Re: [Ace] Esko's review from 5/28/2019 (was RE: I-D Action: draft-ietf-ace-coap-est-11.txt / additional review comments)

"Panos Kampanakis (pkampana)" <> Tue, 28 May 2019 18:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 53C32120123 for <>; Tue, 28 May 2019 11:28:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=Wb0dCmSs; dkim=pass (1024-bit key) header.b=YjcVhwJj
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ia8PZhrD_VOG for <>; Tue, 28 May 2019 11:28:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DCFB8120090 for <>; Tue, 28 May 2019 11:28:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=22456; q=dns/txt; s=iport; t=1559068091; x=1560277691; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=wOXR6ZB0Jq2Q9VFUDWC5lqOM9NXyPXFKfctHyYdUs6U=; b=Wb0dCmSsr4us9llXLHLzy8EkPtQmpKLgueNGSZ3FotWMSVvKHFYlll6J mZfsPqilYjRMzuS/x+KF+DEsv8bcp8snfH4TRaFZVdlodvs3OV6OegBP8 lRnVgvyCELr6hICFx/QJavA4VWChmhkt/KfVto/ajLfqbFIXtzCCz6odD 0=;
IronPort-PHdr: =?us-ascii?q?9a23=3AcT6esxGOlpuR4Yisqp4EvJ1GYnJ96bzpIg4Y7I?= =?us-ascii?q?YmgLtSc6Oluo7vJ1Hb+e4z1Q3SRYuO7fVChqKWqK3mVWEaqbe5+HEZON0pNV?= =?us-ascii?q?cejNkO2QkpAcqLE0r+eebpZikiFcJLfFRk5Hq8d0NSHZW2ag=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DHAAAIfe1c/4wNJK1cCR4BBgcGgVI?= =?us-ascii?q?ICwGBPSQsA2lVIAQLKAqECYNHA45+SoINlyuBLhSBEANUCQEBAQwBARgPBgI?= =?us-ascii?q?BAYRAAheCTCM1CA4BAwEBBAEBAgEEbRwMhUoBAQEBAgEBARARBA0MAQEpAww?= =?us-ascii?q?EBwYBCBEEAQEDAh8HAgQlCxUICQEEARIIGoMBgWoDDg8BAgyfAwKBOIhfcXw?= =?us-ascii?q?zgnkBAQWBMgGDTxiCDwMGgQwohGmEIYJJF4FAP4ERRoFOfj6BBIFdAQECGIE?= =?us-ascii?q?UAQgKAQcBARgVgnMygiaLNgYCBg2CO4Z6kmhpCQKCDYVcWIx8gh+KZolEjG6?= =?us-ascii?q?BKIVajBI1BoIpAgQCBAUCDgEBBYFQATZDI3FwFTuCbIIPN4M5hRSFP3IKgR+?= =?us-ascii?q?LFw0XAQaBBAGBIAEB?=
X-IronPort-AV: E=Sophos;i="5.60,523,1549929600"; d="scan'208";a="279198895"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 May 2019 18:28:10 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x4SISAER016232 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 28 May 2019 18:28:10 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 28 May 2019 13:28:09 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 28 May 2019 13:28:08 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 28 May 2019 14:28:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wOXR6ZB0Jq2Q9VFUDWC5lqOM9NXyPXFKfctHyYdUs6U=; b=YjcVhwJjvEnwA4SVt3C6QKykqGfILxL4sqJTl6VL410AiHBSALv0kJY5DwWdGZHrhOE0P5vdlpgRE003ZrnU3pVyYcur28onq0Pd19TAwd8nxE4EkPwMlNLSQd2qsZ5zgNaxuXP5nI9bH+yMdVlarqo+guklhesCIQcihBoTLTI=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.15; Tue, 28 May 2019 18:28:07 +0000
Received: from ([fe80::5463:bad7:8321:766e]) by ([fe80::5463:bad7:8321:766e%6]) with mapi id 15.20.1922.021; Tue, 28 May 2019 18:28:07 +0000
From: "Panos Kampanakis (pkampana)" <>
To: Esko Dijk <>, "" <>
Thread-Topic: Esko's review from 5/28/2019 (was RE: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt / additional review comments)
Thread-Index: AdUVfO4cNfPEoNTQSY2z0TbI0APVRQ==
Date: Tue, 28 May 2019 18:28:07 +0000
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a527b2e9-390a-4f70-7cba-08d6e39a3b2e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2833;
x-ms-traffictypediagnostic: BN7PR11MB2833:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00514A2FE6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(376002)(396003)(39860400002)(136003)(13464003)(51914003)(199004)(189003)(52084003)(53946003)(53936002)(74316002)(3846002)(2906002)(71190400001)(68736007)(30864003)(305945005)(76116006)(2501003)(14454004)(71200400001)(66066001)(6436002)(7696005)(966005)(66946007)(7736002)(6306002)(66446008)(66556008)(64756008)(9686003)(25786009)(73956011)(6246003)(33656002)(478600001)(81156014)(486006)(81166006)(6116002)(26005)(229853002)(99286004)(316002)(55016002)(5660300002)(256004)(102836004)(52536014)(86362001)(8676002)(66476007)(8936002)(110136005)(53546011)(14444005)(6506007)(476003)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2833;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: XsuTlIcq60pIdjQcHT8XT2L8NLR+JwK5oLrdrMttZq+wja93Ip+75GobQN9FXBDn5pvPZz4tTqtb8SBNHCWLs6x9DY4tTPMi1fKdRx3pvy+EwFAB2SGxEHPbflW9hEPp0MgAIVJi2wUHC0E4fTt5Gh8V8wpDqqXaidYCr78XtdjT/TDziRvEG3JhEnOG9xsjiRjnaOhH8GJSXaSghF+DjzBoWdLKpnGq8V85yuWkQ5PzVdrGeesacxrM3btRAyvY5V3p8KzU6sGzXZGysmmWfDB7VgOWp2X7dqCvNUAoowqugy7EiosX2LNCftqWRFdrdhlmRCnJ+b1tZ5htQuyNVWvtTb/86t7erx2XWGui7L6u83vEgSdFlYnsw466iN3HRMEBOBPg5fAhX1f4k43kBVpD9NCpHvXFTVXvwKQEFlw=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a527b2e9-390a-4f70-7cba-08d6e39a3b2e
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 May 2019 18:28:07.5375 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2833
Archived-At: <>
Subject: Re: [Ace] Esko's review from 5/28/2019 (was RE: I-D Action: draft-ietf-ace-coap-est-11.txt / additional review comments)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 May 2019 18:28:15 -0000

Hi Esko,

Changing subject line to address your new review comments first. I will address your response to your previous review in the other thread.

Thanks again for finding these nits and for your suggestions. 

> -> I wonder why the client would trust a new Explicit TA, if the EST server itself cannot be authenticated using that TA. It will disconnect and then upon next DTLS connection to the same server the handshake will fail against the new TA. And the client can't perform EST anymore until factory reset. Or is the expectation that it somehow will use another EST server for a second try?

As you are pointing out, this is not a likely scenario because the cacerts response better include the root cert to authenticate the EST-coaps server going forward or the clients will be dead in the water. This text is added to address the RFC7030 (Section 4.1.1) language that explicitly says that the very first time you go from an implicit to an explicit TA you are supposed to teardown the connection after you get the cacerts response and start using the new TA going forward.

In some usecases we don't want to renegotiate DTLS in constrained heavily utilized mediums and establish a new connection for enrollment after a cacerts request, so I added this text to say that it is OK to keep the same connection but make sure you check that the server cert in this connection still validates against the just received cacerts.

> Sections 5.1, 5.7, 10.2 : word "he" is used to refer to client or server. Maybe this should become "it" (not a person).

I went and made the sentences throughout the draft referring to client as "she" and the server "he". Better to be able to distinguish like that because "it" can be confusing.

I fixed all the rest. 

More details in the github issue 

The diff is here 


-----Original Message-----
From: Ace <> On Behalf Of Esko Dijk
Sent: Tuesday, May 28, 2019 6:31 AM
To: Panos Kampanakis (pkampana) <>om>;
Subject: Re: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt / additional review comments


Thanks for the update! First, regarding the changes:

   mapping of HTTP response codes to CoAP response codes.  The success
   code in response to an EST-coaps GET request (/cacerts, /csrattrs),
   is 2.05.  Similarly, 2.01 is used in response to EST-coaps POST
   requests (/simpleenroll, /simplereenroll, /serverkeygen).  Section 7
   of [RFC8075] maps 2.02 (Deleted) or 2.04 (Changed) to an HTTP 200 OK
   response, but 2.01 (Created) is more suitable for the creation of
   certificates in the context of EST-coaps.
-> 2.01 Created is now used as POST response.  While I agree that it sounds more logical to use 2.01 than 2.04 (since a certificate is created by the server, based on the CSR), there is the CoAP level expectation that when using 2.01 the resource is created at the location of the request - that is, for example, at /sen. So if the client would do a GET /sen it would get the actual previously created certificate. (Which is not the case.) The text in RFC 7252 that states this is "Otherwise, the resource was created at the request URI."   So 2.01 is used to create new CoAP *resources* that can be found at the server using a subsequent GET request. And 2.04 is used to execute actions like 'create x' , the result of which is returned in the response but otherwise not available anywhere on the server anymore. The latter is the case in the EST-coaps protocol flow as there's no way to GET the resulting certificate later on.
-> the resources in brackets should now be the short resource names, since we talk about EST-coaps resources not EST resources anymore. So "GET request (/crts, /att)" etc.

* "EST makes use of HTTP 204 responses when a resource is not available for the client."
-> EST states either 204 or 404 can be used; which in CoAP translates to 4.04 Not Found  if the resource is not available to the client, i.e. does not exist. That seems the easiest translation here. Though the server could also send 2.05 with an empty zero-length payload, to express that it has that function available but there is "nothing" there for the client.

* 2.04 SHOULD only be used in response to an EST-coaps
   POST when the response comes delayed in a separate (not Piggybacked)
   message after an empty 0.00 message (Section 5.7)
-> this seems strange, the response code remains the same whether separate response or piggybacked response is used. At this level of request/response, there's no need to try to detail this. I feel it only makes it more complex; the base CoAP protocol should handle piggybacked vs separate for both client and server. (Without impact on response codes).

* Table 3: the "4.xx" can be "4.xx / 5.xx" because the 5.xx failures can also occur in any CoAP server in principle.  I don't really see why 4.02 should be mentioned separately? It again is defined in the base CoAP spec and not really of interest for EST-coaps, nor used by any definitions or examples in the current specification.

Second, below a few more review comments on the -11 version:

* End of Section 6: "If necessary, the EST-coaps-to-HTTP Registrar will support resouce discovery according to the rules in Section 5.1."
-> what about (also added letter to 'resouce')
"The EST-coaps-to-HTTP Registrar MUST support resource discovery according to the rules in Section 5.1."
Because this Registrar operates to the CoAP client facing side exactly like a CoAP EST server. So it must support the same rules for discovery, or else it won't work (e.g. be not discoverable).

* Section 9.1: "These have been registered provisionally in the Expert Review range (0-255)"
-> "These have been registered provisionally in the IETF Review or IESG Approval range (256-9999)"

* Section 10.1: 
   A client that pipelines EST-coaps /crts request
   with other requests in the same DTLS connection SHOULD revalidate the
   server certificate chain against the updated Explicit TA from the
   /crts response before proceeding with the subsequent requests.  
   If the server certificate chain does not authenticate against the
   database, the client SHOULD close the connection without completing
   the rest of the requests.  The updated Explicit TA MUST continue to
   be used in new DTLS connections.
-> does the last requirement mean new DTLS connections to the same EST server? Or, new DTLS connections to any EST server(s) in the future? 
-> it is also unclear here whether the updated Explicit TA needs to replace an existing configured Explicit TA (e.g. obtained from an ANIMA voucher or a previous /crts request. ).  I would think not, especially given that the verification of it failed in above text?
-> I wonder why the client would trust a new Explicit TA, if the EST server itself cannot be authenticated using that TA. It will disconnect and then upon next DTLS connection to the same server the handshake will fail against the new TA. And the client can't perform EST anymore until factory reset. Or is the expectation that it somehow will use another EST server for a second try?

* Section 10.1: "depend in" -> "depend on"

* Section 10.1: "especially since the practicality of such an attack would not expose any messages exchanged with EST-coaps."
-> rather complex sentence, what about
""especially since a 3SHAKE attack does not expose messages exchanged with EST-coaps."

* Section 10.1: "Regarding the Certificate Signing Request (CSR), a CA is expected to be able to enforce policies to recover from improper CSR requests."
-> should be "an EST-coaps server is expected to" ?   Because this specification and 10.1 describes the EST-coaps server, not a CA.

* Sections 5.1, 5.7, 10.2 : word "he" is used to refer to client or server. Maybe this should become "it" (not a person).

-----Original Message-----
From: Panos Kampanakis (pkampana) <> 
Sent: Saturday, May 25, 2019 06:48
To: Esko Dijk <>nl>;
Subject: RE: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt

Hi Esko,

Thank you again. Again a very elaborate review and found some good nits in the Delayed responses section. To make it easier I logged the issues and fixes here 

The updated doc is here and the diffs are here  


-----Original Message-----
From: Esko Dijk <> 
Sent: Tuesday, May 21, 2019 6:31 PM
To: Panos Kampanakis (pkampana) <>om>;
Subject: RE: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt

Hello Panos,

For the draft text I have a couple of more review remarks:

* page 8 first bullet: a previously issues client certificate could also expire, in some cases even without the client knowing. If the client then performs simple re-enrollment -- using its previous operational cert as authentication, what would happen?  I would expect the server MAY also want to use this certificate to authenticate the client. Because the purpose of the client connecting again to the EST server is to do simple re-enrollment, to get a new certificate.   Suppose a case where the handshake to the EST server fails because the EST server rejects the expired operational cert:  what would the client do now? It could be a certificate_expired message.  RFC 7030 provides no guidance in this matter; would EST-coaps need to define this? E.g. client SHOULD retry using the bullet #2 certificate (e.g. IDevID)?

* page 8 middle: "CoAP and DTLS can provide proof-of-identity for EST-coaps clients and servers with simple PKI messages as described in Section 3.1 of [RFC5272] "
Looking up this section it says: "The Simple PKI Request MUST NOT be used if a proof-of-identity needs to be included."   This seems to say the opposite of the above text?  This requires at least some more explanation.

* page 8 middle: "Moreover, channel-binding information for linking proof-of-identity with connection-based proof-of-possession is OPTIONAL for EST-coaps"  -> is it OPTIONAL for client, server, or both? I would assume it is OPTIONAL for both. If the (light-weight) client does not implement it and if the server does mandate it, the client can not connect to that server if its policy is set to "linking POP/identity required".

* page 14 top bullet: "The CoAP Options used are .... " 
  -> the item Block could be expanded to "Block1, Block2" to capture the actual Option names.
  -> Location-Path is never used in any of the CoAP interactions defined; should be removed.

* Page 14 first 5.5 paragraph: "Similarly, 2.01, 2.02 or 2.04 MUST be used in response to EST POST requests"
  -> 2.01 Created is like HTTP 201, which is not used in EST - so can be removed here.
  -> 2.02 Deleted has no HTTP equivalent, so is not used in EST. It should be removed here.
  -> that leaves only 2.04 responses. However the text should say this is for successful (HTTP 200 or 202 in EST) responses , so suggestion is to change above sentence to: "Similarly, 2.04 MUST be used in a response to a successful EST POST request"

* page 14 bottom: "EST makes use of HTTP 204 and 404 responses when a resource is not  available for the client.  The equivalent CoAP codes to use in an EST-coaps responses are 2.04 and 4.04.  "
  -> CoAP 2.04 can only be used in responses to POST or PUT requests, not for GET responses.
  -> so in CoAP the server could either return 2.05 with empty payload (equivalent to HTTP 204), or return 4.04 (equivalent to HTTP 404)

* page 15 bottom: "The EST-coaps client and server MUST support Block2.  Block1 MUST be supported for EST-coaps enrollment requests that exceed the Path MTU."
  -> could be clarified better, I expect a EST-coaps server MUST support Block1 because that server doesn't know in advance how big the client's request payload is going to be and whether that client will use Block1.
  -> e.g. "The EST-coaps client and server MUST support Block2.  The EST-coaps server MUST support Block1. The EST-coaps client MUST support Block1 if it sends EST-coaps requests with an IP packet size that exceeds the Path MTU."

* page 16 example: the payloads are not indicating that each "{CSR req}" payload is different. I.e., a different block. It would be more clear if that is shown e.g. "{CSR 1}", "{CSR 2}", ... up to "{CSR N1+1}". The "req" string is not needed since the R in CSR already stands for request.

* page 17 example: see above payloads remark; and the following:
  --> what I find strange here is that a blockwise POST request ends with a 5.03 response, and then the same request after that gives a 2.01 response. In CoAP AFAIK, one request can never give 2 responses in sequence.
  --> once a response is delivered back to the client piggybacked on an ACK, the server closes the transaction normally and no further state for the transaction is kept.
  --> normally if a server sends 5.03 with Max-Age the client needs to send a new request i.e. retry with a new request after this waiting time.   That implies the client would need to resend the entire request: all blocks of it!
  --> I do realize that resending all blocks is very inefficient ; but at the same time the example also seems incompatible with CoAP specs.
  --> another question is why does the server use Block2 option in the 5.03 response that has no payload. In RFC 7959 Section 2.1, "the Block2 Option pertains to the response payload" and "payload-bearing responses". So it should be just left out in the response without payload I think.
  --> I understand this sequence of messages was tested using interops/code; was a specific CoAP library used that exhibits this behavior? I would be interested to understand better why this works.

Hope these comments can still be used for improvement of the spec. I will send further review comments in a next email: still need to write these down.

Best regards

-----Original Message-----
From: Panos Kampanakis (pkampana) <> 
Sent: Monday, May 20, 2019 17:31
To: Esko Dijk <>nl>;
Subject: RE: [Ace] I-D Action: draft-ietf-ace-coap-est-11.txt

Thanks Esko. 

Addressed in Two comments: 

> page 11 bottom requirement: " The client SHOULD use resource discovery when he is unaware of the available  EST-coaps resources." - when an EST server is known, this requirement does not really apply since the server always supports .well-known EST resources.  So I read it as doing an RD discovery or multicast CoAP discovery if the client doesn't known the EST server address.  Hope this is clear enough in the text and intended?

There are optional resources like /att, /skg and /skc that the server does not have to support, so that is what this sentence was referring to. 

> page 11 bottom: " It is up to the implementation to choose its resource paths” -> seems not really the case, because the root resource structure is forced by the specification. It could have been designed as free choice (because it can be discovered anyway) but it is not.

The text says that the server MUST support the default /.well-known/est root resource and it SHOULD support resource discovery for non-default URIs (like /est or /est/ArbitraryLabel) or ports. In the latter case it is up to the server to decide the paths he makes its resources available at. That is what this sentence was referring to. But you are right; I realized that this sentence is redundant so I only kept "Throughout this document the example root resource of /est is used."

Will reupload the next iteration in a few days. 


Ace mailing list