Re: [Ace] secdir review of draft-ietf-ace-dtls-authorize-14

Stefanie Gerdes <gerdes@tzi.de> Tue, 16 February 2021 15:16 UTC

Return-Path: <gerdes@tzi.de>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35F8F3A0EC7 for <ace@ietfa.amsl.com>; Tue, 16 Feb 2021 07:16:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id epWNLc5MRncV for <ace@ietfa.amsl.com>; Tue, 16 Feb 2021 07:16:03 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61EF73A0EC3 for <ace@ietf.org>; Tue, 16 Feb 2021 07:16:03 -0800 (PST)
Received: from [192.168.0.57] (p5b36f033.dip0.t-ipconnect.de [91.54.240.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Dg4L94sDWzybL; Tue, 16 Feb 2021 16:16:01 +0100 (CET)
To: Daniel Migault <mglt.ietf@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>
References: <871rdqihww.fsf@wangari> <FD569111-85F8-40A2-8C97-764977309B87@ericsson.com> <CADZyTk=HB26o=mUpUdbYEhfhrGZar+oe28c5PZ2_j-vKYVA6xg@mail.gmail.com> <c6d42d18-f1f3-ec00-fff9-3540fa222d23@tzi.de> <9911269D-AA7F-458C-AA1A-2D59A79C5A00@ericsson.com> <CADZyTkn=3GigtTiihQX0ORYyO0dV0qCfVMtTn37vbsqJuQUJxw@mail.gmail.com>
Cc: =?UTF-8?Q?G=c3=b6ran_Selander?= <goran.selander=40ericsson.com@dmarc.ietf.org>, Olaf Bergmann <bergmann@tzi.org>, "ace@ietf.org" <ace@ietf.org>, Russ Mundy <mundy@tislabs.com>
From: Stefanie Gerdes <gerdes@tzi.de>
Message-ID: <026242c2-2c6a-485b-cb51-34b2b2d70975@tzi.de>
Date: Tue, 16 Feb 2021 16:15:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CADZyTkn=3GigtTiihQX0ORYyO0dV0qCfVMtTn37vbsqJuQUJxw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/SvsYNFvOaaOfiI2_-bUf2YxPO1c>
Subject: Re: [Ace] secdir review of draft-ietf-ace-dtls-authorize-14
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 15:16:07 -0000

Hi,

I propose that we use the following text for the ACE framework (as
originally proposed by Göran):

Section 6.2:
OLD
  "Profiles MUST specify how communication security according
   to the requirements in Section 5 is provided."
NEW
"The requirements for communication security of profiles are specified
in Section 5."

Section 5:
OLD
"Profiles MUST specify a communication security protocol that provides
   the features required above."
NEW
"Profiles MUST specify at least one communication security protocol that
provides the features required above."

For the DTLS profile, I propose the following text:

OLD
"The use of CoAP and DTLS for this communication is REQUIRED in this
profile.  Other protocols (such as HTTP and TLS, or CoAP and OSCORE
[RFC8613]) will require specification of additional profile(s)."

NEW
"The use of CoAP and and DTLS for this communication is RECOMMENDED in
this profile. Other protocols fulfilling the security requirements
defined in Section 5 of [I-D.ietf-ace-oauth-authz] MAY be used instead."

additional explanation:

one proposal was to state as the reason for recommending DTLS that it
reduces the number of libraries the client has to support. But the
reason why the ACE framework requires that the profiles specify a
security protocol for the communication between C and AS is to provide
security for the data that is transmitted between these two parties.
Without a protocol that fulfills the requirements listed in the ACE
framework, the solution would not be secure. Requiring that the profiles
must specify at least one protocol ensures that implementers have an
idea how to implement the profile securely (instead of leaving them in
the dark about that). It is also nice if the number of libraries on the
client can be reduced, but I am not that comfortable with stating that
as the main the reason for recommending DTLS.

Viele Grüße
Steffi