IETF Logo Mail Archive

Re: [Ace] Alexey Melnikov's Discuss on draft-ietf-ace-coap-est-17: (with DISCUSS and COMMENT)

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Sat, 21 December 2019 03:44 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2E4120A0B; Fri, 20 Dec 2019 19:44:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=hovucj0C; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=yU4XKrMb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xovTF6qHRpQn; Fri, 20 Dec 2019 19:44:12 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 356F91209B8; Fri, 20 Dec 2019 19:44:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10611; q=dns/txt; s=iport; t=1576899852; x=1578109452; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=QHsgRj9qlWYu2LkM/Q65Y5yPWfsjxLp5CoJpEKc876A=; b=hovucj0Cz69+Mt1+ikiogrNy/w3GQiD45hen4e18FYfvF871vhTpOfWw KGXYBOG4+RK4ETP1gA6A/STgGyzmRWZvpAm/eokNl3qta/5pRh+PzZTfI SlCxG7OPxfR/c+FwMeuVg5sRbaZvBXxCZTu57ATiuXQercoTZ96mk6r5d Q=;
X-Files: smime.p7s : 4004
IronPort-PHdr: 9a23:IwgPyxKu8KEH9lqLk9mcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXFX4JfvyZiozNM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DECQDtk/1d/4sNJK1lHgELHINJJCwFbCstIAQLKodNA4p1gl+YCIFCgRADVAIHAQEBCQMBARgLCgIBAYRAAoIcJDgTAgMNAQEEAQEBAgEFBG2FNwyFXgEBAQEDAQEQLgEBJQcLAQsEAgEIDgMEAQEvAiULHQgCBAENBQgGFIMBgXlNAx8PAQIMoFgCgTiIYYIngn4BAQWBNQETQYMMGIIFBwMGgTaBU4opHRqBQT+BEUeCTD6CZAEBAQIBgSwBEgEJGINAgiyNRweJRohcjyEKgjSDYII3gRuPAYJEh3uEQYtVjlGIUpICAgQCBAUCDgEBBYFpImdYEQhwFTuCbFAYDY0SOIM7hRSFP3QBgSePUYIyAQE
X-IronPort-AV: E=Sophos;i="5.69,338,1571702400"; d="p7s'?scan'208";a="387410581"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Dec 2019 03:44:10 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id xBL3iAQL016501 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 21 Dec 2019 03:44:10 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 20 Dec 2019 21:44:09 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 20 Dec 2019 21:44:09 -0600
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 20 Dec 2019 21:44:09 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mc+AThm4j61RSatluDmKDOgYaeiBVX6Ze3WtuLkMSEi83/jOBap5p87LLSSO0OJzIReOJva5Pe5Z0hoQQ89UuaAArDgQvVhD65GoIwWdokTv+0HluWHiEmqyc2X9VVGRTuCCGQvMRhXD89Jxvb3TmXNtT7PbyimOh8nk5zuQSQYY0YlC5gf8ZHP1UwUSkfBdn7Ct7q+6w30KkD2c+jnsLlMV3C+qOnEYyE2VlDspSV0kconwPMtIRrfyVAhx0f48DogIHPi17NDI8t62ZRHVoWdYVO2a+CVj5ltf/BngRdF4s1C/c9qJu6GWHiZnBLmjwvMEMOgzbvQ784fi40w+bg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1qoMZ3EzQi9H8x4gtls+tDdq86CyKUL7ln/euo+SbQM=; b=D1ad4cMSvJtHJ7Nv0gYR7X9HjLZlDRUutV09xvDaDBjJODQYtG00A1KclZ3LCZrfP96p68xtQzKGvLGGl6KR4jX2sPFqdxZqOucuQw77GdOV0UeYKDcwwDEeNnJyMX2oHL8UdNm1tm9DPyd2v2yCU5g7cCycoavoX6Nq57BYVV9aae95DeOCtzXTl6h5nFMP0GwXQa1jAdqF8hnrBG9gqtc+qr8AnYDhv91hTGV7TADaZNNT7rE4iCWnr6h3aeKTJ8tjLVzmhy68T+kpnqbbtcYz6UqIDz94fEZA90mekzOc4uBRxE/LVbQvuEbGg6XPErtT9CsPjJ/o1v9YPZnRcg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1qoMZ3EzQi9H8x4gtls+tDdq86CyKUL7ln/euo+SbQM=; b=yU4XKrMb9UCFo9V/ac06Mvspg5jItL4s0rd5qCeYFAzby0hGYKvvVIfOFiX2MTvjXBMznrlPLcyKzUjAyRoLxOX+ZaohNECTvR5Do8si0WOmV7JGNRbJo/drwjBEa38mLtSHmecoZMG+fi+mb2OlQ0hxes+p/yNG3YAZPArRhT8=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2737.namprd11.prod.outlook.com (52.135.244.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.15; Sat, 21 Dec 2019 03:44:08 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::e03c:e55a:c03f:5f4f]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::e03c:e55a:c03f:5f4f%7]) with mapi id 15.20.2559.016; Sat, 21 Dec 2019 03:44:08 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>
CC: "draft-ietf-ace-coap-est@ietf.org" <draft-ietf-ace-coap-est@ietf.org>, "ietf@augustcellars.com" <ietf@augustcellars.com>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Alexey Melnikov's Discuss on draft-ietf-ace-coap-est-17: (with DISCUSS and COMMENT)
Thread-Index: AQHVtablCsJ9xDNyJECls9msub14xqfD9IYQ
Date: Sat, 21 Dec 2019 03:44:08 +0000
Message-ID: <BN7PR11MB25473DAA128441857F73A761C92C0@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <157667562611.29907.6804425237641037015.idtracker@ietfa.amsl.com>
In-Reply-To: <157667562611.29907.6804425237641037015.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [2001:420:c0c4:1002::12]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ba0fd399-52af-4342-f52e-08d785c808d7
x-ms-traffictypediagnostic: BN7PR11MB2737:
x-microsoft-antispam-prvs: <BN7PR11MB2737755A2FC253D4D618FEDAC92C0@BN7PR11MB2737.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0258E7CCD4
x-forefront-antispam-report: SFV:NSPM; SFS:(10001)(10009020)(136003)(396003)(346002)(376002)(39860400002)(366004)(199004)(51914003)(189003)(13464003)(8936002)(2906002)(71200400001)(86362001)(81156014)(66476007)(81166006)(54906003)(66446008)(33656002)(186003)(64756008)(76116006)(8676002)(5660300002)(52536014)(4326008)(66556008)(316002)(966005)(66616009)(66946007)(9686003)(7696005)(53546011)(6506007)(110136005)(55016002)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2737; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: P93vHrvjuSapJJ26r0mjQ+npOe07PcNvayGOo8eE9fpmMA/rfCvepLSxrJNXeAbx8GK7L2Dq0PDrq6yHEDT37Uf7vJ89/qSS1fI5zIr5TV16HD9L4hUj7lxIexQMS2NMWBcEJeJ6K3QnIVQGSIHzKh5r7j84IoEY3ervPY5jE8l7Id89S8j5R7KhYatyPvAp5wNPfhSVnRf/oyJqFmxmlNDbAZwVaPSwf3SIp3ugDZxIOkQ5FJAnUiFIahuE2y9yq0FwRZVpOtWmxXgMjv2ZYQ6u8m/OHrHK1bgAdbZ2cfKikmaAgUOHmptYtkq54Z00u18EgXn501hKN4fKQ6B5PNkefErZwpuclrOY71Q8uhYvscPBW48dLgjk7OIOYQt88U9buQFV9hfvTLZA8IkE15yRsSHhYsBVBYy/vS7hESitd9SX3aMHk0oNZe/G94Hk3csxB+VlVuSh24BXWwBD8ezOb1Av1WBOaSxljXHGKHh5Eu0Xzl1C5nxuc8CRtBnRmVTWiGZoksbBVuC+EFVZnGNL4S7RAZXew0goNtb1Hx5XfYwnj6qGtJ8iB77fz/2KfYIAz47fzrNNGqCXMmNrBWeLUuQnAFtfkc8lbzV7vflL/k4T5l8TQ7iP/jUfWUBs
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0013_01D5B786.FCC6DF10"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ba0fd399-52af-4342-f52e-08d785c808d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2019 03:44:08.3409 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PIH0zulbWCNNE7IoHcMd2YKK/WUwpyjErUuWS9H1yG39KupQV0c8i38t+l5I5k2Z3FdMt0s/xDFUhTx4o+X5tQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2737
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xch-aln-008.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/RoPnqdy7bquV85yD7lzIrtn5rh8>
Subject: Re: [Ace] Alexey Melnikov's Discuss on draft-ietf-ace-coap-est-17: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Dec 2019 03:44:15 -0000

Hi Alexey, 

Thanks for the feedback. 

We are tracking all your 4 comments and discussion points in a git issue in
https://github.com/SanKumar2015/EST-coaps/issues/155 There are 4 comments in
the issue, one for each of your points. The comments include all exchanged
information in this thread with Ben K, Jim S., Carsten, and Peter. 

At the end of each comments in the git issue you will see the change we
intend to make in the draft to address the feedback. Let us know if any of
them does not make sense. 

Rgs,
Panos



-----Original Message-----
From: Ace <ace-bounces@ietf.org> On Behalf Of Alexey Melnikov via
Datatracker
Sent: Wednesday, December 18, 2019 8:27 AM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ace-coap-est@ietf.org; ietf@augustcellars.com;
ace-chairs@ietf.org; ace@ietf.org
Subject: [Ace] Alexey Melnikov's Discuss on draft-ietf-ace-coap-est-17:
(with DISCUSS and COMMENT)

Alexey Melnikov has entered the following ballot position for
draft-ietf-ace-coap-est-17: Discuss

When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-ace-coap-est/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thank you for this well written document. I have a couple of small DISCUSS
points and a few minor comments/questions that I would like to discuss.

DISCUSS:

5.4.  Message Bindings

   o  The CoAP Options used are Uri-Host, Uri-Path, Uri-Port, Content-
      Format, Block1, Block2, and Accept.  These CoAP Options are used
      to communicate the HTTP fields specified in the EST REST messages.
      The Uri-host and Uri-Port Options can be omitted from the COAP
      message sent on the wire.

The statement above

      When omitted, they are logically
      assumed to be the transport protocol destination address and port
      respectively.  Explicit Uri-Host and Uri-Port Options are
      typically used when an endpoint hosts multiple virtual servers and
      uses the Options to route the requests accordingly.

and the last quoted statement: How can the sender know whether or not it is
Ok to omit Uri-Host/Uri-Port?

7.  Parameters

   It is recommended, based on experiments,
   to follow the default CoAP configuration parameters ([RFC7252]).
   However, depending on the implementation scenario, retransmissions
   and timeouts can also occur on other networking layers, governed by
   other configuration parameters.  When a change in a server parameter
   has taken place, the parameter values in the communicating endpoints
   MUST be adjusted as necessary.

The last sentence: use of MUST with passive voice is really unhelpful here.
Adjusted by whom? How can this MUST be satisfied?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Comment:

5.1.  Discovery and URIs

   Clients and servers MUST support the short resource EST-coaps URIs.

Just to clarify: the original EST URIs are prohibited in COAP-EST?

In 5.8:

   In the case where the asymmetric encryption key is suitable for
   transport key operations the generated private key is encrypted with
   a symmetric key which is encrypted by the client-defined (in the CSR)

I would break up this sentence into 2 to make it clearer, as I initially
read this as 2 encryption operations applying to the generated private key
itself.
So I suggest something like:

 In the case where the asymmetric encryption key is suitable for  transport
key operations the generated private key is encrypted with  a symmetric key.
The symmetric key itself is encrypted by the client-defined  (in the CSR)

   asymmetric public key and is carried in an encryptedKey attribute in
   a KeyTransRecipientInfo structure.

   Finally, if the asymmetric
   encryption key is suitable for key agreement, the generated private
   key is encrypted with a symmetric key which is encrypted by the
   client defined (in the CSR) asymmetric public key and is carried in
   an recipientEncryptedKeys attribute in a KeyAgreeRecipientInfo.

As above.


_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email