Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-04
Mohit Sahni <msahni@paloaltonetworks.com> Mon, 14 February 2022 20:25 UTC
Return-Path: <msahni@paloaltonetworks.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20EB03A0D9A for <ace@ietfa.amsl.com>; Mon, 14 Feb 2022 12:25:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=QdX9tjee; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20210112.gappssmtp.com header.b=E0ab5z0V
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mg-HVq7FdFxb for <ace@ietfa.amsl.com>; Mon, 14 Feb 2022 12:25:44 -0800 (PST)
Received: from mx0b-00169c01.pphosted.com (mx0a-00169c01.pphosted.com [67.231.148.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E12C83A0DCE for <ace@ietf.org>; Mon, 14 Feb 2022 12:25:43 -0800 (PST)
Received: from pps.filterd (m0048493.ppops.net [127.0.0.1]) by mx0a-00169c01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21EIvkZO027824 for <ace@ietf.org>; Mon, 14 Feb 2022 12:25:41 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=zT/1powUOgVL7otdt0ZUinvUXcutfwIg1R7RKYZ9Lsk=; b=QdX9tjeeGqbSqZrx8dGM+9fVynsj0XpXbI0manDaLZlhHRM34Xh2GnhzF9Hjb+fPOSAW wkWrD7hf70Da/uiWYN2K8zAEy5j/t2OYFHdt3bJ1Y7esLVb+hHrdoF4AVqNJzlio7IH5 Os+6gEg7lVRAFUBfXQNtJcO/qQVO4inXH1KAA76+XVPHrdu7AscuEdPLuijhY0WPqQOs mBXIyHi4QbXcv6sHRMOFpXJCSZPFyT/5SfQayLv375X3Z6P6Ld6wwQznGFlHbIJAWZ6f NIOyuwNb43IGsuq3Zb3xxS8n3BP4enjZXIhCs24n+ZVAOxtTa9vaBHsUzDT7+kJnu2eR ag==
Received: from mail-vk1-f200.google.com (mail-vk1-f200.google.com [209.85.221.200]) by mx0a-00169c01.pphosted.com (PPS) with ESMTPS id 3e7vthgce3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <ace@ietf.org>; Mon, 14 Feb 2022 12:25:41 -0800
Received: by mail-vk1-f200.google.com with SMTP id b194-20020a1f34cb000000b0032c95eeddf3so2525815vka.23 for <ace@ietf.org>; Mon, 14 Feb 2022 12:25:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zT/1powUOgVL7otdt0ZUinvUXcutfwIg1R7RKYZ9Lsk=; b=E0ab5z0VfLi17eBpW45kq+mMEKZvO1MKZRN+auA0hoa9vzDKA26r9fC5LMDzqxlbbu x3jc1wQC7bzI2bISR95Fb//1SLsD9QmZ9WpxgjoN6E2lemveaVfSey+dOkwWbvbeOjMS QSSz+4Iyf7NIQOaSbP39/CvzQZ33QqwqvqvEtvSJwozhu5pK/DbeJvzYZviTLmCzcWTF DCpYyEVb7mLtZo+SqxWQaFgFfhJ+lCLZsN3P1BTPGvv0EPToE33xvTNeqWAfh9aYXHJ4 ZrHviYpH7lZbISQ9LUpvnKLpWduNFmspC+0+IRwToEkRXDN3tpzATOmeUc1IcR+U5qDg 0wxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zT/1powUOgVL7otdt0ZUinvUXcutfwIg1R7RKYZ9Lsk=; b=ZH2qy9ZfEU3krvZkOw7+K79/Q3oRnym/0cV5Ild7wMjhx/f6F4W/Y7DvNUJDBlmb1f YuM2xGyOAFrnvvBGLnzlX4R1nXueePIshOVNgbsf0Cg6AEE9WLhJMBVowB3kuQDXowGH J8lRTEfaw73FrV4Kk4XDODAVh4Vpp5TFA0TL0GBvYUkaCECDgZWU5p63B855ZQ/NAJtX GYQJvIJf2SV2RqZOyR8WAUU/o7UH1w9xctWJK3IQfo+EzdPPPXDJtnyJaku8gUzLfGBt OiGJYgqoHSysi3g+yfDr4gcUpVTVkhB6RmPPX0Aug0FTQ/66efEl8SW4g/XMkypb5cf0 iQrg==
X-Gm-Message-State: AOAM532i26uAPJV1HY79HvE++8C0kBpOk6pvglrxHOkBmbHLFD0o1+W4 eWHeSq6hWYzwcmiWiNpApikLk8KfuCsIBc+Fcd5XE7/cmCRqeMQSaYMBS8gnj1R0q4tNVf1+xyE uunPTn2rkhitbPueOBSY=
X-Received: by 2002:a67:ee92:: with SMTP id n18mr322983vsp.82.1644870339987; Mon, 14 Feb 2022 12:25:39 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwFDobODzBAG7xa/MYBM9Q+skJu7Ixvm/ngCMtsFPUh6/E+Ll+ILb8b3zK0UOLa493yHb5cqPv1hZfdzWIAQrI=
X-Received: by 2002:a67:ee92:: with SMTP id n18mr322975vsp.82.1644870339604; Mon, 14 Feb 2022 12:25:39 -0800 (PST)
MIME-Version: 1.0
References: <20220214192217.GA12881@kduck.mit.edu>
In-Reply-To: <20220214192217.GA12881@kduck.mit.edu>
From: Mohit Sahni <msahni@paloaltonetworks.com>
Date: Mon, 14 Feb 2022 12:25:28 -0800
Message-ID: <CAMRcsGRRCrADb5ArQqz7S-5YcPLgmTKUS8xW1Ts49bsvk5U7tw@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: draft-ietf-ace-cmpv2-coap-transport.all@ietf.org, ace@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004b50bd05d8003802"
X-Proofpoint-GUID: GuVKr1kc3EpoAWTdiapIZHclrGsK7dY7
X-Proofpoint-ORIG-GUID: GuVKr1kc3EpoAWTdiapIZHclrGsK7dY7
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-14_07,2022-02-14_03,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 malwarescore=0 clxscore=1011 suspectscore=0 priorityscore=1501 phishscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 impostorscore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202140118
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/dMCGMBet223ukz6u0FyTZsyXKZQ>
Subject: Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-04
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 20:25:49 -0000
Hi Ben, Many thanks for your comments. I will review them and make the changes accordingly. Regards, Mohit On Mon, Feb 14, 2022 at 11:24 AM Benjamin Kaduk <kaduk@mit.edu> wrote: > Hi all, > > Jumping right in... > > > I guess this is probably more of a comment on draft-ietf-lamps-cmp-updates, > but since we are duplicating some of its content I will still call it out > as > a as a serious concern. My concern relates to the usage of the "cmp" > well-known URI -- we hvae some text in §2.1 that effectively says that a > local site can just put more path segments under that path at its own > discretion, and there's not even any restrictions made on the structucture > of the additional path segments -- the next segment could be an operational > label or a profile label, in the examples given. This seems entirely at > odds with the purpose of well-known URIs as per RFC 8615 -- they are to be > URIs whose semantics are entirely specified by a protocol specification and > are *not* subject to local operator control. While it is possible for a > specification to introduce additional structure under its registered > well-known path, it's expected that the semantics of those subtrees are > still specified by the protocol, and any extensions are to be managed by a > (sub-)registry. See, for example, §8.3.2 of RFC 8995, that establishes a > sub-registry for the path components under /.well-known/brski . > > Any changes here will of course need to be synchronized with > draft-ietf-lamps-cmp-updates, but I don't think this draft can go forward > in > its current form. > > Abstract > > This document specifies the use of Constrained Application Protocol > (CoAP) as a transfer mechanism for the Certificate Management > Protocol (CMP). purpose of certificate creation and management. > > Is the last quoted sentence (fragment) an editing artifact or is there > supposed to be more content there? > > CoAP is an HTTP like client-server protocol used by various > constrained devices in the IoT space. > > nit: hyphenate "HTTP-like" > > Section 1 > > messages. The Constrained Application Protocol (CoAP) defined in > [RFC7252], [RFC7959] and [RFC8323] is a client-server protocol like > HTTP. It is designed to be used by constrained devices over > > (editorial) I would suggest putting a paragraph break before talking about > CoAP. > > Section 2.2 > > If the port number is not specified in > the authority, then port 5683 MUST be assumed for the "coap://" > scheme and port 5684 MUST be assumed for the "coaps://" scheme. > > If I'm not mistaken, these ports 5683/5684 are the normal default ports for > coap/coaps, as mandated by RFC 7252. We don't need to restate that > requirement using normative keywords, as the normative requirement is made > in RFC 7252. Instead (if anything), we should just provide a statement of > fact, e.g., "the default port for coap: scheme URIs is 5683 and the default > port for coaps: scheme URIs is 5684 [RFC7252]". But really, we should be > able to expect people to know to find the deafult port for a given URI > scheme. > > Section 2.3 > > CoAP POST request. A CMP client SHOULD send CoAP requests marked as > Confirmable message ([RFC7252] section 2.1). If the CoAP request is > > nit: singular/plural mismatch "message"/"requests". Since we use the > singular in the next sentence, going to singular here is probably best, > e.g., "SHOULD send each CoAP request marked as a Confirmable message". > > successful then the server MUST return a "2.05 Content" response > code. [...] > > Perhaps I am reading too much into the analogy between HTTP and CoAP and > thus to the applicability of draft-ietf-httpbis-bcp56bis (currently with > the > RFC Editor), but it doesn't seem terribly useful to name a specific > response > code here. The standard CoAP semantics apply, and we could probably just > say that "the paylaod of a successful response contains the DER-encoded > ...". > > When transferring CMP PKIMesssage over CoAP the media type > "application/pkixcmp" MUST be used. > > Do we want to say media type or content-format here? > > Section 2.4 > > These structures may contain many optional > and potentially large fields, a CMP message can be much larger than > the Maximum Transmission Unit (MTU) of the outgoing interface of the > device. [...] > > nit: comma splice > > MUST be used for the CMP Transactions over CoAP. If a CoAP-to-HTTP > proxy is in the path between EEs and CA or EEs and RA then it MUST > receive the entire body from the client before sending the HTTP > request to the server. [...] > > It will be interesting to see what the ART and transport reviewers think of > this guidance. It seems like it is technically possible for the proxy to > use a chunked encoding and stream the message without buffering, and it's > not immediately clear to me that the cost of having to buffer chunks for > reassembly outweights the cost of maintaining an HTTP connection in the > current threat model. > > Also, nit: I would suggest using "EE" singular in both instances. > > This will avoid unnecessary errors in case > the entire content of the PKIMesssage is not received and the proxy > opens a connection with the server. > > I'm not sure I understand where these errors are such that they would be > "unnecessary". The client will certainly see an error condition even if > not > an error CoAP response, and the proxy will see an error condition of an > incomplete request. So I guess that would just leave the CA or RA as being > protected from an error condition, but I don't really see why they need to > be protected from them. Isn't the occasional incomplete request just part > of normal operation on best-effort networks? > > Section 2.6 > > As there are no request messages specified for these announcement > messages, an EE MAY use CoAP Observe option [RFC7641] in the Get > request to the CMP server's URI followed by "/ann" to register itself > for any Announcements messages. [...] > > This is a pretty awkward sentence construction; I assume because it tries > to > allow for the flexibility in use of /.well-known/cmp/ that I complained > about earlier. Just saying that you can use Observe with a Get request to > the /.well-known/cmp/ann resource is much simpler to state. > > If the server supports CMP > Announcements messages, then it can respond with response code 2.03 > "Valid", otherwise with response code 4.04 "Not Found". [...] > > This reads a lot like we're trying to say that 2.03 and 4.04 are the only > options, which BCP 56 (bis) says is an anti-pattern. > > If for some > reason server cannot add the client to its list of observers for the > > nit: "the server" > > announcements, it can omit the Observe option [RFC7641] in the 2.03 > response to the client. A client on receiving 2.03 response without > > nit: "a 2.03 response" > > Observe option [RFC7641] can try after some time to register again > for announcements from the CMP server. > > nit: "the Observe option" > > Alternatively an EE MAY poll for the potential changes via "PKI > > nit: comma after "alternatively" > > Information" request using "PKI General Message" defined in the > PKIMessage [RFC4210] for various type of changes like CA key update > > "PKI General Message" is a "PKIBody" type conveyed within the PKIMessage. > Is it more clear to say something like '''using the "PKI General Message" > choice for the PKIBody of the PKIMessage [RFC4210]'''? > > (editorial) I'd also suggest ending the sentence there, and starting a new > sentence to list the common types of changes that would be polled for, > perhaps as "This procedure allows the EE to receive various types of > changes, like ..." > > or to get current CRL [RFC5280] to check revocation or using Support > messages defined in section 5.4 of Lightweight CMP Profile > [I-D.ietf-lamps-lightweight-cmp-profile] . [...] > > The Support messages seem to be in §4.3 of the lightweight profile now (not > 5.4). > > Also (editorial), the list structure here seems hard to follow ("like <A> > or > <B> to <X> to <Y> or using <C>". There are no list separators (e.g., > commas), and there is not clear parallelism between the structure of each > list item (e.g., the last one is just "using Support messages" but the > lead-in to the list is "various types of changes like" -- "combining those > to "various types of changes like using Support messages" doesn't make a > coherent clause ... so it's unclear if it's supposed to be part of the same > list or not). > > It will also simplify the implementation of CoAP-to-HTTP proxy. > > nit: singular/plural mismatch (the singular would need an article, for "a > CoAP-to-HTTP proxy"). > > Section 3 > > Although CMP protocol does not depend upon the underlying transfer > mechanism for protecting the messages but in cases when an end to end > secrecy is desired for the CoAP, CoAP over DTLS [I-D.ietf-tls-dtls13] > SHOULD be used. [...] > > I'm not sure I understand what you mean by "end-to-end secrecy" for CoAP > here -- DTLS is going to terminate at the closest entity that's named at > the > CoAP layer, which could include a CoAP or CoAP/HTTP proxy. Full end-to-end > secrecy between client and origin server would require an object sercurity > mechanism like OSCORE. DTLS would provide confidentiality protection > against intermediate nodes at the IP layer, but that's only end-to-end in a > certain sense. > > Also, nits: "end-to-end" is hyphenated as an adjective, "the CMP protocol", > and s/ but/,/ > > Section 9.1 of [RFC7252] defines how to use DTLS > [I-D.ietf-tls-dtls13] for securing the CoAP. Once a DTLS > [I-D.ietf-tls-dtls13] connection is established it SHOULD be used for > as long as possible to avoid the frequent overhead of setting up a > DTLS [I-D.ietf-tls-dtls13] connection for constrained devices. > > nit: for DTLS we typically talk about an "association" rather than a > "connection" (though the latest DTLS 1.3 draft does allow "connection" as a > synonym for "association"). > > Section 4 > > In case the proxy is deployed closer to the EEs then it may also > support service discovery and resource discovery as described in > section 2.2. [...] > > Why does being closer to the RA or CA obviate the proxy from supporting > service and resource discovery? Won't there still be a need to expose the > resources to the CoAP network regardless of how close it is to the EEs? > > o Use separate hostnames for each of the configured servers and then > use Server Name Indication ( [RFC8446] ) in case of "coaps://" > scheme for routing CoAP requests. > > RFC 6066 is probably a better reference for SNI than RFC 8446. > Also, there still needs to be Uri-Host even when SNI is used, and the proxy > needs to enforce that the two values match, in order to protect against > request-smuggling attacks. > > Section 5 > > Should we say anything about how failing to receive announcement messages > in > a timely fashion can cause the EE to miss revocation events (and maybe > other > things as well)? CoAP Observe notes that it is only a "best-effort" > approach and the server could lose state about subscribed clients, which is > probably worth re-emphasizing. > > We might also note that the use of DTLS can provide confidentiality > protection for CMP-level metadata (though probably cannot obscure the fact > that CMP is in use). > > I would also suggest making a statement about what security properties are > required from a CoAP/HTTP proxy. Since CMP itself provides end-to-end > protections, I expect these requirements to be fairly weak (i.e., we don't > need to trust the operator of it with any sensitive plaintexts), but it > seems worth stating what considerations may arise. > > The CMP protocol depends upon various mechanisms in the protocol > itself for making the transactions secure therefore security issues > of CoAP due to using UDP do not carry over to the CMP layer. [...] > > I think what we're trying to emphasize here is "using UDP without > cryptographic protections for message confidentiality and integrity", since > we go on to talk about how the connectionless nature of UDP remains an > issue. > > Also, nit: comma before "therefore". > > In order to to reduce the risks imposed by DoS attacks, the > implementations SHOULD minimize fragmentation of messages, i.e. avoid > small packets containing partial CMP PKIMessage data. > > Up in §2.4 we said ("MUST"!) to use block-wise transfer to avoid (IP) > fragmentation. Does this guidance apply to only IP fragmentation as well, > or also to CoAP-layer "fragmentation" (i.e., block-wise transfer)? The > latter seems nearly impossible to achieve, given that the X.509 structures > used by CMP are unchanged by this transport and are likely to be too large > for a single datagram. > > A CoAP-to-HTTP proxy can also protect the PKI entities from various > attacks by enforcing basic checks and validating messages before > sending them to PKI entities. [...] > > What's the motivation behind just using a vague phrase "various attacks" > instead of listing more details of known attacks (while still stating that > the explicit listing is incomplete)? > > Also, we should note that putting the proxy in this position causes the > proxy itself to be at risk of attack. (In particular, our requirement for > CoAP-to-HTTP proxies to buffer CoAP requests before initiating the outbound > HTTP request subjects them to a resource-exhaustion attack.) > > Section 8.1 > > [RFC6712] Kause, T. and M. Peylo, "Internet X.509 Public Key > > The RFC Editor will surely fix this, but it's quite unusual to mix "Last, > FI" and "FI. Last" format for names in the same reference. > > Section 8.2 > > I think DTLS 1.3 needs to be a normative reference based on how we give > SHOULD-level guidance to use it. (I don't think we're specifically tied to > 1.3, though, and if for some reason DTLS 1.3 still hasn't been published by > the time this document is ready, we could swap it out for DTLS 1.2.) > > Section 8.3 > > The two URIs [1] and [2] seem to be identical; are they both needed? > > > Thanks, > > Ben >
- [Ace] AD review of draft-ietf-ace-cmpv2-coap-tran… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Michael Richardson
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Daniel Migault
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Daniel Migault
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Daniel Migault
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Brockhaus, Hendrik
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Daniel Migault