[Ace] Review for draft-ietf-ace-key-groupcomm-03
Jim Schaad <ietf@augustcellars.com> Fri, 08 November 2019 01:33 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E13812004A; Thu, 7 Nov 2019 17:33:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fdiN_zD1bVza; Thu, 7 Nov 2019 17:33:21 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD14A120018; Thu, 7 Nov 2019 17:33:20 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 7 Nov 2019 17:33:14 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-ace-key-groupcomm@ietf.org
CC: ace@ietf.org
Date: Thu, 07 Nov 2019 17:33:12 -0800
Message-ID: <036f01d595d4$7daa8430$78ff8c90$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdWVtirQbQgNKFTfQpqJHRwtDOl7Qg==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Dcp_FwxpEddaKmkrHOG5G-qOODE>
Subject: [Ace] Review for draft-ietf-ace-key-groupcomm-03
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 01:33:24 -0000
This is a review based just on reading through the document. Comments based on trying to implement after some time. After reading this, you have started down the path of being RESTful, but you are definitely not there yet. You need to examine statements like "GET method is safe, meaning that applying it to a resource does not result in a state change of the resource". 1. In section 4 - The new format name is backwards - the "+cbor" goes on the end not the front. If you are defining a CBOR number/JSON name mapping that is unique for this then a new content type would be indicated. 2. In section 4.1.2.2: It I not clear to me why an unauthenticated version of this would be to return the group parameters, assuming that such are public. The assumption of public would come from the fact that it is returned from the POST of the token where it is returned. 3. In section 4.1 - I understand that "gid" in the paths is going to be a group specific identifier. It is not clear to me if "node" in the path is also going to be a per registered node or a single node. This may be left over from what I remember in Montreal. 4. In Section 4.1.2.1 - 'get_pub_keys' - This text appears to imply that the client knows a priori if the KDC is going to store the keys. It implies that if the KDC does not store them, then it might be considered an error to include this key. 5. In Section 4.1.2.1 - 'client_cred' - should this text be altered to reflect the concept of a monitoring node that would never respond? 6. In Section 4.1.2.1 - 'client_cred_verify' - where does N_S come from in the event that the token is used directly to validate in TLS rather than being posted. 7. In Section 4.1.2.1 - 'pub_keys_repos' - It is not clear to me if the URI includes some type of query parameter to map to the certificate rather than just being the URI of the repository itself. 8. In Section 4.1.2.1 - 'num' - Is this field ever allowed to be reset to zero by the KDC? 9. In Section 4.1.2.1 - 'kty' - I would suggest renaming this to 'gkty' to avoid confusion with the same field used for COSE and JOSE keys. 10. In Section 4.1.2.1 - 'mgt_key_material' - I think a better set of requirements is MUST say if it is used, if used then MUST be specified. 11. In section 4.1.3.1 - This seems to be better reflected as a FETCH rather than a POST operation. 12. In Section 4.1.3.1 - I don't understand the requirement for the 'get_pub_keys' value has to be non-empty. Is there any reason not to say that empty equals all? Alternatively it could be a return nothing answer but not an error. 13. In Section 4.1.6.1 - It is not clear how I am identifying the "client" to be removed. Can I do a third party removal? 14. In Section 4.1.6.2 - Is this supposed to return new keying material or the current keying material. 15. In Section 4.3 - I am not sure why I would be observing /ace-group/gid rather than /ace-group/gid/node in order to get updated keying material. I don't know that I would want to get all of the public keys when it rolls over. Alternatively, I would observer /ace-group/gid/ctx-num for the same purpose. 16. Section 4.4 - It seems odd to use GET for the purpose of renewing key material.