IETF Logo Mail Archive

Re: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)

Marco Tiloca <marco.tiloca@ri.se> Mon, 20 July 2020 07:59 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE5E93A0033 for <ace@ietfa.amsl.com>; Mon, 20 Jul 2020 00:59:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29iexkz1FZmY for <ace@ietfa.amsl.com>; Mon, 20 Jul 2020 00:59:20 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2089.outbound.protection.outlook.com [40.107.22.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07A913A0029 for <ace@ietf.org>; Mon, 20 Jul 2020 00:59:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SCuqXesMKbT0YaAW2qGoLIAIWI6XbY5E0egO5/HPL8xMTfBXEbCgz75A4J7mjlIW9Eh53u+wotcmTgnv+ScHft9Z0L8AH/d1k1Yw7TURC1jutS5pTtT0UyXOmLgXyGYb5l/7m4YJb9Vpx8bpAFEw0+Zz4eBnKUTTgXiAFnIGT2/RwU9KmRWn40prVYzY4xIO4LNdzHEWPwkbKOHj+DPLDfhBi/PGoRWTTaXcTPmrVJGxpBSDn0/GxyQJdqJt2mIJ1QlyFj1ijA/fq/DFQk37oMCaD6TpKmHhuxu/wNyxqhw1FhFqDmTzxPjlv+RUhQVOQVYzMi/4V3JakWIAvEDJfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=66GlW1uCx4nrahzM15KWFPFNctwsRsnPVJn7VHJ7tGA=; b=ZTFOWO/rl2cFUuTDApGUKCObOsljkh7qnggV3CNZZEqLM5DHk5joR4ZWAwinakDzlD3ompZvSd9RKtIryC8EHAIPFpch3j9FLcdjqpTleTnzKoLqmAaTx0zXvux/3MmziCsMWu5loQ/73inI//8KNfSI/RKhbOzzsASm8gyyxGi68IHlQxQQ8ekPz/vmRgv7goRJ7E5oPi7JSEBwChuLcjr9ZAHq28NxblpFlHPlK/keYltcwzDuAbOG1Weq1tZu67zOGbCu2SoH4ZezwOHHl+ZTac+YOtTSJLrk5JehFLt5D7kgneVyX9hrMDJ6PRMLnkTwS19xYDfXOUVZn2ktZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=66GlW1uCx4nrahzM15KWFPFNctwsRsnPVJn7VHJ7tGA=; b=AmnxPp2SXsVFWXQGH1UsA/3pNcJaX1W4w6ssKv2vx5TT/XbBA3EPUO3XoXcB7FYTOSgqDOssJe/bSjaD88O7INDOMBNhCYrigSzy6ohq6So4DfD21Y1NA+O29ZOhqaMwnMoo+sE5YGom8wZ63KCLYdgWLZhGE/W3MtGIA7vDo9E=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31) by VI1P18901MB0784.EURP189.PROD.OUTLOOK.COM (2603:10a6:800:127::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.23; Mon, 20 Jul 2020 07:59:16 +0000
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::2124:eed3:60cd:95a2]) by VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::2124:eed3:60cd:95a2%6]) with mapi id 15.20.3195.024; Mon, 20 Jul 2020 07:59:15 +0000
To: Christian Amsüss <christian@amsuess.com>, ace@ietf.org
References: <20200703065558.GA559393@hephaistos.amsuess.com>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <882de884-c1d8-96b0-3281-39a2965c4519@ri.se>
Date: Mon, 20 Jul 2020 09:59:08 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <20200703065558.GA559393@hephaistos.amsuess.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="m1mmPUNhBLOFVLkfJhOWtc8sL3Df7u06w"
X-ClientProxiedBy: AM6PR02CA0029.eurprd02.prod.outlook.com (2603:10a6:20b:6e::42) To VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.0.3] (37.120.131.76) by AM6PR02CA0029.eurprd02.prod.outlook.com (2603:10a6:20b:6e::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.18 via Frontend Transport; Mon, 20 Jul 2020 07:59:15 +0000
X-Originating-IP: [37.120.131.76]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 363f76ed-0821-41a0-f68a-08d82c82cc36
X-MS-TrafficTypeDiagnostic: VI1P18901MB0784:
X-Microsoft-Antispam-PRVS: <VI1P18901MB0784A50E7E3F8C4F0FF4864E997B0@VI1P18901MB0784.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: SLmadX5NMS4rWzfgbkrVX7BkKVyzG62zoxvOWpRlJUzkN0LZN9SvTQBxTa7keLM7aiyHbBJpmZdloTGpaC4DtXc1RwYwURNFuBwfl6Ol1SqbYUk5n8Chdkl6ic/KNJ82rl6+b+GHfkrpU3J5x9SxqC7MEBf+Fio8BjQz3Rha/vdct49jJAtXC6JVVE3Qe/Z/f3cBmW7dXpofHc6pRrNN13aKeRfW19YotG/uRJ8qqq8xyc57tunJE2DsvnJMouQmNzI2qYevHA5PDMy9zyVxaBs9gx2d2O5Fm4tmHdWYakNPaRnFibpbzTJUxmSOoY2zcs84Z562BZCEF/Xs6pKn+vD8HGs1PnxEIDCynIppZsxck7qxj/jLJ8ln/Aws0hoLlNBihv8KU4eUnW6N6K9suEoSPMSgvfi70s+uz+NwSDYKRNOk40BuNp/dxQPi8MmOXir8HKxzm8kzZEdRDkjrMg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1P189MB0398.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(376002)(136003)(346002)(366004)(39850400004)(53546011)(186003)(16526019)(66476007)(316002)(2906002)(6486002)(8936002)(478600001)(26005)(21480400003)(2616005)(86362001)(5660300002)(235185007)(44832011)(31696002)(66556008)(66946007)(16576012)(956004)(52116002)(66574015)(966005)(6666004)(31686004)(36756003)(166002)(8676002)(83380400001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: pLAryEhnDXb769Nqkkl+HYMqnY8BHs5pd9VHX8PZ2NkHRAvV1LY4TwX942Q1rHHZu12FGrxZy1ZwmGDO4LbiDa10EPxZUI3dlzS2E0MKquNTmuHJAkC/0evyoz2JbAITDgmeQHm2Yf0ZoH3A6WG8temjwf1zqsgF4CqR2iQX1MIKWZx40hhcCa1eHIPZxFRPA44bmFwGLXr7BXL5WW04KO/rU1xV3K6hnmIDBkNUAspFU3TyFEgR3BwNynoJB+EpdJz1I4F3qUnacGeKcz07iov5HIl9EUXJ2CKXFwGzyF93UmGuaMxxLG7pHoz2KebDz4WssRrnexwP3LLXykLiZ7w3EYaNmKOqP3R6zCxPwdPtfo4VJwHhs3CaRbF8fkB/h3ufz7kxOR+dPue+5+vcT41uc+N5etT4vNGJJBVge2KT779cr7cWmky5jizOhsb+9cmeUEXDIs47xaxgbRCXptfy/9Ut+G0IC3eM3Cz9jKc=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 363f76ed-0821-41a0-f68a-08d82c82cc36
X-MS-Exchange-CrossTenant-AuthSource: VI1P189MB0398.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2020 07:59:15.8848 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Y8QMGGmY4SFCd9La1fv4V3KQm7mrnRjGPYprJCffkMZzH23d36GPlm4xQ8P9Q9R60+kt6Hl4Cm4d1n/tAMyuEA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P18901MB0784
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/fRwAnGI79OFmWlvmgJpocOFvLiA>
Subject: Re: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2020 07:59:24 -0000

Hi Christian,

Thanks for your support and comments!

We have processed some of your comments in the latest version -02, while
some are still open to cover in the next version.

Please, see our replies in line.

Best,
/Marco

On 2020-07-03 08:55, Christian Amsüss wrote:
> Hello ACE,
>
> I've read through draft-tiloca-ace-oscore-gm-admin. Its value is in that
> it fixes a gap in the set of current drafts on the topic:
>
> Without (something like) this, group deployment applications need
> application specific group managers, and as the GM is not trivial to
> implement, I'd expect that they would bundle the GM with their
> on-at-deployment-time tools rather than ship a constrained and
> well-specified always-on GM that's just managed by their deployment
> tools -- leading to much more error prone deployments that can't
> leverage OSCORE group communication in full.

==>MT
Right, we have added some text in the introduction, based also on a
related input received from Carsten during the ACE interim in June.
<==

>
> I don't quite see myself in a position to advocate adoption in this WG I
> haven't actively contributed to before, but I do support this document
> being processed somewhere in the IETF.
>
> Best regards
> Christian
>
>
> PS: Small by-catch issues for the authors:
>
> The pct-encoded names in the group name sound odd to me. What do those
> names have to do with URI components?

==>MT
This slipped through in the latest update. We'll remove the statement in
the next version, i.e. the sentence can end with "... that are valid for
a URI path segment".
<==

>
> The "is fixed" and "is a default name" terminology around resources is
> probably confusing to people who don't know ahead of time what it's
> supposed to mean; moreover, demanding that the URI be fixed is a pretty
> harsh requirement for something that may move around in the network;
> furthermore, while an I-D should avoid creating URI aliasing, it
> shouldn't rule out that the server may do that either. (And if it
> supports different transports, right now it needs to). Later in 2.5.3,
> it even sounds like the path is prescribed.

==>MT
That's actually intended for the uri-path . We have updated the text,
avoiding to talk about fixed resources and default names.

OLD: The URI of the group-collection resource is fixed and has /manage
as last path segment. The url-path /manage is a default name:
implementations are not required to use this name, and can define their
own instead.

NEW: As an example, this document uses /manage as the url-path of the
group-collection resource; implementations are not required to use this
name, and can define their own instead.
<==

>
> Other than this being an ACE document, is there a particular reason
> "Getting Access to the Group Manager" is prescribed to use ACE? The
> whole 2.1 section sounds quite repetitive when read in the context of
> ACE, and unnecessary when different methods are employed. Maybe if there
> were talk about different admins and whether they may change each
> other's groups that'd be conveniently be expressed in terms of ACE
> scopes (not sure), but as of now it isn't.

==>MT
Yes, we can explore more about different administrators managing common
groups.

More generally, this management process is supposed to work side by side
with the joining process, for which the Group Manager uses ACE. So, it
just felt natural to think of the Administrator as also another ACE
Client at the Group Manager.
<==

>
> Why is "Update a Group Configuration" a PUT and not a PATCH? It does not
> replace the resource, it just modifies it.

==>MT
Everything that is not specified in the request is completed considering
default values.

We will extend this to support PATCH and selectively update only some
parameters.


Thanks a lot again!
<==

>
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace

-- 
Marco Tiloca
Ph.D., Senior Researcher

RISE Research Institutes of Sweden
Division ICT
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

Phone: +46 (0)70 60 46 501
https://www.ri.se

v2.23.0 | Report a Bug | By Email