[Ace] Review of draft-palombini-ace-coap-pubsub-profile-01
Jim Schaad <ietf@augustcellars.com> Tue, 10 October 2017 01:09 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E0513239C; Mon, 9 Oct 2017 18:09:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0CC33zxFjeeI; Mon, 9 Oct 2017 18:09:20 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18AA0134323; Mon, 9 Oct 2017 18:09:16 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1507597703; h=from:subject:to:date:message-id; bh=m1MxWZetgeDFV4UXCNnp5Sy8Jx3x9CtmbG0/ec9yksE=; b=FClSzHj0952isZEJWh2FKvg0ZCttJHUFrLVnnoCSaIQPaPOCbZwmmGrhSqelJ2JFLbiAXlEgJq3 RAXvKjW4SU1yiRwhlqoLiyVJbAW7XGjg0hKC4Llvb5qnVL9PBqjos0XyyMoVozS+ozUxEFPK7VYnp 2Cz86T1JPY1rLh6oc7pO2WyWUO1g5aygwnIrr5vGNgCGc0t6eqQDfG3H6H52xT37terGQx0nddna1 4dA4mo39j53BSeCtLQ3uzlpafms9oTzYFem8aG4+jMdEX9YuWX2SoTNM9zitI7Ymft4Ztcswz5W/g p+Ezm8aSFi4/zDc4uzWReQjTGSjMcBGxNUCg==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 9 Oct 2017 18:08:22 -0700
Received: from Hebrews (192.168.1.162) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 9 Oct 2017 18:07:57 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-palombini-ace-coap-pubsub-profile@ietf.org
CC: ace@ietf.org
Date: Mon, 09 Oct 2017 18:08:45 -0700
Message-ID: <009701d34164$540c8cc0$fc25a640$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdNBTA87mF1mAa3DTgyCd00ylmVtSQ==
X-Originating-IP: [192.168.1.162]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/ht1trBjw5JZbncAPbToaD3CE5gE>
Subject: [Ace] Review of draft-palombini-ace-coap-pubsub-profile-01
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2017 01:09:21 -0000
Here are some comments on this draft. 1. I find it difficult to call this a profile of the Oauth document in one way. This looks to me more of a "This is how you use the Oauth" document. This echoes a comment that I made on the ACE base Oauth document. 2. Introduction: I think you should give a (very) brief introduction into the pub sub system here rather than assuming that people are going to read the pub/sub draft first. 3. Overview: I have a slight problem with the title of this section. To me I would expect an "Overview" and an "Introduction" to be the same section. Think about combining the sections together or rename this section to be more specific. 4. Overview: this is a nit - I think that you want a different term than scenario here. 5. Overview: You need to expand and define RS and AS on first usage. 6. Overview: One of the things that I am not currently happy with is that you are looking at AS1 and AS2 as being independent appliers of access control logic without any communication between them. I think that AS1 needs the ability to give policy to AS2 on a topic after it has been created and before any subscribers get keys. In the case they are co-resident this is trivial, in other cases it may not be. 7. Overview: It is not clear to me that your allocation of roles to AS1 and AS2 I correct. If you have a second publisher, does it need to talk to both AS1 and AS2 or just to AS2? Is this really an AS1 controls creation of topics and AS2 controls publishing and subscribing to topics? If the publisher loses its membership in the group for any reason, should it be able to publish willy-nilly anyway? I.e. should AS2 be able to "revoke" the publishers right to publish? 8. Overview: I don't think the picture is correct at the bottom of the section. You have a Publisher-Subscriber client/client association 9. Overview: Is there any expectation that the broker should be notified on a "revocation" of a publisher's right to publish? (As opposed to the right just expiring.) There is no need to enforce subscribers right to subscribe since a key roll over means that they are getting gibberish. 10. Section 3 - I would remove 'D' from the picture as it gets a confusion between updating the tokens and publishing content. It is covered just fine by the core document. If you are using it as a 'publish' operation, then it does not belong in the first bullet point. It could also be the difference between pushing the token and getting a session. Again I don't think these need to be separate, that is clear from the core document and you are not doing anything different. 11. Section 3.1 - I don't' think that the returned info on the first request is going to be the same for publishers and subscribers. Not sure what this should really look like. 12. Section 3.1 - I am unsure what you believe is going to be accomplished by doing a RD lookup. You can get the name of the resource, but it would not necessarily return the AS1, AS2 strings. 13. Section 3.1 - On the unauthorized response, I think you want to be returning different responses to subscriber vs the broker. A subscriber does not need to know about AS1. Also I think you should be using the same tag as the base profile for at least one of them - probably the first one you would contact. 14. Section 3.1 - I am not sure that it makes any sense to set an audience. If the scope is the topic then all information exists. The audience really the subscriber. 15. Section 3.1 - You state that the algorithm must be a CE algorithm, but I think you mean a signing algorithm. 16. Section 3.1 - why not use the cnf return value for the key? Also there is no reason to make it a bstr rather than a map. 17. Section 3.1 - need to define a signers_keys element which returns all of the signing keys. Defined as an array of keys. Return other signers for multiple publishers. 18. Section 3.2 - see above about strings to be returned here. 19. Section 5 - Need to talk about how to deal with multiple publishers - are you assigning different keys or are you using different IV sections? Need to ensure that you don't have an error from using the same key/iv pair. 20. Section 5 - Are you containing a coap payload or a complete coap message in the payload. 21. Section 5. Do you want to talk about coordination of the observer number and the iv of a message?
- [Ace] Review of draft-palombini-ace-coap-pubsub-p… Jim Schaad
- Re: [Ace] Review of draft-palombini-ace-coap-pubs… Francesca Palombini