[Ace] ace-key-groupcomm-03
Peter van der Stok <stokcons@bbhmail.nl> Mon, 18 November 2019 10:23 UTC
Return-Path: <stokcons@bbhmail.nl>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2214120874 for <ace@ietfa.amsl.com>; Mon, 18 Nov 2019 02:23:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bbhmail.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g24Om51RtpAx for <ace@ietfa.amsl.com>; Mon, 18 Nov 2019 02:23:06 -0800 (PST)
Received: from smtprelay.hostedemail.com (smtprelay0186.hostedemail.com [216.40.44.186]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A099312086E for <ace@ietf.org>; Mon, 18 Nov 2019 02:23:06 -0800 (PST)
Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay05.hostedemail.com (Postfix) with ESMTP id 2E03C1802959A for <ace@ietf.org>; Mon, 18 Nov 2019 10:23:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbhmail.nl; h= mime-version:content-type:date:from:to:subject:reply-to :message-id; s=key; bh=UjZgOy6rsEg3TXLqOUeYlwrTG3GpRAWf5bklHdUVQ 9I=; b=CrDCoRaOAgVCCWKWrvBBYwKhzpnIxL0DDSn4wWRCK2KutAjHMX4vhGhwT LucP9zjAJ49Wp0jPfc/1w5D4jS6d0IgwjQDqPTP7/uecydiSdrt3VhbzWtn4eMiA ZlB10yaRddUwC1FJWv6s20ORBZHk8/wcLr6mfzFYwZcnxBdZIw=
X-Session-Marker: 73746F6B636F6E73406262686D61696C2E6E6C
X-Spam-Summary: 50, 0, 0, , d41d8cd98f00b204, stokcons@bbhmail.nl, :, RULES_HIT:1:2:41:72:152:355:379:582:800:962:967:968:973:983:988:989:1152:1189:1208:1221:1260:1263:1313:1314:1345:1381:1431:1436:1437:1516:1517:1518:1575:1588:1589:1592:1594:1605:1617:1730:1776:1792:2106:2198:2199:2525:2553:2561:2564:2682:2685:2692:2829:2859:2892:2901:2911:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4049:4250:4321:4425:4659:5007:6117:6119:6261:6298:6659:6678:7464:7774:7903:8568:8603:8957:9015:9025:9177:9389:10004:10226:10848:11232:11658:11914:12043:12114:12295:12555:12679:12895:12986:13137:13139:13141:13150:13161:13181:13199:13229:13230:13231:13548:13846:14096:14161:21060:21063:21080:21324:21433:21451:21625:21691:21740:21939:21972:30029:30030:30048:30054:30075:30090, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:0, DNSBL:none, Custom_ru
X-HE-Tag: robin90_551c1adc0de41
X-Filterd-Recvd-Size: 13317
Received: from mail.bbhmail.nl (imap-ext [216.40.42.5]) (Authenticated sender: webmail@stokcons@bbhmail.nl) by omf19.hostedemail.com (Postfix) with ESMTPA for <ace@ietf.org>; Mon, 18 Nov 2019 10:23:04 +0000 (UTC)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_df1919c560713f42cca403f6ba7558ba"
Date: Mon, 18 Nov 2019 11:23:04 +0100
From: Peter van der Stok <stokcons@bbhmail.nl>
To: Ace <ace@ietf.org>
Reply-To: consultancy@vanderstok.org
User-Agent: Roundcube Webmail/1.4-rc2
Message-ID: <f9475be043a0f3a7c315ccafe7de5e40@bbhmail.nl>
X-Sender: stokcons@bbhmail.nl
Organization: vanderstok consultancy
X-Originating-IP: [5.206.216.229]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/_PDsf5rnGtVw6y3nSQTJun0t7P4>
Subject: [Ace] ace-key-groupcomm-03
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 10:23:09 -0000
Hi authors, Many thanks for this document Below my review of the latest version of this document, based on my implementation experience. General point: I find it difficult to understand which secure communication channel is discussed at some points in the document. My suggestion is to name the two secure channels in section 1.1. For example: Management channel: channel secured with OSCORE or DTLS between client and KDC, according to specified transport profile. Group channel: channel secured with OSCORE between group members, according to specified transport profile. Mode detailed text suggestions follow below: Page 3 par 2: s/is in Appendix/is shown in Appendix/ Figure 1: According to text both Dispatcher and KDC can be RS, but only Dispatcher has (RS) added in the figure 1. Page 4, bullet 2: s/join the group/join a given group/ Page 4, bullet 3: s/join the group/join a given group/ Page 4, bullet 3: remove last phrase "If required…. Changes.". It does not add anything, does it? Page 4, bullet 4: what is an "implicit entity"? The phrase provokes more questions than it clarifies. Page 5, bullet 1: remove: "to communicate with group members" (section 4) is sufficient explanation.) Page 5, bullet 2: Shorten to: "Leaving of a node or removal of a node by the KDC (section 5)" Page 5, bullet 3: Do you mean? " retrieval of keying material by a group member" Page 5, line 4 from below: s/between client and KDC/between client and AS/ Page 5, end: suggestion is s/The exchange …and KDC/The joining Request and Joining Response and all further messages between client and KDC are exchanged over the Management channel/ page 6, top: Remove : "All further … exchange." Page 6: s/All communications … section 4/The group members communicate via the group channel using keying material of section 4/ Section 3, par 2, s/join the group through the KDC/join a given group/ Section 3, par 3; reduce to: The first two messages exchanged over the management channel use content-format application/ace+cbor and the third message uses content format application/cwt. Section 3.1, par1: /is as defined/is defined/ Section 3, page 7: The appearance of (REQx) is very surprising; Would be good to announce the function of "(REQx)" at the start of section 3 or end of section 2. Page 6, bullet 4: Not clear what you mean here. Are they optional, superfluous, or a MUST? Section 3.2, par 1: s/is as defined/is defined/ Page 8 The phrase "The access token MUST…. ACE requires" is difficult to parse. In my understanding, the request contains a scope parameter, the token contains a scope parameter and the response contains a scope parameter. Which scope must be a subset of the other? That is not clear. And how can they be a subset; we're talking array. Last par of section 3.2: I understand that the AS always replies with a new access token. Section 3.3: May be it is good to write that the POST exchange is not secured. Page 9: N_S is the value of the {"rsnonce" :value} pair? Page 10: The phrase: "It is required of the application profiles….". Is not clear. Does it mean that all application profiles must be changed to include this parameter? And what if this has not happened? Page 11, section 4: It is good to specify that all exchange between joining node and KDC passes over the management channel. Page 12, line 2: Add: securely communicate "over the group channel"….. Page 12: s/assiciated/associated/ Sec 4.1: please, make clear from the very start that the path names of the resources are example names. Page 13, section 4.1.2.1: Scope does not specify the resource path, but the value of gid Page 14: N_C is the value of the ("cnonce":value} pair? Page 14: I don't understand the paragraph: "The handler verifies … error message." How can the gid be a subset of the "scope"? This occurs at several other occasions in the text. Page 15: should num be monotonically increasing with each new version? Page 16, bullet 1: what are the member identifiers? Page 20, section 4.1.6: It is not clear to me how node is defined. Page 21, section 4.2: Instead of pairwise secure communication channel use the term Management channel. Page 22, paragraph 3: group identifier cannot be equal to the value of the scope; At most it can be equal to the first array element of the scope value. Page 22, section 4.3, paragraph 2: "that the client was not able to receive". The process in which clients receive new keying material without asking for it is not clear to me. Suggest to remove the phrase. Page 23, Text after figure 7: The rekeying process is not clear to me. Is it possible to discuss at least one approach, where the ContextId changes with the Master secret and the salt, every time the group changes composition or the keying material is refreshed. Receiving an unknown contextId means that rekeying took place and new material needs to be fetched. However, is there enough information to know which KDC handles the rekeyed group? The ContextId is unknown, and the receiverId may refer to multiple contexts, while it is not guaranteed that each group has its own resource on the member platform. Greetings, Peter -- Peter van der Stok vanderstok consultancy mailto: consultancy@vanderstok.org, stokcons@bbhmail.nl www: www.vanderstok.org [1] tel NL: +31(0)492474673 F: +33(0)966015248 Links: ------ [1] http://www.vanderstok.org
- [Ace] ace-key-groupcomm-03 Peter van der Stok