IETF Logo Mail Archive

Re: [Ace] Last Call: <draft-ietf-ace-mqtt-tls-profile-14.txt> (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework) to Proposed Standard

Benjamin Kaduk <kaduk@mit.edu> Tue, 22 February 2022 20:06 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A3AD3A0C27; Tue, 22 Feb 2022 12:06:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jn6TuPmnUBMa; Tue, 22 Feb 2022 12:06:28 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13F983A09B7; Tue, 22 Feb 2022 12:06:27 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 21MK6HsS026818 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 22 Feb 2022 15:06:22 -0500
Date: Tue, 22 Feb 2022 12:06:16 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: last-call@ietf.org
Cc: Daniel Migault <daniel.migault@ericsson.com>, ace-chairs@ietf.org, ace@ietf.org, draft-ietf-ace-mqtt-tls-profile@ietf.org
Message-ID: <20220222200616.GY12881@kduck.mit.edu>
References: <164513925989.6902.8968213035409680302@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <164513925989.6902.8968213035409680302@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/WN-ZuVR4POGf1U_WWO5dsHtND6I>
Subject: Re: [Ace] Last Call: <draft-ietf-ace-mqtt-tls-profile-14.txt> (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework) to Proposed Standard
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2022 20:06:32 -0000

On Thu, Feb 17, 2022 at 03:07:40PM -0800, The IESG wrote:
> 
> 
> Abstract
> 
> 
>    This document specifies a profile for the ACE (Authentication and
>    Authorization for Constrained Environments) framework to enable
>    authorization in a Message Queuing Telemetry Transport (MQTT)-based
>    publish-subscribe messaging system.  Proof-of-possession keys, bound
>    to OAuth2.0 access tokens, are used to authenticate and authorize
>    MQTT Clients.  The protocol relies on TLS for confidentiality and
>    MQTT server (broker) authentication.
> 
> 
> 
> 
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/

[n.b. I am responsible AD for this document and requested the IETF Last
Call with the intention to make the following comments as last-call
comments, rather than waiting for another I-D revision and make it a
certainty that I will need to hand the document over to my successor]

I posted a pull request with some proposed changes at
https://github.com/ace-wg/mqtt-tls-profile/pull/98 .
Most of them are just editorial (adding articles/etc.), but a couple are
noteworthy enough to mention them here, lest other reviewers rediscover the
issues independently:

- we (rightly) recommend stronger ciphers than the ACE DTLS profile, but
  did so inconsistently -- we demoted (from MUST to MAY) the PSK CCM_8
  cipher suite but not the RPK CCM_8 cipher suite, and made the
  new/stronger MTI just an RPK cipher suite with no MTI PSK cipher suite.
  My proposal in the PR is to use the ECDSA and PSK versions of the
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite from RFC 7525 that the
  current (-14) version of this draft lists, since the ACE DTLS profile
  lists ECDSA and RSA variants of the CCM_8 cipher as MTI and thus ECDSA
  and RSA are "most analogous" to it.  But if there's desire to use RSA
  rather than ECDSA as MTI, that would also be fine -- I'd rather have just
  one RPK MTI option than have ECDSA there.

- The IESG is now preferring to see that any BCP 14 SHOULD directives are
  accompanied by some discussion of the motivation for the SHOULD or what
  the exception cases might be; we have SHOULD-level guidance to use the
  TLS ALPN and SNI extensions, so I added some text to try to motivate the
  SHOULD: "so the TLS handshake authenticates as much of the protocol
  context as possible."

Thanks,

Ben

v2.8.7 | Report a Bug | By Email