Re: [Ace] FW: WGLC comments on draft-ietf-ace-dtls-authorize

Benjamin Kaduk <kaduk@mit.edu> Sun, 10 March 2019 17:10 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5CA51240D3; Sun, 10 Mar 2019 10:10:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQkGWUPrUiOD; Sun, 10 Mar 2019 10:09:59 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-eopbgr810113.outbound.protection.outlook.com [40.107.81.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1CA61277DE; Sun, 10 Mar 2019 10:09:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RnP2TkctTYOqr3EGZxVMxhneb+gBbUKSBUW3jUHAIxs=; b=emqEMvHyt9jm42tDzCIBqtGRqhb39nvxrx+XS9XyvvjPFSBDEVlOwO4W3H7Dz+90MZxESlvq41adNOYLRvybuIgUC0x6w62vaisdt//Xm5J+oCQX/GYkqbeLH953ydya/GoDBfM+xD5Sq8xK+ONWq9GtF5hcuzYCvTF6lm5aw/I=
Received: from SN6PR0102CA0001.prod.exchangelabs.com (2603:10b6:805:1::14) by MWHPR01MB2479.prod.exchangelabs.com (2603:10b6:300:3e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.18; Sun, 10 Mar 2019 17:09:57 +0000
Received: from BY2NAM03FT023.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::200) by SN6PR0102CA0001.outlook.office365.com (2603:10b6:805:1::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.18 via Frontend Transport; Sun, 10 Mar 2019 17:09:56 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by BY2NAM03FT023.mail.protection.outlook.com (10.152.84.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.19 via Frontend Transport; Sun, 10 Mar 2019 17:09:56 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2AH9qPI011756 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 10 Mar 2019 13:09:54 -0400
Date: Sun, 10 Mar 2019 12:09:52 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: =?iso-8859-1?Q?G=F6ran?= Selander <goran.selander@ericsson.com>
CC: Jim Schaad <ietf@augustcellars.com>, "draft-ietf-ace-dtls-authorize@ietf.org" <draft-ietf-ace-dtls-authorize@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Message-ID: <20190310170952.GB8182@kduck.mit.edu>
References: <029e01d46a3e$72bad330$58307990$@augustcellars.com> <87a7mnv7ls.fsf@tzi.org> <990DB036-3144-4729-8FB1-8E25E704E2DA@ericsson.com> <005401d4d162$9f0c9870$dd25c950$@augustcellars.com> <250DA6EB-8B59-42D1-877E-ABA1149100EB@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <250DA6EB-8B59-42D1-877E-ABA1149100EB@ericsson.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(39860400002)(376002)(346002)(136003)(2980300002)(13464003)(189003)(199004)(6246003)(8936002)(53416004)(50466002)(55016002)(126002)(86362001)(486006)(476003)(446003)(956004)(11346002)(7696005)(2486003)(14444005)(186003)(76176011)(47776003)(23676004)(426003)(26005)(246002)(106002)(2906002)(336012)(305945005)(8676002)(75432002)(478600001)(106466001)(26826003)(66574012)(1076003)(356004)(104016004)(5660300002)(93886005)(6916009)(4326008)(2870700001)(33656002)(88552002)(316002)(58126008)(54906003)(786003)(36906005)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR01MB2479; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b2900663-6149-4426-b00d-08d6a57b388b
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:MWHPR01MB2479;
X-MS-TrafficTypeDiagnostic: MWHPR01MB2479:
X-Microsoft-Exchange-Diagnostics: 1; MWHPR01MB2479; 20:9uHIk5HB/6lOkw900yMLtpMngzCwTS4jjZkB2wPezTGNCdOrMkgye3inc0t09KlCaIYUs/6ZVtvYjVviklZVdU+ObUwUi+z3XIbaCurolbY8JeByHoYvnPLfNGTOV57LQaczjkJHD/XmooMrqcsDWU3S5Qqgc5LpwLm5jamkWXbYTc8ThyWuPAFS5HqBdXgTtftOyIa0EPuadvDI6G+c/tWiMiClGXZ/xcvnHKcyjd1PDyqWff5fiwo3LmDQJEQKA9A+SouPhCvRw2oyRyCQioXqyoAh7PNutCROFl/ZKCZJDf6D+UzhdaM2I/usiJDfvM0wSOg0NUfcIziMH67mdVWbWNxORvXsQHamK+FjbY4hf5eL/G2HX0tLqP/CH6WULWA9VpcYcBUnHYBvrwP3dc/acfPRmZ2XmA2O2T46NsMLL5Kp4CVHXZbST/tPHk1wPLfCZp/b6fcIZBmOvwssiICrZP8ETtapS/bsh+VAyrSTIZY92tvC4j0Dm/DqI49pQZTLHtdyBk1PICNb7s3b3KyfTx4ayWFWWcRLRkDOez+IcvxgcoX3wM4k5IKi+haBxvn7rSUvNd+Jf8b4svmZvdVXUePV2K2k6pfp4v4f3g4=
X-Microsoft-Antispam-PRVS: <MWHPR01MB24798FDAF2B9C72141AA8C7DA04F0@MWHPR01MB2479.prod.exchangelabs.com>
X-Forefront-PRVS: 0972DEC1D9
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjAxTUIyNDc5OzIzOkdFNHFXYWU4MjlJemt3b1hNT3VtWnFQME14?= =?utf-8?B?ZmVMaGg4Slg5UGVJSTZPWHpjMk5jRzE3dzFNc1RMTENxcFZ3THJmTzUrK3dz?= =?utf-8?B?bmxwWlZEYmxPWU9FbVY3emJaRWtWbXZFdExhZXVtSFBkdnE4REpqeVEva1pv?= =?utf-8?B?WE9aN0hrLzMrS3FRYlRBdmRGT2NJektwSTRnN0Z4YXlmWXJvZWs4a2tNTW01?= =?utf-8?B?VDBLMUZzdlYxMS80MkZYdVNXQi83aXFPYndTeWRpczN1cFRuN3FnQ1JDN2JM?= =?utf-8?B?QUhjSWdyUWQwVW9DcGtOYTluMlZHMG56QWRoMDYxMzBnZHZneUFhcXZqWVUw?= =?utf-8?B?VzVJSFlKL2VMdXRWWFBzVU5WMzI5Zkc0TWlpVi9sYTdkTkp0VmZub1dEbmZY?= =?utf-8?B?SzBZaFF1RlRzVklpQ0RLM2E4ZVhyWms1QXFGeUkwSVRlWjV1aE1pSFJxN1VH?= =?utf-8?B?R0dBZW93TWpkVkRueVRSUVNreSs3RFR5akJ3SXYrWHNoaTBTUTFYL3NQNGJX?= =?utf-8?B?L0Niem1TanRhQXZ0UUpCSTNRVTFZWnBxcjRxOVRNSlJCTDEva1MzNTZhMmJh?= =?utf-8?B?U202dTQ0TGVTTGxxSTdVMHJ5MWlEVm9rR3FnQ1o3TU14anZxUlY4dTB2VGN3?= =?utf-8?B?a3Z6c2JQbnZESFYxV3E1TUNLbVNFMHV0QXdzUExjcWNKaHpkeTh5a0xhTk4x?= =?utf-8?B?Y3NWa3djdXp6dFEzR25WUFRqdzhIZEVRSzJsS1p1R3BLb0FNYVJWdTcwUXdn?= =?utf-8?B?VmRSTk9RRmJtbi91SkpURm9MZG1DZHVrL2x6NHA1bmRJRkg4bmFzZjAvSU9X?= =?utf-8?B?RDRLRzlnTkRxSmRPVE5nTWVLMVpySTBhQitIOVA0OGNJTkRxNmlIZjNxQVR5?= =?utf-8?B?bEkrU1VIN0Roc3VEQ1pSRUg4OEFFUElobU5TYjNLZnRHQ1E0ZE4wVnF6QkFX?= =?utf-8?B?YmdwcWlGV1Iwb3VXa0FLWXo1TjN0RU9PRjl5ZW9SUTdPZDRJOXNXTW5hT3l5?= =?utf-8?B?UkRxQmY5eGhaSkoyWjdMZWw3MVRJVWM0SFJoK2htdTM1cU9ZeHpQQ3lmdXF6?= =?utf-8?B?bnRlZHpGU2RxU29FWlNmbTBaODZ0RkR1aFF4NWtSUTlCVEpRS2VzTU9SRFdE?= =?utf-8?B?VDBnQUh4d1pFRUtIbG9iLzJiY1dyZUpLNHlzaG1DOVphSlRuSUpQaGptVTgy?= =?utf-8?B?d3JHZ1h2MGpQRXpGZ3A5MCtYeDBwZVNpRXk5S2xOcFAvWUxkUWMyb1ZON290?= =?utf-8?B?c1RYUUg1a0JYTVhESHgyS0N2azNwYXIvTmZpQVVzZ3VheGtiaUVIclh3bVVU?= =?utf-8?B?amM5cGRET056RFdiTkFJTlpMMGpBdkg1dkc3cWNaTEkxdzhTR3pidTRYakl1?= =?utf-8?B?aXlCd1NkTWlndVJ6UkdyMTd3Y0V6RkhFNjdrQWFCbVJhZWg2L1NaelNqalFL?= =?utf-8?B?QkdzaDlIZGltRE5JUDIxMVdNdk1sQWQxRW1EdnE3S3h4UnJ5cFFLSThKWXZN?= =?utf-8?B?WHYzc2V3WW42NVVGNHdsZGMxWk1ndEd5N1lzQ3NIUW5mQlJFYU5Xd0Nydm9w?= =?utf-8?B?dUhOUEZRMFM5cDRQS1ZhNmxxbG5TV2ZzcGU5dnp1R2NFODMyN1ppQnRVNTVM?= =?utf-8?B?azJudk9OR0JRQXhNY0VEalJ6VzhWSXViM3lKcGRvQW1NdVd5MmVtMy83aGJq?= =?utf-8?Q?3goddbr9eAedYYZ/do=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: fyJvhdHPQA3GfonPMK/mQOqjjtPTxAMsj/2d1SgUEMxxBvbJck8YB4oRcxVXBObVJM/Mk4ibc6dQ7FOhcILyrLLS24zW7MOjhTqDlOiHUj6jna0+R8+MNqlMYX5tXClBgUxp7H1HmZLIdpyc6m5HVckyJzYwYWHFTHQjPv8VxAVKJIYYfJMrJvIz26nQcson8/ryCC5NfxzHgCgSBeBxPt3o0lKH+2nTs2RAEIPLi7G0TAaumEOkiSqLYe5eo52GuKS1qi1d3KQQP4dKF8lQBJZ+e83QCTC6BspWsbuyhfn67IvZL9yWOJ5IniAzUAAG4wozSlXsA6HkliTDFYH1DDZwJzKpFiwl9/RLABr3ukzSmn5JmdI8vef/mfHQyXIpQtMvSs535RXPMABUNzTyBqSD71CrbNGf4Lwr9XGkzX4=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2019 17:09:56.3889 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b2900663-6149-4426-b00d-08d6a57b388b
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR01MB2479
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/E_Ami9CYpbx_AS_4FVPwas8rIn0>
Subject: Re: [Ace] FW: WGLC comments on draft-ietf-ace-dtls-authorize
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Mar 2019 17:10:01 -0000

On Fri, Mar 08, 2019 at 04:01:26PM +0000, Göran Selander wrote:
> 
> On 2019-03-03, 02:44, "Jim Schaad" <ietf@augustcellars.com> wrote:
> 
>     I am responding to the review below in regards to the most recent version -06.
>     
>     > -----Original Message-----
>     >     > Section 3.3 - Figure 4 - Where is the 'alg' parameter defined at that level?
>     > 
>     >     See next comment.
>     > 
>     > [GS]  alg parameter included
>     > 
>     >     > Section 3.3 - I am always bothered by the fact that PSK should really be
>     > PSS
>     >     > at this point.  The secret value is no longer a key and thus does not
>     >     > necessarily have a length.  There is also a problem of trying to decide
>     > what
>     >     > the length of this value would be based on the algorithm.  If the client
>     >     > offers TLS_PSK_WITH_AES_128_CCM_8 and
>     > TLS_PSK_WITH_AES_256_CCM_8  (I may
>     >     > have gotten these wrong but the intent should be understandable) then
>     > what
>     >     > length is the PSK supposed to be?
>     > 
>     >     I think what you are saying is that for the shared secret (k) in the
>     >     COSE_Key structure in Fig. 4, the AS needs to tell C what to do with
>     >     that shared secret? This was the intention of the alg parameter (which
>     >     has a not-so-useful value in this example).
>     
>     Some of what is done here makes sense and some of it makes no sense at all.
>     
>     Happy with the removal of the "alg" parameter in the root map.  
>     
>     Happy with the addition of the kid parameter in the COSE_Key object since this is required for doing DTLS w/o sending the token as the identifier.
>     
>     I have no idea what the algorithm is doing here?  This is not currently a COSE algorithm, it is a TLS algorithm and thus would not make a great deal of sense.  
> 
> GS: I admit this does not make sense, neither here nor in Fig. 6.
> 
> The terms of what the PSK length should be would be better covered by a statement along the lines of "When offering and/or accepting a TLS cryptographic suite, the length of the PSK should be at least as long as the symmetric encryption algorithms that are offered." This may already be pointed to in the TLS documents and thus can be referenced to rather than stated explicitly.

What would you do with a PSK that is longer than the input needed by the
symmetric algorithm in use?

-Ben

> GS: 
> 1. If the PSK is not uniformly random, the security level is not given by the length. I note in the ACE framework: "The AS generates a random symmetric PoP key." Perhaps we should add 'uniform' to this text?
> 
> 2. About the proposed text, how about making it into a consideration: "Note that the security level depends both of the length of PSK and the security of the TLS cipher suite and key exchange algorithm." I didn't find any text in TLS that I could reference.