Re: [Ace] Discuss on draft-ietf-ace-mqtt-tls-profile-15: (with DISCUSS and COMMENT)
Cigdem Sengul <cigdem.sengul@gmail.com> Fri, 18 March 2022 12:27 UTC
Return-Path: <cigdem.sengul@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5AF3A079B; Fri, 18 Mar 2022 05:27:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fGHXYrw_hmH1; Fri, 18 Mar 2022 05:27:26 -0700 (PDT)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com [IPv6:2607:f8b0:4864:20::e31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF48A3A077F; Fri, 18 Mar 2022 05:27:25 -0700 (PDT)
Received: by mail-vs1-xe31.google.com with SMTP id 2so552425vse.4; Fri, 18 Mar 2022 05:27:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xmeMujJ67WbV07HodKp4fqV36hUntyRujx/m+y0ZDeI=; b=G2PYtW+YeH5bF2g4JqiV7o454/4DVJ57/bCfPJiY6wLBHaUt1YmcEtBZFzmdoiwmSN zfgfWdGAtCMjR2c4PTK3WlAPbNm38UyTTVhAJVH77sMcdm5vhY13uVixxOzSJaNQro5d e5OiTuDBMngCS+wMSI3iDPTt88ENPJxl/hAqJBH4LINHEqiOTyYSasy727NE7CPQeiWk Lvuy6IEhNB+ENAqA0XpYRD5imlMX0zsGxfbWJMliQD/V9im8S0xP7pgkv+z1B1oMc0N2 t/CueWJK8RqudPsyoPnGHUJioova8H7/Gn7HU+PQpjCIg+DKZxGou99/v9ANhYWqwINE AYZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xmeMujJ67WbV07HodKp4fqV36hUntyRujx/m+y0ZDeI=; b=SXC10cHo4okSzQ+obGb4LDdaFUBh6CZRr2QhcHnC7OimocFY2+2wPI0t9i1IAfqa2W A7YvfJgFo/D7XPJUkuOJauQY9LhsXR5STBpKUt8K8LFsYU57OR8yq8kfYSeNBnWVlAOB BR50iMtYorfNiNegEhHDRoyAwL28MBl5H7FMdoz4+iNJRY7ja6nawsWl5kn3QPG4FCLc IlhNf1p5xiiUMGL0JVVECLOAzqYb5RunhcAd4spKQMdBe+/HO1FJwxNIbqYPdTuPtLwg flFpMGFJs1kg2cljjnSwvFAvWxNUDFif1beSAP/dh6PmsRiSii9HXf8kgcB6n8kV7ueP l3eg==
X-Gm-Message-State: AOAM533RtQuFffxPcJvmDj3fXcmDKeV7ST7d/A3fXbZ9RZMB69OvqPUR fpsKb4MevV7UIBNmzfRLI1RXwWq80BO6t5TXiG4=
X-Google-Smtp-Source: ABdhPJzrw7L2aMCoAmSiS1AjBvbwmw+XCQth7NW/MzZoii6IvXLXG22SUlVs05faCj1WIx0VOK+NagvdmEEyyxUWd3k=
X-Received: by 2002:a67:ea90:0:b0:324:e9b9:4ba5 with SMTP id f16-20020a67ea90000000b00324e9b94ba5mr97203vso.32.1647606444571; Fri, 18 Mar 2022 05:27:24 -0700 (PDT)
MIME-Version: 1.0
References: <164689410177.27262.13773022528008084974@ietfa.amsl.com> <20220310063715.GY22457@mit.edu> <CAA7SwCOvyZ7zoaFnSgs9VNp2dAh+mKV5Y5_f_tWc-MLtyk0q+A@mail.gmail.com> <CAL0qLwYgwzf38wKdfmbKf_N1aqHZSSH610qjA7QLZ033=-f60A@mail.gmail.com> <CAA7SwCMCq2dooQYSkdAx6fev8esBkvrjZRF3+P=H8k809U6V8g@mail.gmail.com>
In-Reply-To: <CAA7SwCMCq2dooQYSkdAx6fev8esBkvrjZRF3+P=H8k809U6V8g@mail.gmail.com>
From: Cigdem Sengul <cigdem.sengul@gmail.com>
Date: Fri, 18 Mar 2022 12:27:14 +0000
Message-ID: <CAA7SwCPfNRJwtNsROuQSx92q=vjFjns7xcgBrMtzy2Ez4TVS6g@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ace-mqtt-tls-profile@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, ace-chairs@ietf.org, Ace Wg <ace@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dbbf3805da7d442e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/se-APjcRyZzsHihrBfm17EWWq6U>
Subject: Re: [Ace] Discuss on draft-ietf-ace-mqtt-tls-profile-15: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2022 12:27:29 -0000
Dear all, Thank you for your reviews. I have compiled all the remaining fixes based on the received DISCUSS/COMMENT inputs in this pull request <https://github.com/ace-wg/mqtt-tls-profile/pull/106>. All comments and suggestions were acted on. I have put the fixes proposed for two DISCUSS below as well. Murray: ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This should be quick to resolve. In Section 3.2: The Broker MUST NOT forward messages to unauthorized subscribers. There is no way to inform the Clients with invalid tokens that an authorization error has occurred other than sending a DISCONNECT packet. Therefore, the Broker SHOULD send a DISCONNECT packet with the reason code '0x87 (Not authorized)'. This seems like a contradiction. How is that SHOULD not a MUST? [CS]: The text is now revised to say: The Broker MUST NOT forward messages to unauthorized subscribers. To avoid silently dropping messages, the Broker MUST close the network connection and SHOULD inform the affected subscribers. The only way to inform a client, in this case, would be sending a DISCONNECT packet. Therefore, the Broker SHOULD send a DISCONNECT packet with the reason code 0x87 (Not authorized) before closing the network connection to these clients. >From Francesca: ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Updating my ballot after reviewing draft-ietf-ace-aif-06. Just want to make sure we don't miss anything, please feel free to correct me if I missed the mark here. FP: https://datatracker.ietf.org/doc/html/draft-ietf-ace-aif-06#section-4 states: default values are the values "URI-local- part" for Toid and "REST-method-set" for Tperm, as per Section 3 of the present specification. A specification that wants to use Generic AIF with different Toid and/or Tperm is expected to request these as media type parameters (Section 5.2) and register a corresponding Content-Format (Section 5.3). FP: I wonder if this document should define a new media type parameter for Tperm (as REST-method-set is not appropriate for "pub"/"sub" value) and register a corresponding Content-Format as indicated in the paragraph above. CC'ing Carsten for his opinion. [CS]: I have added a new AIF section as discussed registering Toid, and Tperm with "pub" and "sub" values. The specific commit here <https://github.com/ace-wg/mqtt-tls-profile/pull/106/commits/7c17a3f017f42ad795fab277c7983b147eeb40fd> Let me know if this pull request addresses your DISCUSS, and I will publish a new ID. Kind regards, --Cigdem On Thu, 10 Mar 2022 at 16:08, Cigdem Sengul <cigdem.sengul@gmail.com> wrote: > Dear Murray, > > Got it - I realise I wasn't clear with SHOULD - indeed the implementer > has limited discretion on what can happen: send the DISCONNECT, close > connection or drop the connection. I will discuss this with Ben but am > happy to add the additional text about dropping the connection. > > Kind regards, > --Cigdem > > On Thu, 10 Mar 2022 at 15:23, Murray S. Kucherawy <superuser@gmail.com> > wrote: > >> Hi Cigdem, >> >> On Thu, Mar 10, 2022 at 12:54 AM Cigdem Sengul <cigdem.sengul@gmail.com> >> wrote: >> >>> Thank you for your review. Our thinking was as Ben explained. >>> In the draft, we used MUST/MUST NOT for the behaviour that affected >>> security, and SHOULD for desired behaviour. >>> >> >> This doesn't match my understanding of how BCP 14 is supposed to be >> used. MUST describes something obligatory for either interoperability, >> security, or operational reasons, and SHOULD is something where the >> implementer has limited discretion; when using SHOULD (or SHOULD NOT), it's >> desirable to include text describing when one might legitimately do >> something other than what's being stated. >> >> In this particular case, what I'm reading is paraphrased as: "In this >> situation, there's exactly one thing you can legitimately do within this >> protocol, and you SHOULD do that." This doesn't make sense to me. What >> Ben is saying is that there is a second option, which is to simply close >> the connection. If you want to leave this as a SHOULD, I suggest adding >> text saying exactly that. >> >> Would the following revision make it more clear: >>> "The Broker MUST NOT forward messages to unauthorized subscribers and >>> SHOULD inform them of authorisation failure. >>> The only way to inform the client, in this case, would be sending a >>> DISCONNECT packet. >>> Therefore, the Broker SHOULD send a DISCONNECT packet with the reason >>> code '0x87 (Not authorized)'. " >>> >> >> That's also less dissonant, yes. This was just discussed with Ben on the >> IESG call and I'll let him guide you on which change is more aligned with >> what you're trying to do. >> >> -MSK >> >
- [Ace] Murray Kucherawy's Discuss on draft-ietf-ac… Murray Kucherawy via Datatracker
- Re: [Ace] Murray Kucherawy's Discuss on draft-iet… Benjamin Kaduk
- Re: [Ace] Murray Kucherawy's Discuss on draft-iet… Cigdem Sengul
- Re: [Ace] Murray Kucherawy's Discuss on draft-iet… Murray S. Kucherawy
- Re: [Ace] Murray Kucherawy's Discuss on draft-iet… Cigdem Sengul
- Re: [Ace] Discuss on draft-ietf-ace-mqtt-tls-prof… Cigdem Sengul