Re: [Ace] Opsdir last call review of draft-ietf-ace-oscore-profile-11
Francesca Palombini <francesca.palombini@ericsson.com> Mon, 24 August 2020 17:07 UTC
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85DE13A11AA; Mon, 24 Aug 2020 10:07:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.202
X-Spam-Level:
X-Spam-Status: No, score=-0.202 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6GMMLqI3Nq9; Mon, 24 Aug 2020 10:07:09 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60067.outbound.protection.outlook.com [40.107.6.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 054F53A119B; Mon, 24 Aug 2020 10:07:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TWgYkly8q5Ixizoh+ldrqBn41Dz1o+CBLpfAQIPt7aUe6ne3gzBMy1QVKmBcsSPb4iztnO6Q4/l5o/WqtWdst0tLGt+OEVdBr42F5o6tTlY/ubr+sZGQEptItks2aaZX4SOUZ68bHlBJaQ7HsSC/GEHUzJS2Mn6tTnUOhNty48n+Gek5rBXC7YiqPwJdzh48kUhyvwErreJ2vp/z9OG0MU02F/uE4gKC/JEHwHZp7KRKJH2m7ADBL1ZoziaD2kA/AMAC2mATebcVnEAfuLr8AdlVrSYlXqaoHFGJsD+qI135Xgy34USHd/0FC9KR5bgFmN1oxOwtjBQLuGY5/LIzkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YBpVK5tZEWWSgPxn2y9jVBWMVgQpT5xl9XesLQyGbII=; b=lVJsrBSoUXu+ffooFL9Xut6XSicOLr1s0ebb/VIHuT7rGxZ97gKF77M6vFICZ5IKbigVAFRbomO3VTDL88BBgXunwWTyZoSumc/DV+RfhqIRO3pySX4/Pq/P92QY9ku/4BR0/GQwfBB56RPOu4jnKwehNXkO8Hc0Abtm82o8qSLzNiw5cs4hfyh7M+Q2UI3OcVVtBnhceU2GdEZyofQeobRL3zth2X7DlnYF/5kePkUnzlbwHi4y/mYAp2HqfTZpXbEaR7y4oDKzoabhpeAbL9KSnbY95hUvdAJFSlgTNm9/cs0tsKuzmccb0IT+rRwRcdgxt7xu0/CeNiS9IwLwvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YBpVK5tZEWWSgPxn2y9jVBWMVgQpT5xl9XesLQyGbII=; b=itMTyVOHP1aksJ9gJKT2+RfQYHJQ2hsB7YAQtXtUc259wpnI/KyczcckaWGJrZaE3op2G1mTNplk3ya+518vV3MLF1xze5OJgBeD9X1kpqTuHZ9bQdDNUG6aZrp8B3Sle4RlShj6VjqnyguG111VQKi0zu4InO1oAafX9W2sbew=
Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR07MB5536.eurprd07.prod.outlook.com (2603:10a6:803:b7::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.10; Mon, 24 Aug 2020 17:07:05 +0000
Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::cba:ac03:353c:2d1f]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::cba:ac03:353c:2d1f%7]) with mapi id 15.20.3326.017; Mon, 24 Aug 2020 17:07:05 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Linda Dunbar <linda.dunbar@futurewei.com>
CC: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-ace-oscore-profile.all@ietf.org" <draft-ietf-ace-oscore-profile.all@ietf.org>, "ace@ietf.org" <ace@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Opsdir last call review of draft-ietf-ace-oscore-profile-11
Thread-Index: AQHWXkQm/2Ux8jIucECi5F3tZLHA3KkbxRsAgCwR3gA=
Date: Mon, 24 Aug 2020 17:07:05 +0000
Message-ID: <5C8BDAEF-C8CF-433A-A093-2A9ACCD022EB@ericsson.com>
References: <159521497745.9074.17834135527258230957@ietfa.amsl.com> <20200727180742.GG41010@kduck.mit.edu>
In-Reply-To: <20200727180742.GG41010@kduck.mit.edu>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.219.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d3256983-8e40-4dc4-e72e-08d8485020ae
x-ms-traffictypediagnostic: VI1PR07MB5536:
x-microsoft-antispam-prvs: <VI1PR07MB55365A8FD6604D4A8CE372C498560@VI1PR07MB5536.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iAmdm+cbiFYk8l8b71R9vqALR9YWXEd/627wWZyW+oNQsh4tlTSfs05dkohIALtZPOoCmyPQJupNFTqXtiWJzE1Zj6/S0dj//E/zaqaJEcvWe1JmFJ+E3LDfwt5kFw82LJiiDqDn//9jDLosULturVuFN3rOGJNsaX6kYM4k0p1V1uvYl11pZepi2EYQFUZQdarLwvHKztHBejcg6lLFtAlYqcK7RnlNf9vWdmAmenXrW/gnJQYYgWf3TCEIT5JN4YYg4sRhWVKcjzQ7tbPqTyduP7QZDBIapo4j6Mwl+uW5D9GPU6j+X4kzOs2PELqCUET8sQNkJM2IwM8yi8aooH8atpZKsvbNrTTTMOMptz1Dz2qvFfTQW5N+eu+0xnHew+Tv7n2UEr7ESeiTduP9Xg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(136003)(366004)(346002)(39860400002)(26005)(6506007)(2906002)(86362001)(66476007)(36756003)(8676002)(66556008)(83380400001)(4326008)(316002)(54906003)(66946007)(66446008)(64756008)(71200400001)(2616005)(110136005)(44832011)(8936002)(76116006)(91956017)(5660300002)(33656002)(6512007)(186003)(966005)(6486002)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: R8oWa+qs4GPKgbSD/3sJJIU8+i6jNfxMNoUGYuXPTG1TDGzavCfJMu0DN2rHJMSyB0Ac8Z4RWOFGApSZShOLDvXV+JS1rtUlGGV2LPUJhx8h/vx/llhgqeNMr5LCx32zqfNbFNo/omXm3qyIkqjA1hAWfvdhXmctWJvPusQZl9o1BYw2PLewoOo5UkLMauo4TFvfPVRw+fT3R1k7w+4yYYp9HFVmEqYUQna2Qu3ucoYKj3eR5xeVT7npuhn2yUEb22q6PQQYCrDLRcJgPltt225pRqHXe6Gb3KvM/mNRLu4tWLNaZjIJVO4L9voTMhzljwqMK/16uvyBtAi/DAKOOlgx+IEhPwR6OcEekyB8ok67MFBYKSyZc4n6+i/L1GrbmM8mLdxDL0bS893bkuELseZFq8Z/kWtlpEXDou6BQ29nJFMVkzlFJFS+LNL5RxaVb0hsYf6RHh9L5sVk3eVuk7IfHsgulwIT44penAKP9vta8TJ0NIRDWnrcsgaRu7VuUzxQpEbqIsjRotuz+VdRRxy0/vmNenAsbU3A8QJhOkjTNy3e1IYYCoP+++BVMoI2QdSQV+Arkx1Qj+M4xhuthLtD6OMSCn2PnyQDOSv3gpVkt+VvJpQy1IWVaEHBpN8ItL0TyoJlfKVH/fYG7+0bDQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <378BF2A7B7C05441B0A9EEBCEB466497@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d3256983-8e40-4dc4-e72e-08d8485020ae
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Aug 2020 17:07:05.4223 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZcUpPfjvth/PlBe2cxZJBY0c4+nl/PekJoFWTwFq0xiH0Qeg8xslDg/3OjBQh2m+n9xGEWIBJkpQR4+SKFZrgPRfyj3hgf0jty6QHjhavBFGJQGGh0XeTuUUqvnnRQrS
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB5536
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/VNu7gs0RGjKQ_hhobnpGppeh4jI>
Subject: Re: [Ace] Opsdir last call review of draft-ietf-ace-oscore-profile-11
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2020 17:07:16 -0000
Hi Linda, Thank you for your review. Ben has already clarified our aim for most of your points, thanks Ben. I just want to add that we have now added some text to clarify the CBOR formatting of Figure 7, you can see the diff here: https://github.com/ace-wg/ace-oscore-profile/commit/55d500a8922b5694dd821d4b1109cc162313fc2f This will be included in the next update of the document. Thanks, Francesca On 27/07/2020, 20:08, "Benjamin Kaduk" <kaduk@mit.edu> wrote: Hi Linda, On Sun, Jul 19, 2020 at 08:16:17PM -0700, Linda Dunbar via Datatracker wrote: > Reviewer: Linda Dunbar > Review result: Has Nits > > I have reviewed this document as part of the Ops area directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the Ops area directors. > Document editors and WG chairs should treat these comments just like any other > last call comments. > > This document describes how to set specific parameters in using the > Authentication and Authorization for Constrained Environments (ACE) framework > [I-D.ietf-ace-oauth-authz]. The document is written clear, except some minor > issues: > > Section 4.1.1 states that Nonce Parameter must be sent from the client to RS. > What would be the problem if the client doesn't include the "NONCE"? There's a little more discussion of the N1 in the previous section, but in essence, this nonce is required to protect the client against replayed responses. Since the token contents (including key derivation material) would be unchanged across security contexts, the nonce is used to make each one different; it has to be client-generated so that the client is sure that this security context is "fresh" (vs. replayed). > Page 12: It asks RFC editor to validate the numbers listed in Figure 7. There > is no explanation or comments for those values. It will be very difficult for > RFC editor to validate. It seems to me there are 4 columns but I can't > understand the meaning of the values under 1st, 2nd, and 3rd columns. I think this is just a note that the RFC Editor should make sure that someone has checked the values (i.e., the authors). The RFC Editor does not need to be the one actually doing the checking. Thanks for the review, Ben > it is kind of difficult to validate the correctness by just reading through the > document. It would be better to have an implementation report of the proposed > "Profile". > > Best Regards, > Linda Dunbar > > >
- [Ace] Opsdir last call review of draft-ietf-ace-o… Linda Dunbar via Datatracker
- Re: [Ace] Opsdir last call review of draft-ietf-a… Benjamin Kaduk
- Re: [Ace] Opsdir last call review of draft-ietf-a… Francesca Palombini
- Re: [Ace] Opsdir last call review of draft-ietf-a… Linda Dunbar