Re: [Ace] Gen-ART Last Call review of draft-ietf-ace-extend-dtls-authorize-05
Paul Kyzivat <pkyzivat@alum.mit.edu> Sun, 22 January 2023 17:55 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C83AC14F72F; Sun, 22 Jan 2023 09:55:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chGnufwvpiFi; Sun, 22 Jan 2023 09:55:37 -0800 (PST)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2054.outbound.protection.outlook.com [40.107.96.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8F24C14CF0F; Sun, 22 Jan 2023 09:55:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jwZI0ei1pxLk4qamtFnXfNzXyI3jmlwrHDHbIsveyeAp+9rFdopPmwol+c5UtSvxkBxqPK1dQ888zhQmiB7ccGUzwNBOCqKq7gtXE5269RnlJK7Q6su5N5jAk9/Nm8k0xzOzRJQlWKU1CJmgA/tgjxkzaURaHD1xxtD0kS9FxFeg4t6ZZMAcT5IPIZkSDw4bZWSrqKSM52uJ9vRKb+U6BtscS047J9Fbd/aSgphwoVPqd2dPpneYDYbSOFpKs4OlTUM99LgjHTiW7OQ3h7GhYPoSonRjJm88s25P4aUrWswxRqlUrJXjez9U9xwHzHlCcaT0Usel/CpQzuVSAShjRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T0qxzv/diT/G4UmH/k9odvrg5aoi2A22psFdCk2Pigo=; b=HFLyL5RoFTPKWbPW59cWb5TJbnxnTrYG+xQ29PIir8juaxUOkBjK0LrvAE4D5xtCabm4V0YccCcP6B82/7IoQFsH1u5IIhV05Nb3i65pAOsF+F4F9BBIc4gkObt3YMg5Ajnn0f0JzTbRiQCcXcR+1dhQoy2xt0kcAXx0+oTvkK8Q3WZhBrQzwEhX+4ZwUQ8M8w0e3Bw09k+cdY/z/jp9NPyxiGrNVoF/iAaVZRKFkuhdIyTW5ilDCHIBv1vr7heVGTGGAyW5f7EOOUh2qVu+d5b+A/SHOztb+TGFx+k24HTqAKfrhHwIc+BcvfydYxZmwwGuwRcS8gJbuX7HbjeAtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=pass (p=none sp=none pct=100) action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T0qxzv/diT/G4UmH/k9odvrg5aoi2A22psFdCk2Pigo=; b=dKR3azdE0UO4cxCrGesZeHMasLk+H7zY0PpWy2+WfmwXPaPPOGhKDW3eNhz1grp3Pc7FPZAFviVTyAdmrjJGMTM5h1f7rnXDd0MNsIyje09A4dh0ozub7gQXl/5IOm2HxhwvJLFj6WBVQFHLwN1I+WLVMDyVl07KUaPKH54vSfY=
Received: from BN0PR07CA0026.namprd07.prod.outlook.com (2603:10b6:408:141::26) by DM4PR12MB7526.namprd12.prod.outlook.com (2603:10b6:8:112::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.28; Sun, 22 Jan 2023 17:55:31 +0000
Received: from BN1NAM02FT039.eop-nam02.prod.protection.outlook.com (2603:10b6:408:141:cafe::80) by BN0PR07CA0026.outlook.office365.com (2603:10b6:408:141::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.31 via Frontend Transport; Sun, 22 Jan 2023 17:55:31 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; pr=C
Received: from outgoing-alum.mit.edu (18.7.68.33) by BN1NAM02FT039.mail.protection.outlook.com (10.13.2.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6023.16 via Frontend Transport; Sun, 22 Jan 2023 17:55:30 +0000
Received: from [192.168.1.52] (c-73-143-251-114.hsd1.ct.comcast.net [73.143.251.114]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 30MHtTfH025463 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Sun, 22 Jan 2023 12:55:29 -0500
Message-ID: <0258b6ac-e9b2-a21b-d923-3f6f291c0bc4@alum.mit.edu>
Date: Sun, 22 Jan 2023 12:55:28 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-US
To: John Mattsson <john.mattsson@ericsson.com>, "draft-ietf-ace-extend-dtls-authorize.all@ietf.org" <draft-ietf-ace-extend-dtls-authorize.all@ietf.org>
Cc: General Area Review Team <gen-art@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "ace@ietf.org" <ace@ietf.org>
References: <27d3f8fb-1598-2eb1-a560-48428d9826ec@alum.mit.edu> <HE1PR0701MB3050F0D5FD6770CDA2F888B889CB9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
In-Reply-To: <HE1PR0701MB3050F0D5FD6770CDA2F888B889CB9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN1NAM02FT039:EE_|DM4PR12MB7526:EE_
X-MS-Office365-Filtering-Correlation-Id: 4fa5e71c-54f4-4054-6228-08dafca1da6b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: EC2u6bdluso8ARNEwGcNq3lHGwliXab9sm5B7zLJL2pSRAmfYwoj3DzceERVfHWXTJKhcbvGr78EZP+3tW/Wq9A+CW+BZq8JShU7/H4o13w467rUWbgLb5StQB22kusdB4Y4I7F8GsvEBhN2mZYQED3axjtg5WsesNZp8X8LpM3ZmY78HogGcngyBAySw5yRpfjA9yFQ0RrsVQ+fi5vowkG78uFzfxjKmFmaoqpmzjbDqrBlU5+Kzrvb2Nk+wC5C9vDI8xlkYRFqzMxkLjSteUNtIrD8jLV6GTEsfXLCqAH4sEm65DT84XbyFG4SCrDiT24SzhLTDuOMLRwl8f1rgW91i9EzOKW7dmtRVZiYfkHPqjSkq3mm7vTVy4yiBV8T5tGHx6Hf411E/SP7QBIDb9ozuwXnmf3skv40YMplZgsq+Ygap3dUWvqYxBAc2fZBQJi11wBjK6os6TSfTbjdG76Snf+VaO7/wpqFzZCEUsXoZJQE0mneQb/I0feUChq4KG+ZlCEG8Nu+FYrnvJUJdTZK9R6W2bYfkaF3ULxPV3E5pp2CxT8Uzqp5yLgYzd0/qb5jq8yau82KdzjXydcJ5+TYCH9YfYf1Cdc35h0ygFUPVkjKEM/RH/a8Euu1oHxtwY7R2uTr1JQXg1hE1iqB/b+7hG17q9oGTAs0r8ZoWthSUpd5FWGA1jf8Dw7a0rbx//m/9kjAlkOVh8hziVO+BQ9kmGKCKTMdPMBwpGLta1Q=
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(13230022)(39860400002)(346002)(376002)(136003)(396003)(451199015)(36840700001)(46966006)(86362001)(31696002)(40480700001)(2906002)(70586007)(336012)(41300700001)(4326008)(70206006)(26005)(186003)(8676002)(478600001)(956004)(47076005)(2616005)(786003)(316002)(75432002)(82740400003)(54906003)(110136005)(5660300002)(356005)(8936002)(53546011)(7596003)(83380400001)(36860700001)(41320700001)(31686004)(82310400005)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jan 2023 17:55:30.9970 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4fa5e71c-54f4-4054-6228-08dafca1da6b
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: BN1NAM02FT039.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7526
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/S1MjVgWlMNo7KBM4S3bwtENDpxE>
Subject: Re: [Ace] Gen-ART Last Call review of draft-ietf-ace-extend-dtls-authorize-05
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jan 2023 17:55:41 -0000
Hi John, On 1/22/23 3:40 AM, John Mattsson wrote: > Hi Paul, > > Thanks for you review. > > > I very much agree with you that this should have been part of the RFC > 9202. In fact, I pointed out the need for TLS compatibility very early > in the standardization process. The situation right now is that this was > unfortunately not done, and that TLS/TCP is very much needed for the > 3GPP use of RFC 9202. This should have been standardized yesterday, so > any increased delay would not be good. 3GPP is waiting for this draft. A > future update to RFC 9202 might be worth doing. It will be for the wg, ad, and iesg to decide if compromising the quality of the document to meet this schedule desire is an acceptable compromise. >> But it fails to dothe work of actually making those revisions. It leaves > that work to the reader. It is hard to believe that all readers will > infer the identical set of changes. > > I don’t see what is missing and what would be hard to infer, and I am > not an author of RFC 9202. There is general language that needs to be applied to many parts of 9202. I'm sure the authors this this is clear and unambiguous, but I don't think so. > It would be more constructive if you could > provide advice on how to improve draft-ietf-ace-extend-dtls-authorize. It could emumerate every required change to 9202. Effectively a diff, though it needn't be formally written in the form of a diff. But doing that is comparable in difficulty to actually creating an rfc9202bis. If this isn't done, and the current doc becomes a standards track rfc, then every implementer will need to do the same work. >> I suggest that this document's status be changed to an informational > I think it would be strange if DTLS transport is standards track and TLS > is informal. Also Informational is not compatible with the current IANA > actions. I would suggest not doing this. My point is to view it as requirements work for an rfc9202bis. Such a document, if published, would be informational. But these days it seems that there is a trend to leave such documents as drafts rather than progressing them to informational rfcs. Thanks, Paul > Cheers, > > John > > *From: *Paul Kyzivat <pkyzivat@alum.mit.edu> > *Date: *Friday, 20 January 2023 at 18:32 > *To: *draft-ietf-ace-extend-dtls-authorize.all@ietf.org > <draft-ietf-ace-extend-dtls-authorize.all@ietf.org> > *Cc: *General Area Review Team <gen-art@ietf.org>, last-call@ietf.org > <last-call@ietf.org>, ace@ietf.org <ace@ietf.org> > *Subject: *Gen-ART Last Call review of > draft-ietf-ace-extend-dtls-authorize-05 > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>. > > Document: draft-ietf-ace-extend-dtls-authorize-05 > Reviewer: Paul Kyzivat > Review Date: 2023-01-20 > IETF LC End Date: 2023-01-24 > IESG Telechat date: ? > > Summary: > > This draft is on the right track but has open issues, described in the > review. > > Issues: 1 > > 1) ISSUE: Form and completeness of the document > > This document reads as a good concept document proposing how RFC 9202 > could be revised to allow use of both TLS and DTLS. But it fails to do > the work of actually making those revisions. It leaves that work to the > reader. It is hard to believe that all readers will infer the identical > set of changes. > > I suggest that this document's status be changed to an informational, > and then work begin on an rfc9202bis document that incorporates the > proposed changes. >
- [Ace] Gen-ART Last Call review of draft-ietf-ace-… Paul Kyzivat
- Re: [Ace] Gen-ART Last Call review of draft-ietf-… John Mattsson
- Re: [Ace] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- Re: [Ace] [Last-Call] Gen-ART Last Call review of… Lars Eggert