IETF Logo Mail Archive

[Ace] Review of draft-ietf-ace-oscore-profile

John Mattsson <john.mattsson@ericsson.com> Sat, 05 September 2020 12:51 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 067ED3A104C for <ace@ietfa.amsl.com>; Sat, 5 Sep 2020 05:51:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WapMYdrN8p_n for <ace@ietfa.amsl.com>; Sat, 5 Sep 2020 05:51:14 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30051.outbound.protection.outlook.com [40.107.3.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA9013A0D9A for <ace@ietf.org>; Sat, 5 Sep 2020 05:51:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fNseLhP8Uu+rsb1QCJ++FH3ouauKF7eIZYDiKb5Rtc0z6oSflt71Y3MDkW4meNIrSvuMJRzsyr+NQ26aCtBNTVMZ8lV9Wz5O8XNqxAZX667hPfR4vCNTJcEB3EBheQuu8JxRp/B2Y8smOWWIy5qGhTMAxKO1EOwEmWl3zotR6Ak5dFXXzE9YaQXdEzE+6FKXpG+rMu4RlaI3fFeGe9Gr00OZmnksTxOLvRG5nPqx8ibV/OCBM4hJyRefdYBtmFzHB5CVgkUkCdvmMyZYcpK/mqn4nKhOVufEzolw3gJPS8UzdBa2g1XaSQPlhwissK9Faze3XWDPvwC9tNfRemLNpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PC0co9numlzvzmQx6WeHgqnh8geRw9KYdOvJn7Xpuzw=; b=EC/RUyeYOehGVgNrADbf66cEsMDbcpDgDhOAxHE/7TuMBswlBvvEcEGuTz3kwJSrnI4lxgjc40cJgHHTT7/vvvj7DobfIIJlIrDHK787bjIal5OSohshfo0Y4CpO4q/3ZfJdqnQH9tog7IsSCSywRNaPWb9ZPYbTnFt+tKYVJ6xEQ2RV522ubnfa6HgKla/sF5XgBHM/p8G+MF8TxIQRkqbwzESR+saUU+oK8rDfsBZP7iMV/YdZminQDEDjxFGvp3MQQbcRr5u0zYbrA3LhNiZTG9Ymke8AUdjMeRZyFuPy9BYvGLjQEumA07HOvb4p41f7RcRSa6D2/voNuASuqw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PC0co9numlzvzmQx6WeHgqnh8geRw9KYdOvJn7Xpuzw=; b=SsOJHWHLHhGAgnE5CZSsR17N/XgLhy4OxgJgaQKtm03iq53FLHPQJLGO6Xm7Vf8IamAc1F1AklL83izZr+++n0bukhgzKqQ2hMHIVo7Jr1csNfui5ev4ahZZ5JsfQy1ZtY+KaZGwWjCn2r0cR0cVScJTn+d0cL58jiYN1oWBEhM=
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com (2603:10a6:20b:17::24) by AM6PR0702MB3720.eurprd07.prod.outlook.com (2603:10a6:209:12::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.6; Sat, 5 Sep 2020 12:51:11 +0000
Received: from AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb]) by AM6PR07MB4584.eurprd07.prod.outlook.com ([fe80::4027:7312:e764:73eb%2]) with mapi id 15.20.3370.009; Sat, 5 Sep 2020 12:51:11 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Review of draft-ietf-ace-oscore-profile
Thread-Index: AQHWg4M79uX9e36lC0mzSIP1XPgmMQ==
Date: Sat, 05 Sep 2020 12:51:11 +0000
Message-ID: <B69129BC-0DEC-48C8-93A2-70E541F3814E@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: edc3dfbd-8385-4eb5-0700-08d8519a5ddf
x-ms-traffictypediagnostic: AM6PR0702MB3720:
x-microsoft-antispam-prvs: <AM6PR0702MB3720705970B44187FF8B7B68892A0@AM6PR0702MB3720.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lYChCRsn3wkSSuWqHiOnDx+NDtLyH7i0RLOudF+IDV7Oc0zWO1nFnECklIbZymtt2XlwtHqXUvjpsUoo7i9P5JjLPaDWsvBudD/ymXCa33i4Z9vbteuj0p/wVwueJXACRFyeHU7egoKnrSKjHCYxcSg9SYyQ2YVLQsUKmNjalpFZZw4TzHc3BWk5HLrgSOujq6IzZBe2VI4num/vJJYPAQsUy6NglEIkufZV097pvYqYZ6Q5cLzA+qRWwTtasAxaMy3HDPCT79Qz+sRy3JY1FYpwgnfsJNr49YwRoS18J95UsJjrGaqjkjlp1NVbcAwTcSqBQFwx55BVhdEIlD6W1QwvN1iuzFjV2dRLD/Tb6qU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB4584.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(136003)(396003)(39860400002)(376002)(316002)(64756008)(6916009)(6512007)(91956017)(76116006)(66476007)(66946007)(6506007)(66446008)(5660300002)(33656002)(83380400001)(66556008)(86362001)(8936002)(2616005)(44832011)(6486002)(71200400001)(26005)(8676002)(478600001)(186003)(2906002)(966005)(36756003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: MCERYcaO27lCCM1c+vpfh90PMyLdryv6a/sbQTbU9j8SCZSjTaTrn4+9fIJsvElJbLACoWrhuKI1OqD2S+WJTuXbry9UBK3FQzeIA2sqV989wr+WsGcXxu4XanKz6QAZ/ROwqke7B3K1FWDrbyPIUz1Jwz6CcqzYr8At4IjvGa/lsYX7D8NMm3vG0ez3OX44N8/zIbeQ5YrpjmlFVfAuxaeqj9U7/ktq7efBcCSf3VJxfxgJbJXm2LMZpww4e+y5wV4hIcydfjCLc1Tt+g+wVb+K+rsKopGp8VXPA2Do0emQkIzWlUb8UrTnZQrJhHmJgjBmiKaHcDWU+WNvTAtFrFYs9GZB7SNs3dT3J4Hs4D/Jimce8DpMQ4OfJwsjPBUJtv+rT4d54GZq0oscwVhuoMHHfJamyEj+OsyYAqzd6u/VI+dPd8/v4dAm7olp9CGngZ9sv5A+WB+f/naTbdDdzTcNepHC+kia/KZP5f1bOBPmmW7U9s7jwJF79OkdSsf21795bt2SMZ+P5v+01dY9lxRtEIWCgAyKG48AWOJmSrDozH9AD7dvtervQRfdiFNMIBaxNNt3lB0HcLkqbLvCqYRgYdC+9BBDd3Re4o1Ws8c2FRM7ttsUHZErv2VzMZMSfWaerDpczO0sRDVr0+OPnQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <DB049B8B2CBD294A9D7CB660B59B4C76@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB4584.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: edc3dfbd-8385-4eb5-0700-08d8519a5ddf
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Sep 2020 12:51:11.3546 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JM9yQXlfR7A5OvkO+L1G2ZTJHWjLKcQAgbmOEpir+3Ht3VTgADJhnpvAp3yMWv+moAdE7hkhSfeC/XfZtNGlfFgjJbzv/8L7e3iln7iybIQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR0702MB3720
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/gSICgDPXN69caNn2OEF5dJuQGm4>
Subject: [Ace] Review of draft-ietf-ace-oscore-profile
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Sep 2020 12:51:16 -0000

Hi,

I have reviewed the latest GitHub version of draft-ietf-ace-oscore-profile
https://ace-wg.github.io/ace-oscore-profile/draft-ietf-ace-oscore-profile.html

In general this draft looks very good. I have one major comments, and several more minor comments.

Major comment
-------------------

- Asignment of OSCORE Sender and Recipient IDs

I think the specified mechanism where the AS dictates the OSCORE connection parameters is unfortunate. It introduces several current and future limitations. The current assignment mechanisms only works without problems in close systems where the RS does not have any other non-AS OSCORE connections, where the CoAP client and CoAP server roles are fixed and cannot be switched, and where only draft-ietf-ace-oscore-profile is used. In systems where the OSCORE nodes can switch between CoAP client and CoAP server (a feature explicitly supported by OSCORE) the current mechanism is likely to lead to RecipientID collisions. Also in future systems where the AS also supports a more modern key management with PFS using e.g. a future draft-ace-edhoc-oscore-profile, the mechanism would not work together in an efficient way. My understanding is that the authors would like the solution to work with both role switching and EDHOC.

How to negotiate these type of connection identifiers (in this case OSCORE Sender and Recipient IDs) have been studied and specified several times in e.g. draft-selander-lake-edhoc, draft-ietf-tls-dtls-connection-id. A solution where each party choses its OSCORE recipient ID for the connection always work without collisions. Such a negotiation could quite easily be added to the roundtrip with the nonces N1 and N2. My feeling is that it would be worthwhile to do such a change. This would also require a new identifier for the OSCORE_Security_Context Object, either a new objectID or a hash of the object could be used. I think this would be a good change as the current "hack" of using the ACE client sender Id and and ID context to identify the object might lead to other future limitations.

The suggested changes would lead quite equal message sizes and storage requirements, they might even lead to some small improvements.

Minor comments
-------------------

- "server authentication"

My understanding is that server authentication with this draft requires two additional things. That C trusts AS and that RS sends an OSCORE response back. The draft should point this out similarly to the way it points out that a OSCORE request is required for proof-of-possession. As C trust in AS, and RS sending an OSCORE response back are both optional, I would recommend to maybe remove "server authentication" from the abstract and intro.

- "The nonces are encoded as CBOR bstr if CBOR is used, and as Base64 string if JSON is used"

Would be good to define exactly how the Master salt is created when JSON is used. I.e. is the Base64 encoded strings used, or are the byte strings after Base64 decoding used.

- "the authz-info endpoint is not a protected resource, so there is no cryptographic protection to this request."

I do not think this follows from the OAuth ACE term “protected resource”. Most resources on the web are not protected resources, but use cryptographic protection (https:// HTTPS)

- "An OSCORE_Security_Context is an object that represents part or all of an OSCORE Security Context"

The object cannot represent all of an RFC 8613 OSCORE Security Context as sequence number, replay window, and Master salt are missing. I would also strongly recommend removing "context" from the name of the object so that it is not confused with an RFC 8613 context. Maybe OSCORE input keying material or something similar.

- "CBOR type"

The types listed are CDDL types. Should at least mention CDDL or change to actual CBOR types.

- "Security Context identified by "kid""

This message has two different "kid", one on the ACE level and one on the OSCORE level, would be good to clarify which "kid" this refers to.

- "client" "server"

I think the draft should have a sentence saying that the terms "client" "server" when used without specification refer to the ACE client C and the ACE resource server RS. There is another server in the ACE architecture, and on the CoAP level the nodes can switch roles.

- "input salt"

input salt is not defined when it is used in section 2.

- "clientID", "serverID", "contextID"

I am not fond of these new abbreviations for the OSCORE parameters for several reasons. The draft uses the term "clientID" for "ACE client sender ID" = "ACE resource server recipient ID", the term "serverID" for "ACE client recipient ID" = "ACE resource server sender ID", and the term "contextID" for "ID context". "clientID" and "contextID" is also together used as an identifier for the "OSCORE_Security_Context Object".

The problems I have with these terms are that "client ID" and "serverID" give the impression that they are identifiers for the nodes C and RS, which they are not. In two-party OSCORE, the identifiers (senderID and recipientID) are not connected to any of the parties more than the other. In fact, a node needs to be in control of its recipient IDs but does not really need to care much about its sender IDs.

- RFC 8613 Appendix B.2

To me it does not seem clear if draft-ietf-ace-oscore-profile can be used together with the mechanism in Appendix B.2 of RFC 8613. The mechanism in Appendix B.2 leads to a new Context ID. Is it allowed to use that mechanism after using draft-ietf-ace-oscore-profile? In draft-ietf-ace-oscore-profile, the AS dictates a specific “ID Context”?

Cheers,
John

v2.23.0 | Report a Bug | By Email