IETF Logo Mail Archive

Re: [Ace] Shepard comments on draft-ietf-ace-oscore-profile

Francesca Palombini <francesca.palombini@ericsson.com> Thu, 31 January 2019 14:26 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2B4128CB7 for <ace@ietfa.amsl.com>; Thu, 31 Jan 2019 06:26:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.854
X-Spam-Level:
X-Spam-Status: No, score=-8.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Ob9zOdlD; dkim=pass (1024-bit key) header.d=ericsson.com header.b=I+bXaeLf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTwEx5PfA9RS for <ace@ietfa.amsl.com>; Thu, 31 Jan 2019 06:26:11 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FAA01286D9 for <ace@ietf.org>; Thu, 31 Jan 2019 06:26:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1548944769; x=1551536769; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=pLWuYBvzCdkZ6+5Yk7fdaOdy7psgFRIlo4WD5g2WpLg=; b=Ob9zOdlDDvFI8dMbq7w8MYbe6axpLVmsrC7qbrpmNR4VSKyszjRpU7nmHtcynMe3 GXJw9sMjwo/4qKfHMC4GTBGVYt4ZnrBcPYyS4UdMV9tRv8/iQOZFzxHDlv5zlcLG z8O+NI6uzKZ7HkuEVMjR+UtJAOGPPWxgJCWTqT73pQM=;
X-AuditID: c1b4fb2d-db5ff7000000062f-5d-5c53058180a1
Received: from ESESSMB503.ericsson.se (Unknown_Domain [153.88.183.121]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 31.02.01583.185035C5; Thu, 31 Jan 2019 15:26:09 +0100 (CET)
Received: from ESESSMR503.ericsson.se (153.88.183.112) by ESESSMB503.ericsson.se (153.88.183.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 31 Jan 2019 15:26:08 +0100
Received: from ESESSMB502.ericsson.se (153.88.183.163) by ESESSMR503.ericsson.se (153.88.183.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 31 Jan 2019 15:26:09 +0100
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 31 Jan 2019 15:26:08 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pLWuYBvzCdkZ6+5Yk7fdaOdy7psgFRIlo4WD5g2WpLg=; b=I+bXaeLfPHTOFn7gMs1G2VoOY8yqTEg7p8831elpipue8CuzFkvs5abmX7FNSNq18SZ2dw3iYavIe35y6V+FUxfqIx3F1nfLIr34WEKw7O6EB6deQ1Cp0xjPciuacD1Fqt665iWPmKnGb8sHrkLmnsvwq5q5S7p5vTt+dlcjv3g=
Received: from HE1PR0701MB2746.eurprd07.prod.outlook.com (10.168.188.140) by HE1PR0701MB2395.eurprd07.prod.outlook.com (10.168.128.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.16; Thu, 31 Jan 2019 14:26:07 +0000
Received: from HE1PR0701MB2746.eurprd07.prod.outlook.com ([fe80::1f9:b4c9:ef3d:32c9]) by HE1PR0701MB2746.eurprd07.prod.outlook.com ([fe80::1f9:b4c9:ef3d:32c9%4]) with mapi id 15.20.1580.014; Thu, 31 Jan 2019 14:26:07 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>, "draft-ietf-ace-oscore-profile@ietf.org" <draft-ietf-ace-oscore-profile@ietf.org>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Shepard comments on draft-ietf-ace-oscore-profile
Thread-Index: AdS4+whFigFTKC1DQi2kqlxsKsGuhgAfkBIA
Date: Thu, 31 Jan 2019 14:26:07 +0000
Message-ID: <B145CB00-EF21-408F-8D71-7B872BBEA02D@ericsson.com>
References: <023901d4b8fc$b72658c0$25730a40$@augustcellars.com>
In-Reply-To: <023901d4b8fc$b72658c0$25730a40$@augustcellars.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
x-originating-ip: [192.176.1.88]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR0701MB2395; 6:K4xoehAuugTBLL2tdZLy8WJYCXwncYg9/GwucI5z9hVx6RDyYXjf5euSusdPiE3X0hiSHCLdu4/mOZcmU12vEEr0i+dFzMSjLaF/CeL/n9GD4VqhpEyPDQ24J0KNfzpgLEexu5dU2pllKz7W+jJqf+UI/9b5TUnCOofafO5GS5NCyoqw2EKMeH0uNJHdrfXb+6BzGbPmBUaBFMaIu0YpzU4u7kISE9mDae20qzVcs6AN3T3OordS3Yuyu8FRt9V61pKwUoMXIS2Qxj+TYi0dwumf09wMzrcam7/k9ABzh6Knv6IBD99O7sc/bZH3q0ErXWLMr3f1bpFebCxiRPPG/xWO5RBx4BndkpDmOwy1S5LOouCjmX+O6pabmck0ybPYCP2iQn9oK8qtbbr6/myDYMlhUC3Rdz0lC67cqljP72R6qP3R+IvX+3dtZF6fd00MkSPBqzcrx0exIozZdMKmHA==; 5:4x+v5RIeNwK9J75E+Iw6/tLYjmUgY0X9x58rDB4Z5HDq4zw9EQaHrK4EVfVaDEzwdy0Y1Etx8e9nDW3ttWB7Ka/MybNapFGDtPhcfwYCHNSEabekURcoAaBb7GZ8b4mThsv/RIMLVEUbt/fq9evYXCe7hoA/a4NiI8eoq/v+fyMJj+eRl5uOrO9meOL2yY3nB2qIqwtq7gKNvG9cd9+h9g==; 7:ZXazMdyy0IlmIPuLqS4fWFzcptPs2bFtzy5pEy9h3ecOAy9UbEdx8WJJExqwTQk9Mhq2ijrPPm3OkqtalKUz0/XRJEe6hZyj19RXNWLShk4ZObd5xDh4Ai6RwRiWMDzK4WsVxAMJIF3rVt8yx3+aNw==
x-ms-office365-filtering-correlation-id: ff25f58e-2c74-40ca-d960-08d687880a62
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:HE1PR0701MB2395;
x-ms-traffictypediagnostic: HE1PR0701MB2395:
x-microsoft-antispam-prvs: <HE1PR0701MB2395B2514395BC362708D5D098910@HE1PR0701MB2395.eurprd07.prod.outlook.com>
x-forefront-prvs: 09347618C4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(136003)(376002)(366004)(396003)(189003)(199004)(7736002)(86362001)(97736004)(76176011)(81166006)(110136005)(99286004)(8676002)(102836004)(81156014)(4743002)(486006)(25786009)(4326008)(66066001)(6436002)(44832011)(6116002)(316002)(106356001)(6486002)(6512007)(3846002)(105586002)(8936002)(14444005)(68736007)(256004)(53936002)(71200400001)(11346002)(6246003)(305945005)(229853002)(36756003)(71190400001)(2501003)(82746002)(446003)(2906002)(83716004)(186003)(2616005)(14454004)(26005)(478600001)(476003)(6506007)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2395; H:HE1PR0701MB2746.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 1l7RrQtWN22xRDbi2V0f5u3NyDdwL47sCRzaduV0UxeSHEzKZ7T3jS6sV4Y3qkVkBOHNZbKMmmuGyVyNXKmWjeVkYOc6toVI3m9ux1Qn2G8qSpBGQC8W09qQUVYiL/t2lFCMlZ5xS1m2crUHErN5OHrifstuny9JSvuBscd4yE1oyLkhiASZjxjN5N3vV+k0H2zTnPCA9mTr/U8OCEe6NEuypwwoHVp87NyPs00GssN8qeItwS3SeuMT5mOhiKKv6iinQw/1CEuMMpRVRECRMTMjU653CLQy6nuJC8b6mt8o7398SlbRTuuc9nBlo7dZjdimHdwFsYMkNXC1kfLLVeidD1KBCa86PFzQoxPVk2+YYFMw0U2zilMb36jk7CW/8xXyehBHB9CheiDFsNrgtU/HihmuwQNe/VXY1cAhxcA=
Content-Type: text/plain; charset="utf-8"
Content-ID: <6BA5F6949459A64B9FEAE165840CC3C6@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ff25f58e-2c74-40ca-d960-08d687880a62
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2019 14:26:07.7024 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2395
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsUyM2J7pW4ja3CMwb1eZYvv33qYLZ5u62C2 WD39O5sDs8fGOdPZPJYs+ckUwBTFZZOSmpNZllqkb5fAldF8YQp7wRX+ig2XLrI3MC7g72Lk 5JAQMJFYcWwDYxcjF4eQwBFGiQvPGlghnG+MEsuOz0Jw/u3cwwzSIiSwhEni51E1kASLwARm iWetn6H6ZzBJvOy+xQThPGGU6N16BKyFTcBG4sLD96wgtohAncT995tZQGxmAUWJdXP6mEBs YQF7ideH7rN3MXIA1ThI/NwRB1FuJHHicCcbiM0ioCrx4tgssJG8QOX/b75lhbjIXuLUnU6w kZxArff/NYONZBSQlfjSuJoZYpW4xK0n85kgnhaQWLLnPDOELSrx8vE/Voj6ZIkrt/vYIeIK Eu/mnmaDsGUlLs3vBntSQqCFXeLf4xNQzb4Sn46cZYFI3GaUuP16OtQGHYn5b15BTcqXeHR4 JguELSPR9/Yz1KQ7rBKnv25kmsCoNwvJhbOAAcAsoCmxfpc+RNhD4tPKv0yzoOE1pfsh+yxw AAhKnJz5hGUBI+sqRtHi1OLi3HQjY73Uoszk4uL8PL281JJNjMDkcnDLb90djKtfOx5iFOBg VOLhncIUHCPEmlhWXJl7iFGCg1lJhFfqQVCMEG9KYmVValF+fFFpTmrxIUZpDhYlcd4/QoIx QgLpiSWp2ampBalFMFkmDk6pBkaZnEOyC/Nn1t/dYD7Rpj+C521OReIMDx2TcmXpxb8/BWc/ 536v2eIVvWaSQmDw//svH4leertvXd3/bXejJzo9DAt7qWIYft+RSydifTGn85Ef//ZPufdM 58nRc58dpQr+dmp2qM8J9Oe4fy7w66KqC1J3Ztdd97AKCWXM6znB6Hpv7lZxI1klluKMREMt 5qLiRAAylry7KgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/aD3tzMckj4zkEDv519VLMooYdOc>
Subject: Re: [Ace] Shepard comments on draft-ietf-ace-oscore-profile
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2019 14:26:13 -0000

Hi Jim,

Inline.

Thanks,
Francesca

On 31/01/2019, 01:34, "Jim Schaad" <ietf@augustcellars.com> wrote:

    
    1.  Please update the text for MUST/SHOULD/MAY to include the language from
    RFC 8174.

FP: Right, thanks. Updated now in the github.
    
    2.  Section 3.2.1 - What to do is clear if a field is not missing.  What is
    the correct behavior if a field is present that the client and/or resource
    server does not recognize.  Is this a fatal error or is it sufficient that
    they may not behave the same?

FP: Assuming you are referring to fields missing in the OSCORE_Security_Context, (please correct me otherwise) this is a good point. We currently do not define what happens if the security context has unrecognized parameters. We don't foresee this happening, as the AS should know what the client and RS implement. However, to cover this case (bad implementation or something went wrong), to be on the safe side, we propose that there is a fatal error in that case. In fact, we don't know what additional parameters might be registered in the OSCORE_Security_Context, and although they could be "risk-free" (as in optional additional information non-necessary for the security context derivation), they could also be input to the key derivation for example, in which case the endpoint non-recognizing them would end up storing a "wrong" security context. What do you think?
    
    Jim

v2.23.0 | Report a Bug | By Email