Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile
Marco Tiloca <marco.tiloca@ri.se> Mon, 14 September 2020 16:14 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 725543A0A2A for <ace@ietfa.amsl.com>; Mon, 14 Sep 2020 09:14:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8FxtaZdPv4H8 for <ace@ietfa.amsl.com>; Mon, 14 Sep 2020 09:14:05 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFB533A0A29 for <ace@ietf.org>; Mon, 14 Sep 2020 09:14:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X9vNFzMx2oPrwY6H6f/b6vtkK1L8ZAoQJ7oQZn1xjYWDiU1JrwauSi6v4pDgkU3ACT65LGpdG//39B8Fsw5AzRfjp80rlz/BS4eJRnq2T3xq/Fz7G/ryNcIdK2BObOOjzGvVkMaev06b7cIqgF/uO6AXudXWgyjNFPiOsK2bGx322TZSFhwc/yIloDLY2Usd4ZunRMRg0yHuYthuh5OkwKjqd7C1cDnlFXuZnADjGdin+5z8OamN7ZS7HEot25ngXdf7b1Z9KUZB0bRMS1lYoZF1AnbOtaUgRggCpnYHf/CefzhOBus0O4WWMJ3iDtPe7GTp1AKueDB3a1OM8Za9GA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4g/svvL/2yqWbIO525DPaUBBeTygXqpeb0feawsPVI=; b=oEBdfDQkWMkqrHPMpyUNWtdqK775WCoVjYV6exvawqDjQiMGK7TjowtyabUfjX4bS1GVymS0cvIswDqQN/7HomU/aiJmR3lDLSsIclcWrdagI3YOBOwWiXJyIkHzJw+IfLqSNnzIFQME7bTYHvkJKhgquESK7oDAK5s/UYff4vVBhwm7e5m9AVwfq3JPFcRBRtZ7Y1m1D0VKkWr1HD9MDAyy62hBYo4C8ZCVkXpUX3wi5TLhK4t4m4fz4QxImGoIDDAp5ifm2DzNBkmLQsXF4B6/AxpvYHeMILq/OfEoJ4cmiPVizg80voWQUHbNX+z61EkrwnKJwYuSt4awU0EIvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4g/svvL/2yqWbIO525DPaUBBeTygXqpeb0feawsPVI=; b=JS4Kg99Y/KzEO1Ep3T5chhDg3DOVGu/ptWBKyYsw/dNdjHZIxwKIDhS/WObTQAYTTjG1QYkC0IfKR/cYcDJKCQYqsF6cj09hQYRweDG2oHXXDPpAOzBXRqFhaRl27mFBn+GUp+TOBB48pTkt9xDZqPFDki3qKnOVbxuYr59lX0o=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB8P189MB0965.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:148::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Mon, 14 Sep 2020 16:14:01 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::a11e:4abe:4099:5157]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::a11e:4abe:4099:5157%8]) with mapi id 15.20.3370.019; Mon, 14 Sep 2020 16:14:01 +0000
To: Daniel Migault <mglt.ietf@gmail.com>, Ace Wg <ace@ietf.org>
References: <CADZyTkmMd7iO3jo359QSS+y1LoSKvoDw+vJonD8VUfheEgXLTA@mail.gmail.com>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <41fa81ca-fd99-8a04-03c0-e33007bca78b@ri.se>
Date: Mon, 14 Sep 2020 18:13:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <CADZyTkmMd7iO3jo359QSS+y1LoSKvoDw+vJonD8VUfheEgXLTA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="yn99urbZ5R7MZfY5S4qFB0mHYvE48WM70"
X-ClientProxiedBy: HE1PR0202CA0010.eurprd02.prod.outlook.com (2603:10a6:3:8c::20) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.4] (45.12.220.236) by HE1PR0202CA0010.eurprd02.prod.outlook.com (2603:10a6:3:8c::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16 via Frontend Transport; Mon, 14 Sep 2020 16:14:01 +0000
X-Originating-IP: [45.12.220.236]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 671df9f1-07c1-4993-e115-08d858c93160
X-MS-TrafficTypeDiagnostic: DB8P189MB0965:
X-Microsoft-Antispam-PRVS: <DB8P189MB096512B7551CC2D28D24699A99230@DB8P189MB0965.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:3968;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: dAo3/TO2azjTs/w9tUzUbh81eZPNKPCUIPxR991YjSRMMfHDnbvMeFP122xwdYF+QTGXs8foZtdnOLvlkXAnT5oVC9nCe3MCCn7l1R3BmMp+AqV95hMlNuiS7FMzrnyhetgFdbxGrHvEHkw/SYLYaX6djFtFEe4hHb7obHhTuoxO6HkIJ82qN23h9RUQyHiDm8+1deB++jl7dyynnzwmqiCIHgjonxBqPyO0RmCuI2GKgYZbLexoGg0mC0HRSMff+ZCpeXWnRZezxWQSj/HHHLMusXa9ccg34EUuQtOR6zJJXZ3lr2ZNuj729smrVIfB0gLrnHAe1MaU8DA/WXia/Xgd1POLy/LgJwsrFYkhb0hYKUOMIiVEwpgcSKHpVMOvd2xZkTXAJu+l48WhxEB1Glk2utDyEks4sUgfrMwrpUgbKLvGoo/SxTmr4tYqttYlB64b5d8nBdshXGuJFKPxWhA/rvR96NCj2sA7wilUuX5g4h9NV2qCMiS/tv2ISsmX
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(136003)(366004)(396003)(39860400002)(66556008)(66574015)(36756003)(235185007)(110136005)(16576012)(44832011)(2616005)(6666004)(956004)(5660300002)(966005)(83380400001)(166002)(31686004)(6486002)(26005)(31696002)(33964004)(316002)(8676002)(66476007)(66946007)(52116002)(8936002)(53546011)(16526019)(186003)(21480400003)(2906002)(478600001)(86362001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 11pOyZEzff+x97gAqYpXScr9qKpa3b/gGB7gpYJMLX72EMXJ1w0qyYni+uqN4ga3BpHYoQ1dZRcv6RNERJJ/N8tnpSmrQPfOfG8gjk2Y4zgvzOf9XzvmJBjepfpLYOCTp0UgLcn8puQLyFvifRdPAy1umLr/JEPpT+HlDyIca+t4INsEkCWx0hEwprcw12djx//4cMTscLWXJpr91gozwr3iibbhmK3ols8nnJzr8Ke8uIkZf1VW/fFw1nAGgiXEyyBlVhetzgCFWGxZQGrDfAmECC7AvrQvbB7mJvhFs2gwr6m5dNMNQUMdiCsu6oFdGQjynDKBUkXu4JlYl6H7HcZ0p8rWabyLK/RMR/iSS315CS9n/7/B6EItv01CQcihBLkisiOqTrbGhk3zskYUqg5RrunsWUse1RFJvIuxAeHE5i/R3eK9AmhHaKw9iXEJNGCgUMb+v/s8haHcFFLXmBzIjLICgqumUDy0/ngzHQNwWJPaOmaW0ry3X5YFeFHsdoVlY2GItdZxT0abs06Wflj9KvBV+bKTmgbrJCpV0EtxeBrYwFIU6qU3+a1ELwJfpxNtmz6p9SqyIYkfpVVmuiMqSu7f/ze1ExO1/wml7AmBeOyW7Y/KvqmGENER3nF2TaBAMfBY65+gE2QejsSBYA==
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 671df9f1-07c1-4993-e115-08d858c93160
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2020 16:14:01.4661 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: aaCli1QsM+1DBjQ3H906QxvKKWTSeFEUY4OAKUSR1yqwyvuD8e+jXQv/XgY/2rrMijPA5+OOyuIQGXBANjm59Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB0965
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/NwXyhcvAFpmupVl7iph9ipm0YZs>
Subject: Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 16:14:08 -0000
Hi, Please, find below some comments. I think the document is overall well written and in a good shape. Best, /Marco [General] * Refer the AIF adopted draft rather than the individual submission. * Some references are included twice side by side, e.g. RFC 4949 and RFC 7800. [Section 1] * Add an inline reference to RFC 8446 for TLS 1.3. I think it's good adding also references to CoAP and CBOR(-bis). [Section 2.2.1] * In the paragraph on "TLS:Known(RPK/PSK)-MQTT:none", the last two sentences can clarify that they apply to TLS 1.2. As to the analogous alternative provision of the token in PSK mode for TLS 1.3, that can point to "identity" in the "identities" entry of "Pre-Shared Key" ClientHello Extension. [Section 2.2.4.1] * Section 2.2.4 said that the two-byte integer length indicates the amount of following bytes within Authentication Data. However this section refers to the two-byte length as only the token length, i.e. it does not seem to cover also the MAC/Signature (whose length might be assumed from the used algorithm), even though that's still part of Authentication Data. Could you please confirm or clarify? * It's worth making it explicit that the PoP key is used to compute the MAC or the client signature. * s/and, the server/and the server * Remove the final closed parenthesis. [Section 2.2.4.2] * Shouldn't the Authentication Data in the AUTH message from the server start with a 2-byte server nonce length? * Like for the AUTH message from the client, see the comment above for Section 2.2.4.1 about what the 2-byte length covers (i.e., here too I would have expected it to cover also the MAC/signature, not just the nonce). * Like for the comment above for Section 2.2.4.1, it's worth making it explicit that the PoP key is used to compute the MAC or the client signature. [Section 2.2.5] * s/RS MUST verify/the RS MUST verify * Please, add references for HS256 and Ed25519. [Section 3] * s/to all topic3/to all 'topic3' [Section 6.1] * s/as a UTF-8/is a UTF-8 ================================ On 2020-09-01 22:54, Daniel Migault wrote: > Hi, > > This email starts a 2 weeks Working Group Last Call > for draft-ietf-ace-mqtt-tls-profile. Please review the document > available here [1] and provide your feed backs by September 15 2020. > > Yours, > Jim and Daniel > > [1] https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/ > > > -- > Daniel Migault > Ericsson > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace -- Marco Tiloca Ph.D., Senior Researcher RISE Research Institutes of Sweden Division ICT Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.ri.se
- [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Daniel Migault
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Daniel Migault
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Marco Tiloca
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Cigdem Sengul
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Cigdem Sengul
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Marco Tiloca
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Cigdem Sengul
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Daniel Migault
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Cigdem Sengul
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Daniel Migault
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Cigdem Sengul
- Re: [Ace] WGLC draft-ietf-ace-mqtt-tls-profile Daniel Migault