Re: [Ace] Roman Danyliw's Discuss on draft-ietf-ace-oscore-profile-17: (with DISCUSS and COMMENT)

Francesca Palombini <francesca.palombini@ericsson.com> Wed, 14 April 2021 16:40 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACCBE3A1689; Wed, 14 Apr 2021 09:40:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1KJPqKcrZ_aN; Wed, 14 Apr 2021 09:39:58 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60071.outbound.protection.outlook.com [40.107.6.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D9FD3A1683; Wed, 14 Apr 2021 09:39:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GrXRGgY/1hHiYdSJy2g3rlEF459CZVDW35r/y4FEITfOO7zwGTRXFQFPyBXRfRDS9825/NytvmawIjesbc7DwX+4Mk4KHt3mQ1RdkONbYvO7lAoZ+7E8ft6olXZgVuPL33Vk0A1v4G0lXSB5JL9drt6UTjpYFrRhpQRku1kKJwzq4EIldeXEGs7O+DXU4mlgtIG8DCK/jz7o/sO1+lax+RUXNc0ZWO6d2Wu/+CsYX/v4rp5Xt1E6tYVqWcaq1k+QyTCOGxnP1ugTeSWkBk+q15BxZEdXVR7CfNYL52ymuvB1UEraXnFwI5iKDZ7rxzvPiCmzLqC2FOxWoKBvUganRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jw9iWgElZmZc6NcY9r/4i4mKMnSmkfF82GHZlGVkO3M=; b=ZoSawBG79t89ykD8iIOuBl47ZBuSfAHsKGqiNDdfgQiMNvopJtd8fykNdDt2PhF+yogqw2Vekxuf+AmrDYEuyhI/kaNUJBIqE5Og+0oU/8PptBTfocJQwfqEBKTCt9J3E0tanTepmFX5QO4ZVLoTyTWm7Q8CzfKTmvR5H88urXRTWcnxPXSOaGqednkOBET4dknyD0ulKclME3YeDWa4NKcFQfvxUTojIu0+FypzPD0pYBSzRJP4l8ikyrUK9sletBJOXVHoFSZy5m5LtLzsDAtHj3a6eX0dfgz8SdGsW+h8f9kmslq8z34KMfl5EGNXa2z+zkT91IEQ9EOGwS3WgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jw9iWgElZmZc6NcY9r/4i4mKMnSmkfF82GHZlGVkO3M=; b=IeHBO6+bz+er85xFZTJbgE/fxyrumrjwc38GT0pE1rc/Xxtr8jEIgo3CcvZP6rFUuIeGSNAImSoGP8JtiCA8kyeMGQkzqhXqpLfGjI15m9wjh//pAbaCW2Stw5z8J2xmlZ5Zip05/ok3kI5PMPsHT/Npfg79wWfuL8rzdNaBoJk=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0702MB3770.eurprd07.prod.outlook.com (2603:10a6:7:84::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.6; Wed, 14 Apr 2021 16:39:51 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::593:f4fd:94e3:d90b]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::593:f4fd:94e3:d90b%6]) with mapi id 15.20.4042.016; Wed, 14 Apr 2021 16:39:51 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-ace-oscore-profile@ietf.org" <draft-ietf-ace-oscore-profile@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-ace-oscore-profile-17: (with DISCUSS and COMMENT)
Thread-Index: AQHXH5SOxvJ7DQlawUuWctApkGp3Tqq0e/EA
Date: Wed, 14 Apr 2021 16:39:51 +0000
Message-ID: <EF14EA4C-0731-499A-AA94-06ACB5DDEF33@ericsson.com>
References: <161647008263.14777.4462979452223184651@ietfa.amsl.com>
In-Reply-To: <161647008263.14777.4462979452223184651@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:1ba8:147a:eb00:a846:77bb:6fc5:8663]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fb259fa3-9dbb-4e38-6f13-08d8ff63ecd8
x-ms-traffictypediagnostic: HE1PR0702MB3770:
x-microsoft-antispam-prvs: <HE1PR0702MB377095CFB7D60F13BF9B979B984E9@HE1PR0702MB3770.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6N//MvM5hgfG/ACg1el+2aeU8NHYhfu+M7bHZT5HInrqvgJOQELm5USazohFSMzKiGxwsjrNq3pdzbfZS184asbCYkCt9Hph1oxSW2pzEyT0NpF5f2carJmTFK/ZzZf+9hFYLKzYdk7b68bWGn+vLgU43MCxXr+ESTzDoVyv8zi6tQJ64bkJsmUurboVXoxbjLmJ3MR8hCLHN7vctdcJdduWE1IfBWpR5atoeN31UHHgsW++jDbEC3GNsShH8qq5mHUSp00eGpXycuCLt5/S7lSWNMYHT6DXvUdXGCt7MhrHVg4WWhTf3ukx+itySYkPzo7NDW7/NlZcQyq0q9w426zveE4Rb4fXSt6KkJuaoI1eRV7Cr/N+9G9lSOCpUVo/I5K4/iWAMsNOcpB0VRDwsJlsZs53pE4kISP/ICQ8uQusXxDt6N9VpyJjnC0iNWi1aS+6cwlIsqDDc7gNQc7tUaM+JXm4U4628Pi5jKgarvdPlPpfagqv2q1TMBcrHYJhbKfPzkvNQ4Jup/tA1MIHBkLoSBH1Z8oucVBlGuIZtpsSppaSM0cZyL4HtGxp2jLraBL0IfL/TnJK3mD3tgqOsz6aQwKtBnnqZkhbHdm4TzaXLebZkZrK1xZc5u8fYagcxxZALAPYhWZs6nrf2nrUdS7zT02wnH+o1edMlsJP1kRBZ3fJxCDHzA7WSQDTSi9OyESCkH7vgpD+dRRQUn/7i9UZGsuEzhG9Wxy0UYcSYbg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(396003)(136003)(39860400002)(346002)(366004)(5660300002)(966005)(6512007)(186003)(71200400001)(478600001)(83380400001)(44832011)(6506007)(2616005)(4326008)(33656002)(6486002)(76116006)(54906003)(36756003)(86362001)(8936002)(8676002)(110136005)(38100700002)(122000001)(2906002)(66476007)(64756008)(66556008)(66946007)(66446008)(316002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?WEt1NDd3cjA3dHl1OTg1NDBGOVdGTFNyOFNqVFl2RE5EZWRUeU9sbDRnbTFp?= =?utf-8?B?bEl4TElyMWNNNDBhYzBNVjMva2NnbkZJL1BIRFJ4VGJyWHRTREZUU2h3M3Q5?= =?utf-8?B?UExqNzFONkNWZkdIQlpuMllSOGdWMlhFZHlyeHRkNVhPdVkyUWdGMjI4OWpR?= =?utf-8?B?VWVjb1kvLzBMQS9CeStVS042UFRmaEQ2MVJiSlVndDZ3M3pqdWY5NzVwc2xD?= =?utf-8?B?NlhSdGdLQnNhTVlVWURHRDBPUDZDZUhYR3ljbzFNdjc1UmZ6WHk4Rnc2MXVV?= =?utf-8?B?OEFsZldBQ2dTWGZGR3NZY2tuZTdFT3FZOHZWVU1PMnFTWkdRV0dTZDR3YjBC?= =?utf-8?B?bzdMeWpmaXA0OThxUUc0aEtSU0lPUUJrQ2xFU3FwS2UyTDFWTC9adDZReXcx?= =?utf-8?B?NWtnUUtQY0t0OFFQTmE4TmZ1a2JlWlFzUkVOK1ZCMDdyZXZMeDZ5MG1RaEtX?= =?utf-8?B?UldtaCtuc1Y5WXY5NENNbWFBTWZUOWhoRnlUc1huZlhoUmNPTHAwVWpPdEM3?= =?utf-8?B?djFsaWQ2NU9xMzFwcWVhTjdrK3BmNTVCanhTZ0tGd2tabTkzZk4yYnV4em9I?= =?utf-8?B?MUEzQVhrYmxsOTJvQ3pOSld4VHk2ay8zd3h5b3prRGZNVTJPVDgzWGREMGxM?= =?utf-8?B?NU5MTGQ3OFBqTE5VMklZNHdQV3hwTEVENnRUZ3czbHNYdmZjVzcrNUlHZ1Rn?= =?utf-8?B?bDliQi9OQ0h6OW5pZnFySVZzeVd0MDk4TUZkRWRwWFRGVDhveGZ1cFVaY0ox?= =?utf-8?B?NkdGWU1zQzJlbmkrOWlVTCt2c0JzRVZEY3pBK0JwM0F0WlVnOGlHOVdTRE1P?= =?utf-8?B?b3NHSkFTSm00djhZcXYxcHhteVhyQXNpbWlpMzN4bTkyeHphSk5iTWJKRCt2?= =?utf-8?B?UzZ3Zk5JQWpjU2pqZENVd04zcXVhNUY0UG91WEN6REF6SjlXN3VtM1EvRE0v?= =?utf-8?B?Ynh1My9nNGxvRVd3S3Q3c3RBK0VFUDBWeHNvaTJCZ0NVSkVsRkw4MHFwek1G?= =?utf-8?B?ZnZnTmh3dmJmN2wrYlhOdGdqck12NG1xcmpxNHNSMDN3Nmd1cUxaaVBNelMy?= =?utf-8?B?T0c3a0xsYUhGZjFTelpkOE5waktDRDZTcUlWU0o1Mmw5cmxlSWJZZ3BZUzlm?= =?utf-8?B?ckEyYWFkUjdUcENGcGp3K1RSUjVoMlMwQ01UakFxcXBzQko3OXVsMDJSa2pI?= =?utf-8?B?OENyTStEQTN2RzJYYUpTd0ZEcDFYa1B0aStjMWM1a090b2Njc1dYU1pGV2JK?= =?utf-8?B?TFVQS3h5bTVLVFlnV2w0VERVU0RWNjR3aXpVT3VrN2RnblJPd1N3NGRUNFlJ?= =?utf-8?B?bFV1Y1liZkpFSlBjOWFpQXBmMXBYK0VnNDMzNW5sY3pPTmxoSHRQNjV1SlM2?= =?utf-8?B?S1c2bERpNENMY2M5OGpkcjgvaU1MWXRQQUpuVFk5WUZISHJvbVdxYTcwd2JW?= =?utf-8?B?UkFBSyt3Ym1RV1l6aGVJWW1tMUFYZW9CZDBLZG0vMGhNTmlwc3dHRUd6VDMy?= =?utf-8?B?OUQvTlFoMzFSbzlsNzlNOE9SVDVSWisxeGxnbmxHNlc2NklqV0pMbW41bWRn?= =?utf-8?B?dmRNSjladC9ZRnpiODBPZEhWK0NGd1R2MG9EaERoeE1ra09XbG9rWU9jb2VB?= =?utf-8?B?Z1Q0OERhYXoyQVRjSkNJMzRBSDVaODVCUG5CbXkzR0p1UllOalBqRnNXMkwz?= =?utf-8?B?NG56eHFERU5IWHZ3V3hXRkJCWk5HWkhkU0E2ZURrOHVRamxGekhJTXh0MGha?= =?utf-8?B?NEdFb2ZheTlXQnNrRTQ2NE9kZFBOQm9HUlFJbHdyNmNKLzB2QWlHTWpxRVhC?= =?utf-8?B?TElnVDZDeEl5Mk9MbzlwWUFvam5nSnVYWmZBYWlQVk5iM3NTYVY1bllNUERm?= =?utf-8?B?MlNXbStXV0dvWWVhWVNraDBTQ2dFREVFdTcwNUhmYWY2aEE9PQ==?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <20BA59B51005B74B9121F93E0C9189F0@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fb259fa3-9dbb-4e38-6f13-08d8ff63ecd8
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Apr 2021 16:39:51.2118 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PQPujoRdSox/lzvqk0rZuDzNVKHhKqxfiUOWSutkSlalky33oTwA/HGZ+sOJrkJqfo69N7B2AdQKD6fMclTs/HxbwE6yazyvsyXOP3/RXB80ToGXV26BP3mqVuiSWHHE
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3770
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/pnMU6oReb4M941livQlEW1fufRA>
Subject: Re: [Ace] Roman Danyliw's Discuss on draft-ietf-ace-oscore-profile-17: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 16:40:03 -0000

Hi Roman! 

Thank you very much for the review! We have incorporated your changes in the newly submitted v-18 https://datatracker.ietf.org/doc/html/draft-ietf-ace-oscore-profile-18 , but you can also see the specific changes in the github commits:
https://github.com/ace-wg/ace-oscore-profile/commit/d64f5563d5be185cd7dcb6b8972dce33ae31c9c2 
https://github.com/ace-wg/ace-oscore-profile/commit/8ad0db81cb391742887d5e1cae2cf33b0702836f
https://github.com/ace-wg/ace-oscore-profile/commit/a8caabb2ae5588a5923ac569a2fe85262031ed0c 

Answers inline.

Thanks again,
Francesca

On 23/03/2021, 04:28, "Roman Danyliw via Datatracker" <noreply@ietf.org> wrote:

    Roman Danyliw has entered the following ballot position for
    draft-ietf-ace-oscore-profile-17: Discuss

    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)


    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    for more information about IESG DISCUSS and COMMENT positions.


    The document, along with other ballot positions, can be found here:
    https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/



    ----------------------------------------------------------------------
    DISCUSS:
    ----------------------------------------------------------------------

    (A simple editorial fix) Per Section 5.8.2 of [I-D.ietf-ace-oauth-authz], the
    name of the parameter in the C-to-AS communication is “ace_profile” (not
    “profile”).  The “ace_profile” parameter is mistakenly referenced as “profile”
    in the following place:

    (a) Section 3.2.
       The AS can signal that the use of OSCORE is REQUIRED for a specific
       access token by including the "profile" parameter with the value
       "coap_oscore" in the access token response

FP: Good catch! Fixed 

    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------

    Thank you to Kathleen Moriarty for the SECDIR review.

    ** In addition to the normative text noted in the DISCUSS, the examples in
    Figure 4 and Figure 7 also have the same typo (but that doesn’t rise to a
    DISCUSS)

FP: Indeed, fixed.

    ** Section 7.  Per “Developers should avoid using multiple access tokens for a
    same client”, is there a reason not to use a normative SHOULD here?  The DTLS
    profile has nearly the identical words and uses a normative SHOULD?

    Likewise should “This profile recommends that the that RS maintains a single
    access token for each client” be “This profile RECOMMENDS”?

FP: Right, now using BCP14 SHOULD and RECOMMENDS as you suggest.

    ** Editorial nits
    Section 3.2.  Typo. s/The applications needs/The application needs/

FP: Fixed.

    Section 3.2.  Typo. s/parameeter/parameter/

FP: Fixed.

    Section 4.  Typo. s/Note that the RS and client authenticates/Note that the RS
    and client authenticate/

FP: Fixed.

    Section 4.1.  Typo. s/The client may also chose/The client may also choose/

FP: Fixed.