Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07
Daniel Migault <daniel.migault@ericsson.com> Thu, 30 March 2023 18:40 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4BAC15C289; Thu, 30 Mar 2023 11:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bzzcEw-vuJIo; Thu, 30 Mar 2023 11:40:50 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on20621.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e89::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 420BBC15C292; Thu, 30 Mar 2023 11:40:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HZb8xKpdxUwoQiTRzIp0Gz7KUeU/iYtQFNVeNebV4iaHkoBc/g70Ky3K/8dU9iCWpn1bdjrbfIeVXk3MpPIe1FxNd44Wpw4E7jSLpd4OK0HrEpyeRvyTdbFCzPAzEEYQMC3XQHn9pMWZgnYRieeDqwYhBm31y2K/PKCO4CgFwKwcIdYpEuxdHuQIEg1LQ+WO8sg6IK3lpuksGAtxBMfIldW1uVmHLTgCqvaPmZD0Z/5z6r9SUg5mbWv5B1ZXIEgoreXumVlF9B8z0ggWVliCtt0Jazbq8jIfyLnHRgicM0ww6PbBk8iGSrgJtkmPH4OIz7jw7Ci3CtHEjszLGOSGqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NytvJm44Qi806q6A50ElwSbvfXCTEAIkP3Bk3+KsLfY=; b=U1S2NOuxDvdYECiQ5eVfHZkHJFk7Om2mx+E555vNT5NznegdEZMPos/6IHZOZhGtOKEfm7Ph763Yg/1i7I4dvFvJEO6eLDggTvFLyNYpqgQYdOG2nVfNtQQJpx0BkVKUUlAXaeF+E6kBxVZTLgk8Alv+sRVzXST9pLaZ8ny7V8anFi0cOiLyU+he9I0KPFfIrayEQ6okTUyW5c+Z6ZMnQ5wYlp5ELear5fDZZhidE65tbDdzqj8GHO6fuyU95lUaEyH+rx8FvxotINSOk3iJ5amaKmNWGtn7tDI1V440yQO0Y/5mmaMv9au1TClzc/VgaAJl3WrLG3J+etAGZ0uyKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NytvJm44Qi806q6A50ElwSbvfXCTEAIkP3Bk3+KsLfY=; b=gEEra2JOhY9PI/rSLWgKvZT/NY6yunVwuIBOIgfwOPb7mMZJYi/SgpB6LK3isaXLFs0bSdqezV5YmTulhLDrsyqkX87uAGQflralnpR7GPFUZTtENn1fFnYv1LNnnqheCcPohn/HnU5Rzqe67HHdvuRskVs2OR3N1E2rhY9+7i0=
Received: from DM6PR15MB3689.namprd15.prod.outlook.com (2603:10b6:5:1fb::27) by PH7PR15MB5739.namprd15.prod.outlook.com (2603:10b6:510:279::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6222.33; Thu, 30 Mar 2023 18:40:47 +0000
Received: from DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::2244:26f5:2c38:c709]) by DM6PR15MB3689.namprd15.prod.outlook.com ([fe80::2244:26f5:2c38:c709%4]) with mapi id 15.20.6222.033; Thu, 30 Mar 2023 18:40:47 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: Mohit Sahni <mohit06jan@gmail.com>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>
CC: Mohit Sahni <msahni@paloaltonetworks.com>, "ace@ietf.org" <ace@ietf.org>, "draft-ietf-ace-cmpv2-coap-transport@ietf.org" <draft-ietf-ace-cmpv2-coap-transport@ietf.org>
Thread-Topic: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07
Thread-Index: AQHZSk3I3VU/UMQjXk6tdsI6qk9AOK8S7RhzgADncACAAAUbEA==
Date: Thu, 30 Mar 2023 18:40:47 +0000
Message-ID: <DM6PR15MB368993132B62E05B6B19BE46E38E9@DM6PR15MB3689.namprd15.prod.outlook.com>
References: <CAGL5yWZEWE5LfRQ+bNn2mRLo8XPyyaVzvEWAGQLMa6QXvKwabA@mail.gmail.com> <CAMRcsGR44FDPL-KuJ68yoP=6xHEnZnrx=af2888Ow5A=XV-TFw@mail.gmail.com> <CAMRcsGTron7s6O9GB=F3KSzkyouXoAZuw-hXPo-34ud6ePYNtg@mail.gmail.com> <CAGL5yWZQc+dNbHjb58P0Gi2NU_A5wd52bPaxfDH9NKoGyNW2iA@mail.gmail.com> <CAEpwuw3aw15mH29dXf=sXBzJ7iWieB0rYHpVgGkj1DzK32jQJQ@mail.gmail.com>
In-Reply-To: <CAEpwuw3aw15mH29dXf=sXBzJ7iWieB0rYHpVgGkj1DzK32jQJQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR15MB3689:EE_|PH7PR15MB5739:EE_
x-ms-office365-filtering-correlation-id: 9a4cf2a8-66e2-4422-3447-08db314e46f7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bppyIX2W14PM0aQBAcmEbW/1Y/pqIdCxgO+PPzeOyOlVfNF1EKNBZJQSCziKJlBldrNxEBdOKHyo+6RquARTEGwkoTDkl07+/tEbIq4Q72WbfsJYXIYST5LV+QkanM4h5yPcmYLv0JoXFYPM7oRvqA0tEjCzWT0p8yHPUzDnK6xaaSVfMnagszfuUrSp9sYezUb4IPg3US5re+zDLkqaO3MAR1O5jku1nrucjHYgRbj02rVHE1ki+xM23KtC2rfuwjGurvvVVMf2CB9Gi5+bT2QMc/GE4Gzlcdwhw01V9o5Mm0lpa8kj3wY9jYpZVTAM5j1egk6eNl1qMK2eCSZUdDegsIlMDlZ8m7P6JLUD/uU2173OMWmgfMQp6kwvl+av3Wlnaf2UaqRTllgAmz2sIKRHBcgScGgwq9tcgrpSoFNqs7no4th0Sb1tb0FbEiok2TTOjJuIwm72mA2f8Tc1UOqVNwdc/mIGDhifpmb82YifWKaBDrYRw/zTevMo39Yeq2auE8pa6EvBRAY4CHxXNntJI1Ca383568PO9XQzANABqQDCQH2/XhPZPiyGW4DWq4l6JiMBDSwKzRiVL6R/fIxhv5gdSgCXDsIqvWDYNuM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR15MB3689.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(136003)(376002)(39860400002)(366004)(346002)(451199021)(64756008)(33656002)(55016003)(186003)(76116006)(9686003)(6506007)(26005)(53546011)(41300700001)(38100700002)(5660300002)(44832011)(82960400001)(8936002)(4326008)(52536014)(66476007)(7696005)(54906003)(966005)(478600001)(71200400001)(316002)(110136005)(66946007)(122000001)(66446008)(8676002)(66556008)(86362001)(83380400001)(166002)(2906002)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dAMgS41WrrCMWokGrv+m+Ppef1CKWKjn04vN+RGusKeXJEMzJL0Ly8yEc3kUE61GjIbOiXYbt8PA0eAFpns0XzbcV9vzRE8D1UZzbZT4LBJzROdZ7BLvKdZnrnMSNCv7kKHv2QydgSxbUMUOECb793NCK8Ihu+o3B/gD2wrnHMzq/ELV8c0v0k3Bi6/eb0Fh7lHHpZvodw9320zAp273BVAco/w4Axdvq+viKKlmH9vRyftDx2punncvtuYMTPmLKevVG/JPixfVqUuM9p4TJGZ/KAiPM4dEWmqLQa/GPoZPdIvY7fo/1C9qDcfTJH6vcCT2tmRA9eKv99iXcnGclNuX5KONI70pHjV+eFgUAY1h2ngmkAuukv68T8zsbHs9ToagwX5EcFDcO8g94DlJgTUtPek/HfB7yUrWekPS2ePkWrVf2iZpfrHBikWS5C6XtBD5uA5o5NNGWZnA5SqK85tlV3bAuFFjk7SoPxvQ9Q1txS6QJsJdKFRxO5ojpggr2AB4Xg/GcdXNTOaKnovmr7qRemITpOewS6lv1A3mAVAu7Ev+wdcCZkdJkkWgabBUJuQW/t3iAvXgx2OpRlA8bpvB0JUBgAEjZYgtdZF3S8rU26w/JMVJ1uuJ+p71TD49CjpaStOXrE9rjXaqdBz0atlSv6cWkBYZjYjF2JgrUGPPGu8YMMzNsjSHADPk0LDJlDpLvG8+RIyKzE3dMpTEjOxMH43w936+VeNbJmlCYa5/RQf8fo/47g8ApsB6y/l1IOuL9k3fZRJYc9H/i60OqLKavS/bl9ep2Dcrpk2aP5r36n4ASNBLx8I9EGvTPVGT8DTmDjnU2C50XX4TIs4BLmJByyncdGY3PUYVk0E1Q1bISI5r/VxU2cixGwzYX1rsgKRSGtA5gEEq9Vc++2pYLfPYfn8YB+G/64w/XOXkK4cUisANY+xLw73HOyli88nWZAjbvZiZMlnoYyApdoeMy69RhL8TRYXWugPbf9VmvbnNlf46vruw7pB3D+ji5+vCJZn333dyRZGcfCoD5k2ujGj+Zwt2NRh0rV45rBu0lODH0VMQqDllRoyK99itpty251QIGr6WQj4De0j9LZnJ1adofyPW79AvkUYBUuIXmGHIM/mXFCkYQMz/r1GJ1CQK47+FlEaJ4Q4c0bGN+TZvZ4UquKiPfFuUz0PoF7bBIEmcQQap2nSr3vayVCDi6kAzbMdHoND9U4u8poq3LJmzm9Es8GAP9xNr1boC9BPQtONGqBeIFYZxrynpj0UJwA2fLhOhlCWiB6WOVGcepQchX9bQ/9hpsv4XW9jdQ9CjeMFGiSvT1H/SGidxibMYwD2bZ56GjGYmrYEIIx1yeV6L/su4vsONZfaFoMWqJdyzx/eF6lIhtnbVw62Ld76bvHx7h23UUGi4VmeXgPalZsPG7mWqRGA2bFFNmMCsbag6/vkGHC78kLyR7tGogFtq/a9NiXLyNUS+rbS0OJx6hz0bQoDyvcAjY88owU0TAbtEAuWh2W4vGIMa70N7lSZfTRl4gwWZESsA6PliY3a/TzZ8J8R939DCC6N7blGvf7HIVI2G/b9Ifi33CW0M4d3jwcd5
Content-Type: multipart/alternative; boundary="_000_DM6PR15MB368993132B62E05B6B19BE46E38E9DM6PR15MB3689namp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR15MB3689.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9a4cf2a8-66e2-4422-3447-08db314e46f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2023 18:40:47.0398 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jkyQxUMgS63zuBhz0/IWmYrB3v1jTCNTq1JdqvVnxDQMasY5e7IuGE5l2wxz4i2Z1YZ0porm3JD9winiDVYKCFP8+Hf7gCuSAZdGzjoVvHc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR15MB5739
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/_J32KRolP7zkYaVjlHq1J8FHYdc>
Subject: Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 18:40:54 -0000
Thanks! Yours, Daniel From: Ace <ace-bounces@ietf.org> On Behalf Of Mohit Sahni Sent: March 30, 2023 2:22 PM To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org> Cc: Mohit Sahni <msahni@paloaltonetworks.com>; ace@ietf.org; draft-ietf-ace-cmpv2-coap-transport@ietf.org Subject: Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07 Thanks Paul, I will upload a new version today. On Wed, Mar 29, 2023 at 9:33 PM Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org<mailto:40aiven.io@dmarc.ietf.org>> wrote: On Fri, Mar 10, 2023 at 4:12 AM Mohit Sahni <msahni@paloaltonetworks.com<mailto:msahni@paloaltonetworks.com>> wrote: [ proposed changes / confirmations in the xml file ] I have read the xml diff and I agree with all changes made. Just noticed an incomplete response for this comment, responding again to it. >The next bullet I just do not understand: > > In order to to reduce the risks imposed by DoS attacks, the > implementations SHOULD optimally use the available datagram size > i.e. avoid small datagrams containing partial CMP PKIMessage data. > >Please explain what is meant here and/or rephrase it. <M.S.>The intent here is to instruct clients to send CMP messages in as few packets as possible. Fragmentation of CMP messages may cause the server to buffer packets which will consume resources on the server. With clients instructed to send CMP messages in as few packets as possible, servers can choose to ignore fragmented CMP messages to mitigate such DOS attacks. So maybe: Implementations SHOULD use the available datagram size and avoid small datagrams containing partial CMP PKIMessage data in order to reduce memory usage for packet buffering. Please submit a new version to the datatracker with these changes, so we can start the IETF Last Call. Paul _______________________________________________ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace
- [Ace] AD review of draft-ietf-ace-cmpv2-coap-tran… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Saurabh Tripathi
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Daniel Migault