optional, I would recommend to maybe remove "server authentication" from the abstract and intro.

    - "The nonces are encoded as CBOR bstr if CBOR is used, and as Base64 string if JSON is used"

    Would be good to define exactly how the Master salt is created when JSON is used. I.e. is the Base64 encoded strings used, or are the byte strings after Base64 decoding used.

    - "the authz-info endpoint is not a protected resource, so there is no cryptographic protection to this request."

    I do not think this follows from the OAuth ACE term “protected resource”. Most resources on the web are not protected resources, but use cryptographic protection (https:// HTTPS)

    - "An OSCORE_Security_Context is an object that represents part or all of an OSCORE Security Context"

    The object cannot represent all of an RFC 8613 OSCORE Security Context as sequence number, replay window, and Master salt are missing. I would also strongly recommend removing "context" from the name of the object so that it is not confused with an RFC 8613 context. Maybe OSCORE input keying material or something similar.

    - "CBOR type"

    The types listed are CDDL types. Should at least mention CDDL or change to actual CBOR types.

    - "Security Context identified by "kid""

    This message has two different "kid", one on the ACE level and one on the OSCORE level, would be good to clarify which "kid" this refers to.

    - "client" "server"

    I think the draft should have a sentence saying that the terms "client" "server" when used without specification refer to the ACE client C and the ACE resource server RS. There is another server in the ACE architecture, and on the CoAP level the nodes can switch roles.

    - "input salt"

    input salt is not defined when it is used in section 2.

    - "clientID", "serverID", "contextID"

    I am not fond of these new abbreviations for the OSCORE parameters for several reasons. The draft uses the term "clientID" for "ACE client sender ID" = "ACE resource server recipient ID", the term "serverID" for "ACE client recipient ID" = "ACE resource server sender ID", and the term "contextID" for "ID context". "clientID" and "contextID" is also together used as an identifier for the "OSCORE_Security_Context Object".

    The problems I have with these terms are that "client ID" and "serverID" give the impression that they are identifiers for the nodes C and RS, which they are not. In two-party OSCORE, the identifiers (senderID and recipientID) are not connected to any of the parties more than the other. In fact, a node needs to be in control of its recipient IDs but does not really need to care much about its sender IDs.

    - RFC 8613 Appendix B.2

    To me it does not seem clear if draft-ietf-ace-oscore-profile can be used together with the mechanism in Appendix B.2 of RFC 8613. The mechanism in Appendix B.2 leads to a new Context ID. Is it allowed to use that mechanism after using draft-ietf-ace-oscore-profile? In draft-ietf-ace-oscore-profile, the AS dictates a specific “ID Context”?

    Cheers,
    John

    _______________________________________________
    Ace mailing list
    Ace@ietf.org
    https://www.ietf.org/mailman/listinfo/ace


_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email