Re: [Ace] ACE Framework Review

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 12 November 2018 14:31 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F03130E3E for <ace@ietfa.amsl.com>; Mon, 12 Nov 2018 06:31:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJHvCqbd6Guq for <ace@ietfa.amsl.com>; Mon, 12 Nov 2018 06:31:02 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6208130E30 for <Ace@ietf.org>; Mon, 12 Nov 2018 06:31:02 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 839D42008C; Mon, 12 Nov 2018 09:30:57 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 705A0CA1; Mon, 12 Nov 2018 09:31:01 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 6D7579DB; Mon, 12 Nov 2018 09:31:01 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Stefanie Gerdes <gerdes@tzi.de>
cc: "Ace\@ietf.org" <Ace@ietf.org>
In-Reply-To: <4519f58c-c6f7-5ac0-003c-7ae4f59bccd4@tzi.de>
References: <4519f58c-c6f7-5ac0-003c-7ae4f59bccd4@tzi.de>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Mon, 12 Nov 2018 09:31:01 -0500
Message-ID: <31652.1542033061@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/uqE3lNtqpo92g0_FOT4R5vn2Trk>
Subject: Re: [Ace] ACE Framework Review
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 14:31:05 -0000

Thanks for this amazing analysis.
It languished in my inbox because it was not bikeshed material, and I had to
think about things :-)

Stefanie Gerdes <gerdes@tzi.de> wrote:
    > The minimal security requirements for the communication between two
    > communication partners should be listed (C-AS, RS-AS, C-RS,
    > respectively). Which pieces of information do they require prior to the
    > communication? How must the communication be secured? Which keying
    > material do they need to use? The framework should point out that all
    > claims that influence the security must stem from claimants that were
    > approved by the respective human being that is responsible for the
    > device, i.e., the requesting party for the client and the resource
    > owner for the AS and RS. Otherwise the solution is not secure.

It seems that the answers should start with 
   "which keying material do they need to use"

and then move upwards.

    > Management of the authz-info resource: * The authz-info resource is
    > vulnerable to DoS attacks: clients may (with or without intention) send
    > large numbers of access tokens to RS. A constrained RS may soon run out
    > of memory/storage space if it needs to store large numbers of

This seems like a really serious issue, and it seems that we need
an additional RTT to really fix it.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [