IETF Logo Mail Archive

Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-key-groupcomm-17: (with COMMENT)

Martin Duke <martin.h.duke@gmail.com> Wed, 20 December 2023 01:14 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC8EEC14CE5F; Tue, 19 Dec 2023 17:14:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HiVa1RbFR2QF; Tue, 19 Dec 2023 17:14:20 -0800 (PST)
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 174EEC14F726; Tue, 19 Dec 2023 17:14:20 -0800 (PST)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-5e7bb1e0db8so11701147b3.0; Tue, 19 Dec 2023 17:14:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703034859; x=1703639659; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6yfX++i2s1EkGouwFlIroGCJ0bxJZJ9wbmSONg5Bc10=; b=B4XOMdXrU05nCMH9X5z6wU/K80RdZ0J/u2L8mcM349EuoJ492jlCwdOTneMwlbXpix qcLPfqDZVWVJPG0y9tV9OqgH23mKwiUfq+PpSILyfacVSOeSjtKQTlg5seX4Rh5B9GK1 xrtCAZji/QKhsde6F5XZxK9V3CzAL9PglfEMlIv5FwwwvVUCNRazPeKENH9UAMZ2bbUX rnU/SfUw5bw8jDkZDICroolCK8G2PjnQb3Ea7zEEPzoHkimxz1McgIqUsrPsN7Z6gsn3 sJvhGctvihM1d6D4Qg4c4V0ENYOtkNzZkMnp4y7jSOdQ2XsVeXkCd9AzBYUNjqp4YAkP aKUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703034859; x=1703639659; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6yfX++i2s1EkGouwFlIroGCJ0bxJZJ9wbmSONg5Bc10=; b=dkCT3aFHgvR6EoH0+oLtJ3FyhVAMYbnFP5qnN6YwX6s/s74ZfiZBoBeEDmnF2lXtoW rQgIhtOuSZLaVTkT2HspVM1VCPBKLJ3lgEp7QoCrntCGGfzAh3XNn9YwZlvjW1khBRtX JHi5rns4HS0SxiXSrDs76j1FKtaFwjoFWPgJPD0Cax8/0ZHuoJxBchmoiJZnHqKstzv3 BT3ewFrypXKTMRH5voANnj59sRtELCCkENLdPMeFOHsjMN3ApVzVY1/hPlHYjhiefBqV SfY4VkV2zml3TGV/4l3dvxUP5BYydYoP2qYAgOESBZG07M04h3q9WAE+55tW7hyB3438 PpDg==
X-Gm-Message-State: AOJu0YzjVsMiMPCGY6Q26lV7aTwYmA5cZcoGrRMR57kBCOSgtLR4dx8z y5LtM0zrqSplGcGMImDog5/rnId1d8VZysEbrIs=
X-Google-Smtp-Source: AGHT+IF2RgWzU6T7T7xstBRBBLp/wXknFtQ4nRd8XkyYD1B2MbnsKlyQgGLWgYiRaHkNFllwcxgGtYm1V8CTc8CYF0o=
X-Received: by 2002:a81:b2c8:0:b0:5df:4992:4f0b with SMTP id q191-20020a81b2c8000000b005df49924f0bmr14809942ywh.17.1703034858808; Tue, 19 Dec 2023 17:14:18 -0800 (PST)
MIME-Version: 1.0
References: <170120586760.59520.5336988551693979686@ietfa.amsl.com> <a9eea308-e8f9-475a-a312-0bb865595684@ri.se>
In-Reply-To: <a9eea308-e8f9-475a-a312-0bb865595684@ri.se>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Tue, 19 Dec 2023 17:14:06 -0800
Message-ID: <CAM4esxS-MK809xAE0iohTfEPWYQ-9vuOrw7pBMJiWpe1ChoM9Q@mail.gmail.com>
To: Marco Tiloca <marco.tiloca@ri.se>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ace-key-groupcomm@ietf.org, ace-chairs@ietf.org, ace@ietf.org, mglt.ietf@gmail.com, Francesca Palombini <francesca.palombini@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000ccace5060ce6b3b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/at4A2g3YXClcHsAUBpIgSd0htD4>
Subject: Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-key-groupcomm-17: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2023 01:14:23 -0000

LGTM


On Fri, Dec 15, 2023 at 9:19 AM Marco Tiloca <marco.tiloca@ri.se> wrote:

> Hello Martin,
>
> Thanks a lot for your review! Please find in line below our detailed
> replies to your comments.
>
> A Github PR where we have addressed your comments is available at [PR].
>
> Unless any concern is raised, we plan to soon merge this PR (and the other
> ones related to other received reviews), and to submit the result as
> version -18 of the document.
>
> Thanks,
> /Marco
>
> [PR] https://github.com/ace-wg/ace-key-groupcomm/pull/164
>
> On 2023-11-28 22:11, Martin Duke via Datatracker wrote:
>
> Martin Duke has entered the following ballot position for
> draft-ietf-ace-key-groupcomm-17: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C1359a87ce9cd413ae9a308dbf0568b50%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638368026718160171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J16AYuoNBuMg4tBidZr9DvGOfnY97NBL6wrdFnjdo5o%3D&reserved=0
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-key-groupcomm%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C1359a87ce9cd413ae9a308dbf0568b50%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638368026718168118%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HatfmpKO8zy%2Fqwc2sNS9wIBHOo6xd15YgpKXqcQWvdA%3D&reserved=0
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thanks to Vidhi Goel for the TSVART review.
>
> (2) "If it consists of an explicit entity such as a pub-sub Broker or a message
> relayer, the Dispatcher is comparable to an untrusted on-path intermediary, and
> as such it is able to read the messages sent by Clients in the group."
>
> Is this accurate? Why does the Dispatcher need the group key to relay messages?
>
>
>
> ==>MT
>
> We have rephrased the following two paragraphs of Section 2 as follows.
>
> OLD
> > Dispatcher: entity through which the Clients communicate with the group,
> when sending a message intended to multiple group members. That is, the
> Dispatcher distributes such a one-to-many message to the group members as
> intended recipients. A single-recipient message intended to only one group
> member may be delivered by alternative means, with no assistance from the
> Dispatcher.
>
> NEW (emphasis mine)
> Dispatcher: entity through which the Clients communicate with the group
> when sending a message intended to multiple group members. That is, the
> Dispatcher distributes such a one-to-many message to the group members as
> intended recipients. **The Dispatcher does not have access to the group
> keying material**. A single-recipient message intended to only one group
> member may be delivered by alternative means, with no assistance from the
> Dispatcher.
>
> OLD
> > If it consists of an explicit entity such as a pub-sub Broker or a
> message relayer, the Dispatcher is comparable to an untrusted on-path
> intermediary, and as such it is able to read the messages sent by Clients
> in the group.
>
> NEW (emphasis mine)
> > If it consists of an explicit entity such as a pub-sub Broker or a
> message relayer, the Dispatcher is comparable to an untrusted on-path
> intermediary, and as such it is able to **see the messages sent by Clients
> in the group, but not to decrypt them and read their plain content**.
>
> <==
>
> (3.3) s/since it allows to ask/since it allows the client to ask
>
>
> ==>MT
>
> Yes, now fixed.
>
> <==
>
>
> --
> Marco Tiloca
> Ph.D., Senior Researcher
>
> Phone: +46 (0)70 60 46 501
>
> RISE Research Institutes of Sweden AB
> Box 1263
> 164 29 Kista (Sweden)
>
> Division: Digital Systems
> Department: Computer Science
> Unit: Cybersecurity
> https://www.ri.se
>
>

v2.23.0 | Report a Bug | By Email