[Ace] comments on draft-ietf-ace-cmpv2-coap-transport-00

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Thu, 11 March 2021 15:04 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E200E3A1043 for <ace@ietfa.amsl.com>; Thu, 11 Mar 2021 07:04:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZaEwGT4K-RW for <ace@ietfa.amsl.com>; Thu, 11 Mar 2021 07:04:50 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBECA3A1042 for <ace@ietf.org>; Thu, 11 Mar 2021 07:04:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O7lE5J04d69S4CjWohYgzQTP3BdCXyAnFD0Ag5FZnLBZCQ0ZwT4Fyi718/rpB3WIayiMxzNGt11eNpYURi7SZG1Xqr9Q2xTVj0/CZcP2DwahkEhhZtvpG8yOfkMX2Cpbz+EXk+NoCTxv3X5ImMQGqRIycO/uuZTPHgxU6KFG5clOb/VJqH1k7GIS6BKOYtPCxHyltTfbFGHQRn1XXKziE+qXzDmeYJZwXNoQSNhXOSkNj1N0hmFZY+ytiP+PdVltO9t6z1P4HId/LAcUMD2AukEA4RDjoW2m251zPOpz9+JCxfMo+pbuur+v44Ro5Bnn8/6OnFOi90bcg9aBU3ChPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nRjScAtPU+rdo26HFt01JDkfLWP5mO+BQnWlqNSEKe8=; b=CX0DGPoXpjN2hUBnf9t8pDAMWGmowRDgpZ3yTG2Kw3h2+OH2R/w2tU7v8+EBvG8dSNTUDAmLNLaLXo1EoWjm0uY50tUMgq7QARooAhzXPWCs1+f2JqRvqDlMoHi9Nzlhu7nUt0zRl/Dw/S8wxrGXOvX3klnZzl3BVIMJgL9jepVvEmTbAvHfyd1ZgU+kqs4MarxMMZ9ZaDwTeECwXLOVnuQVIkWyoXQ3Zf9cfec+/XDhylJOaO/FU6vpB4yrqEsxFzQDe/6K1Rd1kas54uXii2GTpqeuAu4Acu91JqUCOcTyejoEc3WVmQGpSAR6WPtR1JwYbxbDX7sD3Ntz1Lqa1w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nRjScAtPU+rdo26HFt01JDkfLWP5mO+BQnWlqNSEKe8=; b=mCU3xKJtTIPmJFgb21SHluXSFWlOqG9qSCWBhA/xe6UdqkRppe0MBNWIyej9Rx+ohZmp76wNUbDaewdmuCyroHb2EkERJzbwMeM/Sv0t/Iz7AMPquT0KbS3pvl1iqtiwODIa9zfpdt3UkJb5xn8k8MaQNT47kd6HKolvUobNLd0=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:155::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Thu, 11 Mar 2021 15:04:47 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d199:e33a:ff08:75b1]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d199:e33a:ff08:75b1%3]) with mapi id 15.20.3912.029; Thu, 11 Mar 2021 15:04:47 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Mohit Sahni <mohit06jan@gmail.com>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: comments on draft-ietf-ace-cmpv2-coap-transport-00
Thread-Index: AdcWhJovuEFmS0jRRZSpGZO/HDKbLQ==
Date: Thu, 11 Mar 2021 15:04:47 +0000
Message-ID: <AM0PR10MB24183CFFD004B9ED23457B16FE909@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-11T15:04:46Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=98381989-c80d-4ab2-a253-eb108496def9; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.171.30]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c1cdd21d-7fbe-4bed-fc1c-08d8e49f034e
x-ms-traffictypediagnostic: AM0PR10MB3459:
x-microsoft-antispam-prvs: <AM0PR10MB34597ABB99E6BCA2CACAB736FE909@AM0PR10MB3459.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2AG9gxtcnpZzlrNJ7OhbV5agxgUGynEbRf0b/BFartL4miEf0OCJO/5wVBFxGIRNxUcfjIkSEg8tuR1PcvQPMMkm61d1H2+JA0pJvZpDsP6iyD/gZ3gdttZuoSV3Hq/3y2q6qmKCAiLge4f0bWFDqjXKX0kOcP/g19UeHlpK51cdu6tCD5vOSlOA098DOKlAJnvuTzDG2ZMHIi1WADHeXl9u5a3btCpc5irQOMX9unWRAvUYkwLkXsS8ORbuZmdqPMDXHR+WcLdGzu7u9PzoKcpxQJuhqxHU+ToGOMGTEhkN3KduWt+iIN8ilx/Jb4dIErBbfve6uSb8p0ItYfTlo7b1a9ukAGuaOioye0TrqPAoo70JBNpI8MmBIK0QMjTPUgJH6Ymqx0pkqcfIxdlsvS0j/QmwWKlqf8HdSer7vk3gxDf87Csb/VH3SGBNYPcHHxNnJFQ3TxCr1beULN9QRDa9ZjMhjl4v49M2a51lwPz+78O0G9S5tkw/P8f1d/Rty/qZc7/HjZqA1b+si6EmkZMxKbP6QxD5fq0EkSm9xyKrkNqtYeYbyKwg/k38wfk7FGlB7XtuJySANTWnt5WDy42ULNz3/Z6gFSClEtlYPHA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(376002)(346002)(366004)(136003)(316002)(4326008)(8936002)(478600001)(55016002)(86362001)(71200400001)(8676002)(9686003)(66476007)(7696005)(2906002)(66556008)(66946007)(33656002)(52536014)(76116006)(64756008)(26005)(66446008)(186003)(5660300002)(83380400001)(15974865002)(6916009)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?IcDV8+ACbIWBLY65W66vYmvQrJDTcWqktVhYEJoh9r+7kAUhQH2UcBOs9v9j?= =?us-ascii?Q?bucjqm9HFQoZeZRTAY3zioGFNZq/IcYAnwQ/f6q65zunQq5xb747I+woyd8z?= =?us-ascii?Q?x/PN1W3qqNUnISV9kbWiz/oQA+TEvkpUEHOeSQv9ezOrq5tVeLHaV643V0v7?= =?us-ascii?Q?KLCSgNFyRoJmcDbBPOEMRD4cXEXKQeB5wfCX9ER04Y/hXR2a5Sce7GQP0hgd?= =?us-ascii?Q?ii0MrIz6QNezlBH8scl7XOytqEohRZ7bD4/W6kvIZ9WT5DNnT1ZmsVGSoWH5?= =?us-ascii?Q?7GTXNGeOp52t56qVhcrOxYBhn+Am693KS9sFbHaNOWEo9UOW4nCgRKlYwtF8?= =?us-ascii?Q?DLrR6F4vSicsE2fF6ZLISxhVliXnuy+Zy1NhMqXuLIB5iRJXBxwB92VYgylo?= =?us-ascii?Q?W2nO9O40Ti7kkiThyQ7IC/xDuNXXSPTWGKo3ZhpYt8bFy8WFbZE6d2wCpYnb?= =?us-ascii?Q?qlfPZcDgm5CxxkP7zf1HUZ603LWbxtlVoezw+wlk1+ed4FW8cep7qqYZElUj?= =?us-ascii?Q?IHzCms+MuRDMMzhFSkGGlggHougVE6ZmZG7jNTcP3sOZcQXPHq4fFgs+1/HD?= =?us-ascii?Q?xSQFaC8zBts9PsdQ46kRNqsuUSEktwKYfTVfFO6Lp2GRPOxG9deLWCFOIA15?= =?us-ascii?Q?IB5NTdaffc1z+gXFbjz1K91Vqsxs1y3icx8dYHpyaKQ4d0Tewcl14j3ek1mz?= =?us-ascii?Q?NhwCtb//ykB9CIq0pn7AcXzIc9eN6OBzyq69GqHhPOCUsmE3jt4dgyMvYLDL?= =?us-ascii?Q?MA6DEhkPlPWeHcxScFFOs2wxiAWmL2RAfp61fnkXoIp4cYgBYO7IXN5xn15A?= =?us-ascii?Q?KbczMOa90v8L3bpJFdPttxZqiYA71SyQ3YsVvoBhLO16ubIr6l9lHMKhj6cl?= =?us-ascii?Q?sRjNjUOYult0/WNWN00wRwYaD4OulTVAkniao2QuMjjNj0AqlRSRVfXUTjq7?= =?us-ascii?Q?Yc+uczeX2RwL2d1gYgSBjSDyQUJgcwS6wYEMybxb78eyNYYueb5cJAl3124t?= =?us-ascii?Q?mJXQ4edMbjFxIId3M5vWu389TwrrrUsF0Dgov7zEthB18nY2Z834LTKLcRPJ?= =?us-ascii?Q?NpFC15NTgMD6mn2FN+849+G3I226p228Iark+TEJdpHixw7lIwwJwjfKUsYl?= =?us-ascii?Q?5lqsvzJRrVItZzJwD4yxDDT68WmKSx/QCBGfSl5gRn6LRiwdYYc/1ibLO7EA?= =?us-ascii?Q?PcOUnZF3GL371UKFbyC8nd2YOObGrW5jCPbf0tWqbE38a2jq4RZN3b2krW//?= =?us-ascii?Q?GK6+N9SZ+yvEntnAsIIoUrFfThnHtN0p7geofblfeD3Jox0Niyq7xOTkDSZA?= =?us-ascii?Q?3TAjVqhmm3I++KbiOsn6TcFw?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c1cdd21d-7fbe-4bed-fc1c-08d8e49f034e
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2021 15:04:47.8236 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /fzBpxmNCP6TOgpXMH5ykzKE1Af24iR4H5wYMxUiPB8UOUWSWkvNrXznLyjd+yEkyI76s8pZf77znIYz0UEADCatNBnuaylorRNnAkrOT0Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3459
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Ew19VdgZwogaqwNMeagOIyo_Prs>
Subject: [Ace] comments on draft-ietf-ace-cmpv2-coap-transport-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 15:04:53 -0000

Mohit

I read your draft again. Thank you for this contribution. I like that it is very short.
Below there are some suggestions for an update of the document:

- Remove the indication of the CMP version (as stated in my previous email)

- As CMP Updates (draft-ietf-lamps-cmp-updates) is updating RFC 4210 as well as RFC 6712 you could add this to the references and add CMP Updates here and there to the text of your document where relevant.

- In RFC 4210 and the Lightweight CMP Profile Section 1.7 there is some terminology used like 
-------------snip-------------
   PKI management operation:  All CMP messages belonging to one
                              transaction context.  The transaction is
                              identified in the transactionID field of
                              the message header.

   PKI management entity:     All non-EE PKI entities such as LRA, RA,
                              and CA.
-------------snip-------------
  You could add the terminology section from Lightweight CMP Profile Section 1.7 to Section 1.1 of your document and make use of this terminology  implementing changes like this:
  . CMP transaction --> PKI management operation using CMP
  . RA and CA --> PKI management entity
  . EE to RA and EE to CA --> EE to PKI management entity

- In Section 2.7 you introduce DTLS as a mechanism to achieve end to end secrecy. I am not sure if I understand this correctly. My understanding is that CMP offers end to end security (integrity and data origin authentication) and DTLS may add hop-by-hop encryption. May be you could rephrase this sentence.

This is it for the moment. Many thanks once again for your effort.

Hendrik


Siemens AG
mailto:hendrik.brockhaus@siemens.com

www.siemens.com

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive Officer; Klaus Helmrich, Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322