Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Tue, 10 September 2019 04:18 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EE5112022D; Mon, 9 Sep 2019 21:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=hsznghYj; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=gdB5Cfsp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2nhPIdneqje; Mon, 9 Sep 2019 21:18:35 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F47B120180; Mon, 9 Sep 2019 21:18:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3117; q=dns/txt; s=iport; t=1568089115; x=1569298715; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NrELznIIc/K3igE9S/WfhfqWiOPCXTMyjTdX5yyBJaE=; b=hsznghYjEm1v18UotG8gp92KMhQSHhfinl6VEQxQUwGZ/98+uQrrFzbA ve2NgtOobl7e6N6jtBWKqF52oFXG3YHcLQeDLs+Xnv7f71q33NQ70PZIJ 1F3EA+cNT3R2rqhBzvP+tJCuxvJFvAIBBDVkzGO/1qjjIOPTjvRyAhab/ w=;
IronPort-PHdr: =?us-ascii?q?9a23=3AqXwQ9B/06mM1dv9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVdaGAEjjJfjjRyc7B89FElRi+iLzPA=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CnAADQI3dd/4kNJK1bChwBAQEEAQE?= =?us-ascii?q?HBAEBgVUFAQELAYFEUANtViAECyqHaAOKeYJcl3CBLoEkA1QJAQEBDAEBGAs?= =?us-ascii?q?KAgEBgUuCdAKCOCM2Bw4CAwkBAQQBAQECAQYEbYUuDIVKAQEBAQIBAQEQKAY?= =?us-ascii?q?BASwLAQsEAgEIDgMEAQEBHQEQJwsdCAIEAQ0FCBqDAYFqAw4PAQIMmykCgTi?= =?us-ascii?q?IYYIlgn0BAQWBMgGDVhiCFgmBNAGLdxiBQD+BEUaCTD6CYQEBgTYVGIM7gia?= =?us-ascii?q?MU590CoIhhn+OEII0llCNf4E4hkqQagIEAgQFAg4BAQWBWQ4jgVhwFTuCbAm?= =?us-ascii?q?COYMeVIUUhT9zgSmOfwEB?=
X-IronPort-AV: E=Sophos;i="5.64,487,1559520000"; d="scan'208";a="623021083"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Sep 2019 04:18:04 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x8A4I4LC010587 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 10 Sep 2019 04:18:04 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Sep 2019 23:18:03 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Sep 2019 23:18:03 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 10 Sep 2019 00:18:03 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nQRrL86LLE/zxxExrGLVomTjxLmfvV+zAH5dW2pYWJi1fk3DgmDBkCP0fYbFcZVljYsUA550OVjvYWsLTi303WPq/2nlg/Nb2u4HWxXPJOrVpgozXK6wlO8NHsfKHGRdqS7V8VqQemsw/TgqWLtCY+JRi2bdOjaMCpdxeWF3euhOqGS848QGzTWmju7EZel5ZskuFXba/FzGhgzOf6B/Xxmy5x5/PKbM/NwTkB6mK2ysMHEuz7W61IX10ij2dZQZbXRBGzoogrIWXRFW0NEy4g1VEBeQJpY6pB7+a8KbwSmfMGxajnqDCWLNDWXNgrUtaUX8/enobqHHqXIXhBd7rA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eeb35r5aMEFaVNIuM5e75e/qYw/1NiW7BdEfssdoaUA=; b=Jjnrp4X+Q2Fc6d2sNNRaX2nE1xXQw1FnbTYfhYc8E2i2Mh9YQ22Z89uYgI+4Rl1C7chIYZxkxWLWctBg8QcHbw9lDaToxb0E9ngdf1kMe/GPwXnI17YNIYqeNE627qvTaC5nSPvSttPhU/Zdp9V2+RocgxnrNHcLcfnb+ykjG351hRQJqTc+pmI8AlEo0OC5UAQPGRrT8kgfeSFcATdNL9M0ssIuhqj2yEVJaB92hz0vqzfiDiHRFMv4rjNEO1HnalcQeo+YQdQckeAk1jy5gtN5WpcVXZwOI7lyUQrL3Xe4+9Upbd6sTcalAAogmFlVR+VOM0GyYgqBJrsSAdHXFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eeb35r5aMEFaVNIuM5e75e/qYw/1NiW7BdEfssdoaUA=; b=gdB5Cfspza1FuozEtYL7R5NL2zg3uo4iASs1xn1OqPcuG8mI94vh5SbgUWpkNT9cKmbsB/uS4rEzNnED7zsNj5WEFfEIoEwY14GlqFLaDDs0ghsyaDByrqZp5bSaaNVYEwxoBXOO1+nHYxGDBd7bnth3uDLYvwC+piw4aCQE2iQ=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2660.namprd11.prod.outlook.com (52.135.245.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.18; Tue, 10 Sep 2019 04:18:01 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::20df:b3df:537d:fd20]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::20df:b3df:537d:fd20%7]) with mapi id 15.20.2241.018; Tue, 10 Sep 2019 04:18:01 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Jim Schaad <ietf@augustcellars.com>, "'Michael Richardson'" <mcr+ietf@sandelman.ca>
CC: "draft-ietf-ace-coap-est.all@ietf.org" <draft-ietf-ace-coap-est.all@ietf.org>, "'Benjamin Kaduk'" <kaduk@mit.edu>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2
Thread-Index: AQHVYlHhW15JBzQJJ0uFzt6/ui+Gy6cjRfMAgAAvCYCAACBegIAAPTSAgAB5+oCAAAtwcA==
Date: Tue, 10 Sep 2019 04:18:01 +0000
Message-ID: <BN7PR11MB254736E735A5779C1223E324C9B60@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <20190828233639.GI84368@kduck.mit.edu> <027701d55ebf$994184b0$cbc48e10$@augustcellars.com> <edcbc2a243cc7118e35aec77b2e1599c@bbhmail.nl> <20190901204340.GG27269@kduck.mit.edu> <6b482aaed0ce510c503984dfbac7286c@bbhmail.nl> <7cd78133c263214be535ec36734f7ec1@bbhmail.nl> <30070.1568030052@dooku.sandelman.ca> <20190909144232.GH18198@kduck.mit.edu> <7801.1568047103@dooku.sandelman.ca> <007901d5674b$9bc75e00$d3561a00$@augustcellars.com> <008e01d56788$985bbda0$c91338e0$@augustcellars.com>
In-Reply-To: <008e01d56788$985bbda0$c91338e0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [2001:420:c0c4:1008::76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3482894c-26b0-4bb1-3b13-08d735a5de90
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2660;
x-ms-traffictypediagnostic: BN7PR11MB2660:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BN7PR11MB2660B70CFBA463AC3E60C32FC9B60@BN7PR11MB2660.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 01565FED4C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(366004)(396003)(39860400002)(346002)(376002)(136003)(51444003)(13464003)(199004)(189003)(33656002)(71190400001)(229853002)(14454004)(8936002)(186003)(6506007)(53546011)(478600001)(8676002)(11346002)(53936002)(9686003)(55016002)(6306002)(6436002)(305945005)(256004)(7736002)(14444005)(6246003)(46003)(52536014)(86362001)(446003)(81166006)(81156014)(6116002)(4326008)(66946007)(2906002)(74316002)(66476007)(66556008)(64756008)(25786009)(66446008)(486006)(476003)(71200400001)(316002)(99286004)(102836004)(966005)(5660300002)(110136005)(7696005)(76176011)(76116006)(54906003)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2660; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: VBT3/JRlIj24jAuvIE6H1qAYvyV3wr52H/TfIdkcRqFm9NQd4yBSbeX7lKfXpHSxyIrbteIVobX5uirR9ywQf47VN7tSfEHxq6tdJsUS4EhD7/1r6Ba740jb/4w+iwaMPY/XX38BX57qd1iVMg3R5v7EKaq0TxuTwcCVwKUfIICrjXeS+qFT3MC/BE9nY+2WKJlrxmBEtOslPj5r7rGYwfJCSoUxBaFB/qPDvkikBG75p5cCw8zRodHGANvInndmTeoedDut8aM+rUDHHligNBNA+4gPWRzqmFyk4rfMVQqyoOPtgyEFyiNraKrXvmUS2j09MaJ55VQb9JqAIYmxypzhhJ06LYtsk5jU4l/eiDYnQTAEgxSTqfbu1gM5LgIndsFdsVqBAYj5w1mSlDorvJWNdfFYdxunM71QCRLsuZM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3482894c-26b0-4bb1-3b13-08d735a5de90
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2019 04:18:01.4855 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rwS1pXYLRewl9NElw6CtHzpgR0QqpNiqddrvhFRnXlncE7a6pNNpbxxGBFS+viVh667qSMRTwbDGdNSGdB5ipg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2660
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.24, xch-aln-014.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/XzaPV5GEV0J9S4AukiHM7sVjf3M>
Subject: Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 04:18:37 -0000

Hi Jim,

We are tracking all of Ben's feedback here https://github.com/SanKumar2015/EST-coaps/issues/150 

The fixes that have gone in the draft so far are after each comment. There are still some that we still need to update after the threads converged. 

Panos


-----Original Message-----
From: Ace <ace-bounces@ietf.org>; On Behalf Of Jim Schaad
Sent: Monday, September 09, 2019 11:34 PM
To: 'Michael Richardson' <mcr+ietf@sandelman.ca>;
Cc: draft-ietf-ace-coap-est.all@ietf.org; 'Benjamin Kaduk' <kaduk@mit.edu>;; ace@ietf.org
Subject: Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

Authors,

Are we ready to produce a new draft that addresses most, if not all, of Ben's comments?  Do we have a pull request to deal with this that we can point to?

Jim


-----Original Message-----
From: Jim Schaad <ietf@augustcellars.com>;
Sent: Monday, September 9, 2019 1:17 PM
To: 'Michael Richardson' <mcr+ietf@sandelman.ca>;; 'Benjamin Kaduk'
<kaduk@mit.edu>;
Cc: draft-ietf-ace-coap-est.all@ietf.org; ace@ietf.org
Subject: RE: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2



-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca>; 
Sent: Monday, September 9, 2019 9:38 AM
To: Benjamin Kaduk <kaduk@mit.edu>;
Cc: draft-ietf-ace-coap-est.all@ietf.org; ace@ietf.org
Subject: Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2


Benjamin Kaduk <kaduk@mit.edu>; wrote:
    >> So, on a constrained device, I'd like to know what to expect (what to
    >> code for).  While I do'nt particularly care for server-generated
keys,
    >> it should probably be specified correctly.  I see that the complexity
    >> of sorting this means that I think that Content-Format 284
    >> (unprotected) will get used most often.

    > Your constrained device is probably only going to implement one cipher
    > [mode], too, right?  If it's an AEAD mode, you use AuthEnvelopedData;
    > otherwise, classic EnvelopedData.

Yes, but each constrained device type might have a different set, and the
EST server for such an installation has to figure out how to send the right
thing.

[JLS] This is the function of section 4.4.1.1 in RFC 7030 which says that
the DecryptKeyIdentifier must be present.  This will provide the EST server
a method to identify the correct key and the correct symmetric encryption
algorithm.

    >> I think that we could go to TLS Exporter right now, but it would take
    >> some work.

    > I'd rather have both classic-EST and coap-EST benefit than just
    > coap-EST.

So you'd agree to deferring this to a document (maybe in LAMPS?) that would
Updates: 7030 and this document.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks
[ 
]   Michael Richardson, Sandelman Software Works        | network architect
[ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails
[ 
	

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace