Re: [Ace] draft-ietf-ace-coap-est-00

Benjamin Kaduk <kaduk@mit.edu> Wed, 14 March 2018 01:52 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55045124BFA; Tue, 13 Mar 2018 18:52:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id az0_kF2DS26d; Tue, 13 Mar 2018 18:52:41 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1BC81205D3; Tue, 13 Mar 2018 18:52:40 -0700 (PDT)
X-AuditID: 1209190e-6b9ff70000004b96-de-5aa8806770fe
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 66.5E.19350.76088AA5; Tue, 13 Mar 2018 21:52:39 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w2E1qcgb016383; Tue, 13 Mar 2018 21:52:39 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w2E1qYWY000566 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 13 Mar 2018 21:52:37 -0400
Date: Tue, 13 Mar 2018 20:52:34 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Jim Schaad <ietf@augustcellars.com>, draft-ietf-ace-coap-est@ietf.org, ace@ietf.org
Message-ID: <20180314015234.GX55987@kduck.kaduk.org>
References: <001d01d3b8b4$f6e71600$e4b54200$@augustcellars.com> <25368.1520991877@obiwan.sandelman.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RIYY1s2vRbPFwWeW"
Content-Disposition: inline
In-Reply-To: <25368.1520991877@obiwan.sandelman.ca>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrHKsWRmVeSWpSXmKPExsUixCmqrJvesCLKoOuohcX3bz3MFmt/7mK2 WD39O5tFz6F+dgcWj41zprN5LFnyk8mjZc4e5gDmKC6blNSczLLUIn27BK6MpbOuMRXc56+Y sW0CYwPjdt4uRk4OCQETid5nD1i7GLk4hAQWM0l8fbeOEcLZyChxfMp/dgjnKpPEi7UdzF2M HBwsAqoSGx+Fg3SzCahINHRfZgaxRQT0JJYfecYIYjMLJEh8vXacFaRcWEBX4tdFdZAwL9Cy P1deg4WFBDIkvhzIgggLSpyc+YQForNMYv6s1ywgJcwC0hLL/3GAhDkFjCWu3HzNBGKLCihL 7O07xD6BUWAWku5ZSLpnIXRDhLUkbvx7yYQhrC2xbOFrZgjbVmLduvcsCxjZVzHKpuRW6eYm ZuYUpybrFicn5uWlFuka6+VmluilppRuYgRHhyTfDsZJDd6HGAU4GJV4eBkuLI8SYk0sK67M PcQoycGkJMprWrsiSogvKT+lMiOxOCO+qDQntfgQowrQrkcbVl9glGLJy89LVRLh3SoDVMeb klhZlVqUD1MmzcGiJM7rbqIdJSSQnliSmp2aWpBaBJOV4eBQkuCdVw/UKFiUmp5akZaZU4KQ ZuLgPMQowcEDNHwJSA1vcUFibnFmOkT+FKMux40Xr9uYhcAukBLnLQApEgApyijNg5sDSnYS 2ftrXjGKA70ozOsLUsUDTJRwk14BLWECWnLlxBKQJSWJCCmpBsZp6gHz5u7rtJUV2HLWM7fb vv/rlQgzmytZsZVJ2QIvvu5r3++vVfRgdmb59lX+zOs2BvtKm930/PC/tS9bsiq/U+Kd69SN E36c1fn5azLDrjIZe9uI2RGHa/4sVXt3kumdlP1qtwyv/XsvTjO8Hb9Wdkb95ub0U4vTZXaZ 3rUQ3DVtby1PkKcSS3FGoqEWc1FxIgCG2NxjUQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/QTu4H_2DYtxsJzgeStOrv5XpocU>
Subject: Re: [Ace] draft-ietf-ace-coap-est-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 01:52:42 -0000

On Tue, Mar 13, 2018 at 09:44:37PM -0400, Michael Richardson wrote:
> 
> Jim Schaad <ietf@augustcellars.com> wrote:
>     > In section 2 - There will be a problem in that the port format extension is
>     > being eliminated in TLS 1.3 - We may want to divide this into a 1.2 and 1.3
>     > section for clarity.
> 
> I don't understand what you are referring to.
> 
> What is the "port format extension" you are referring to, and where in
> section 2 do you think we are depending upon it?

   [...] DTLS
   implementations MUST use the Supported Elliptic Curves and Supported
   Point Formats Extensions [RFC4492]; the uncompressed point format
   MUST be supported; [RFC6090] can be used as an implementation method.

The uncompressed point format only exists in (D)TLS 1.2 and lower.
(TLS 1.3 does not separately negotiate point format, rather, the
point format is determined by the group/curve to be used.)

I think the fix would just be something like "the uncompressed point
format MUST be supported for DTLS versions prior to 1.3".

-Ben