IETF Logo Mail Archive

Re: [Ace] remarks on draft-tiloca-ace-oscore-gm-admin-00

Marco Tiloca <marco.tiloca@ri.se> Tue, 10 March 2020 17:48 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 413623A03EF for <ace@ietfa.amsl.com>; Tue, 10 Mar 2020 10:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGpAHImMONEa for <ace@ietfa.amsl.com>; Tue, 10 Mar 2020 10:48:54 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on061d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::61d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA6ED3A03EA for <ace@ietf.org>; Tue, 10 Mar 2020 10:48:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dnSkTYPpjWoZpZgbbB3goPr96abQKPUq9AdieyLhbDUrb4fl+K6UGAm7PKCtvjBrDm2iQ0eFUOX8o9wTc0fgzz4UZkxvjUv7wEXlgPj+LeoQKaqd6wMs8BiTOQQYxX4OhhAEakyXE9ezojzNIvI++0cdsApd8zpi6jvs0OA7ABMl1uMWG5BoAhuEbzBPkanDKP6WDMgsVMATNAgBggCziJYTO2dsQEIaMdUZq6LuBfS8BeJq1eyVZ5vGQ7tlY68IfjvclJYaAgWBKJ4YydcxMUdI5U2t6o+g5uDnBrjKEr94brzb9iupK+G4p8b2kuaSqN6WKtDHH8UuN41kyiRpqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=ahSop+gW2f1r//d/ycL4nz7Aed0kLoYlXEA5KCVqD6o=; b=VW1i6+wg4tE24+SRiG1GQd1o72uLGBhAFstYQY7bO0IcXFVgm5QL7lk5lVHWwHiYFDZHxqaqQEqq/WD8kuRp5cM9cWMyzabXm9CZfkl4wAKChJwoDhx537p6+otzT6wUB8HcKPNVpiWLrCrHftXhnZF7uuWaoDCH8eyLqTILqQIa1FSrNwPQKAhbnY2vZFz4dbO1CoqHldVfYKgQQetI5Vj1tYqroV8BvKEw0zdsZ4bkCbJcmhTOdEwHvzJf2eNaCGnUqt7MS26O3tee25zUwPhagoMwBKxI2fXLyLqUpvEzq7edb3i3DaUYwB3v9hCjy24mYwB7AyYCKquwcJqirQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=ahSop+gW2f1r//d/ycL4nz7Aed0kLoYlXEA5KCVqD6o=; b=XZK6DQBfsYIrRZBrrANh2DkzcJbijLwChHvKR678ilwj3bGdIS4FloTZ5z4utr8NVRDjDwLbbCgaIPNEmXYMgBhRzSQi/ZNXsXxer5nxIpOVHZnc5k3Ve8wdmgeXHAaunTXujTEflXQWI3DYtSuX9ZQgJwLUMnkhCpIDAStGOJQ=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=marco.tiloca@ri.se;
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (10.165.195.159) by VI1P189MB0381.EURP189.PROD.OUTLOOK.COM (10.165.195.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Tue, 10 Mar 2020 17:48:50 +0000
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::80e4:7dc7:7d4e:c9cb]) by VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::80e4:7dc7:7d4e:c9cb%4]) with mapi id 15.20.2793.013; Tue, 10 Mar 2020 17:48:49 +0000
To: Jim Schaad <ietf@augustcellars.com>
Cc: ace@ietf.org
References: <01b401d59f2e$ff406560$fdc13020$@augustcellars.com>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <1d9efd94-eb3d-5ee2-6f8a-235d0dd1b6d0@ri.se>
Date: Tue, 10 Mar 2020 18:48:38 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
In-Reply-To: <01b401d59f2e$ff406560$fdc13020$@augustcellars.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="0HEu1c57dF0mvfIMylIhXEjjq5ACIaWA8"
X-ClientProxiedBy: HE1PR0502CA0015.eurprd05.prod.outlook.com (2603:10a6:3:e3::25) To VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.2] (185.236.42.41) by HE1PR0502CA0015.eurprd05.prod.outlook.com (2603:10a6:3:e3::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.15 via Frontend Transport; Tue, 10 Mar 2020 17:48:49 +0000
X-Originating-IP: [185.236.42.41]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7d2b889f-f42a-42dd-63c3-08d7c51b4a43
X-MS-TrafficTypeDiagnostic: VI1P189MB0381:
X-Microsoft-Antispam-PRVS: <VI1P189MB038123ACD168DDEDEFF8D85B99FF0@VI1P189MB0381.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 033857D0BD
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(189003)(199004)(31696002)(6486002)(4326008)(6666004)(44832011)(31686004)(6916009)(235185007)(16526019)(2906002)(478600001)(5660300002)(966005)(4001150100001)(33964004)(36756003)(186003)(316002)(16576012)(956004)(66556008)(66574012)(2616005)(66946007)(8936002)(86362001)(26005)(53546011)(81166006)(52116002)(66476007)(21480400003)(81156014)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P189MB0381; H:VI1P189MB0398.EURP189.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
Received-SPF: None (protection.outlook.com: ri.se does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 3iLcVq33DBA2L1GCmAdo6OXhthgIVYrM1gA4ebjITwPGTB/4ZJflpJtXn3axSoWTnTcjYAVz8ZyCiBGolr+0xQCaLPQJzbmUq9S9xqnq/PUo21cEWVg73m0PVv2wB+CuddyOmHNJ+BMywUehtmektet32HjJ7FM1K6kstvKarm0xjLITM7VjnRbhMpoGmIJVJff1V4loQcEzVrJBwb6DTgZI+3syUB/RuCO6SrW0/TQfjD1I7eTRUMh9HWD9wOQlfbJmv1GFG7MZlHIUdXrHScguFL65csYMt34HFWNWa0xNJ+MsRnpDZGnTuMP5C4HK0V8/7inPwuqAkpDJBDQ28Uxj+CKeoDuanrFpyC9hs963WwaHmTTrkSeT1bppNYJHbPK6837Q7nJceC5I/CAQRbtT1RvNENJ79wQWB3O9eoCzhLRoSoNZxzUNfSwKKVtrIPLRPpTD5xj47cxrhLq1iuj5nf2s/MTzONwz6e9OaknBIbB9Ife4hoBInCnfS8DXbdGNCo4ohh39VoKz3B4unw==
X-MS-Exchange-AntiSpam-MessageData: cKMfooNVAIcrTpDRFWCKWDnNrr7KebY/irNfVgrpgvuw6hTZocX8kL4w1+0jcIPwZgxDwYctp3Q/u/CaU9z2PwKo7aUi3VyjHwCJ//QE+NVzNnnSl3CwqH0q838QHaYSrhy6ZmOeRKlsUVy+mT6YWA==
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d2b889f-f42a-42dd-63c3-08d7c51b4a43
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2020 17:48:49.8682 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: qtjBeoz0MDRIjdJywYmIsHvkPLMisR89+ZiKo8SZXUKpKf8A2Yv3XPes9QiSPo007PvJEq5076++69zjqPh3YA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P189MB0381
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/rZzao-y4oVtINHuuam8EWxWDoWg>
Subject: Re: [Ace] remarks on draft-tiloca-ace-oscore-gm-admin-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 17:48:56 -0000

Hi Jim,

Thanks a lot for this review!

We have taken it into account in the latest submitted -01, together with
the followup discussion on the same thread on the list.

https://tools.ietf.org/html/draft-tiloca-ace-oscore-gm-admin-01

Please, see some replies inline.

Best,
/Marco

On 2019-11-20 00:13, Jim Schaad wrote:
> This is just going to be a high level review on how things are done rather
> than a detailed review on each line of text.
>
> 1. - Go and read that CoRE Pub-Sub update document - you know the one that
> Klaus and friends have not managed to get written since the model proposal
> was done way back when.

==>MT
The latest version considers an akin interface, along the lines of the
now published draft at
https://datatracker.ietf.org/doc/draft-hartke-t2trg-coral-pubsub/
<==

>
> 2.  Re-write this to use CoRAL - Yes I know that this makes another
> dependency on getting it published from the CoRE group, but I don't want to
> do things multiple times.

==>MT
We have now also added examples in CoRAL, for all the interactions
between Administrator and Group Manager, now also extended with FETCH
for filtered retrieval.
<==

>
> 3.  I think that this document really needs to be able to be used with
> HTTP/JSON as well as CoAP.   If you can get the JSON version of CoRAL from
> Klaus then this falls out without any work.

==>MT
We are now saying that the CoRAL examples are provided in text format,
but they are in CBOR or JSON on the wire.
<==

>
> 4.  Are you making it a requirement that the group name be the same as the
> group identifier assigned by the "group_name" parameter?  If so then having
> some type of title and description would seem to be almost mandatory.

==>MT
We have added a new group configuration parameter 'group_title', as a
CBOR text string. This specifies a human-readable descriptive name of
the group, suggesting what it is about.
<==

>
> 5.  There needs to be some parameters around pointing to the correct AS and
> so forth.  The management API may reject because it does not trust the AS.
> Don't assume that this is a single value for the AS either.

==>MT
Now the POST request to /manage specifies also an optional 'as_uri'
parameter, with the link to a suggested AS. The GM may accept the
suggestion or not.

At the moment, only the link is specified. As already mentioned, we can
think more of related sub-items about it to add.
<==

>
> 6.  You are missing a lot of management detail on the POST to the group
> node.  Some of the things that are missing would be:
> a)  Is the group active or inactive

==>MT
We have added one more status parameter 'active'.

Based on earlier discussions, an inactive group would mean that: i) no
new members are admitted, thus no new keys to new members are provided;
ii) stop issuing of new keys for current members; iii) current members
are expected to stop communicating (which should rely on informing them)
but are not removed. So the group is temporarily inactive but still exists.
<==

> b) How does the server react if you change a the content encryption
> algorithm, is this a simple re-key operation or is it more complicated
> c) How does the server react if you change the signature algorithm?  This
> would seem to be a much harder thing to do if the group is not empty or not
> active as everybody is going to need to re-join.
> d) Other parameter that are changed may be just as bad as changing the
> signature algorithm - how the re-key is done jumps immediately to mind.

==>MT
These cases are now discussed in Section 2.5.5.2.
<==

>
> 7.  Is there currently any way for a KDC to signal to all of the members
> that have joined that the key group no longer exists?  A DELETE would seem
> to indicate the need to be able to do this.

==>MT
This is now discussed in Section 2.5.6.1.
<==

>
> Jim
>
>
>

-- 
Marco Tiloca
Ph.D., Senior Researcher

RISE Research Institutes of Sweden
Division ICT
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

Phone: +46 (0)70 60 46 501
https://www.ri.se

v2.23.0 | Report a Bug | By Email