Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

Mike Jones <Michael.Jones@microsoft.com> Wed, 25 September 2019 00:23 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFFBE12004C; Tue, 24 Sep 2019 17:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NToOyTza3D8X; Tue, 24 Sep 2019 17:23:39 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640105.outbound.protection.outlook.com [40.107.64.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF9FD120033; Tue, 24 Sep 2019 17:23:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EfJ+vogzxigfos1oSvc3evB9fYpTBHTq0ea/09nOVp1HCmSPnny4THtttNoqCrtPUFihFKMCWuIcuYrqsY7xyubvhFsJ063pl7HfRy5x+Zis//7iLlUEf02sePxbfsrFo+xL0GKqEvoX8LXeWnXfpownuHa+27j8bND5JhOREFa0rYvMkTzTWSHN4tAwr+GCHkKaXFNtnXvPahLAY2vnuXMxMFJjaYroUCN6sKFDHncozVaPbWNiaK+R7OFX4iGqZVD3YUCMYZg8uX6+G9VhBYGfpXxd5SXVh4PDhQGaV99Ujo/1K6AUL2jQQ1DACR6OL0v8tMBso/eUlP86ePQ7ZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1DyvqzQWED/dn+8rJOXn6DD/32p1dJZVvtY761VmQd8=; b=hcJYBgLtRo5JDzS1HVcvlN5qJKGWGglI2vfpm8/7RctppRTaPkcNfdNlJAKC1a/AeKFMm3RnNsamXKkT26SydHtO+jV1loyTqBmi6j8IBqYFMEYs7vzDiTmC4zvDUimbEv6s7rQkE019fosWEwI606+3kl4a9QIHBBKkDUlg2L7YO9bOgCy6cn3foKzX1NAMfQcw0kDtcP/OZ7ihcUK/dnzMkgb527B9mvaNOEksW88mKrZ8Gm+W1HhzLl7rtOjxdyk11DG9nEMwfXmZxBIs+t8LkjhdmIs/+AWDDQhdAxXi8f7xPdB2o9voBqI4o8wH7u2jRYnilBKU0gw0Pd/M0Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1DyvqzQWED/dn+8rJOXn6DD/32p1dJZVvtY761VmQd8=; b=EmreMwBcWcntPwp0pDv4PsDbVrv/eh45TpeuW5CEg0eW9vzbrfWXpmLIQtm1XSymrx30c/s1SXJ5Xy6gPZOW995XSp1Gj2Yzvm1rXBVe6DffpNkmlgX5NaMAJvTW6c5NaG6MZNdimgPJL1MgU+1Th/ouEU0aLFBSSVm2yg7v01w=
Received: from MN2PR00MB0574.namprd00.prod.outlook.com (20.178.255.147) by MN2PR00MB0638.namprd00.prod.outlook.com (20.179.20.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2339.0; Wed, 25 Sep 2019 00:23:36 +0000
Received: from MN2PR00MB0574.namprd00.prod.outlook.com ([fe80::9476:e822:cea6:4410]) by MN2PR00MB0574.namprd00.prod.outlook.com ([fe80::9476:e822:cea6:4410%7]) with mapi id 15.20.2333.000; Wed, 25 Sep 2019 00:23:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "draft-ietf-ace-cwt-proof-of-possession.all@ietf.org" <draft-ietf-ace-cwt-proof-of-possession.all@ietf.org>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt
Thread-Index: AQHVczB5c21d3/O1yke4JlwD6QWRUac7ewcAgAANbDA=
Date: Wed, 25 Sep 2019 00:23:36 +0000
Message-ID: <MN2PR00MB05746F4B49B5655EE8B772D9F5870@MN2PR00MB0574.namprd00.prod.outlook.com>
References: <156886195825.4610.11342453288215138739.idtracker@ietfa.amsl.com> <20190924233318.GH6424@kduck.mit.edu> <20190924233510.GI6424@kduck.mit.edu>
In-Reply-To: <20190924233510.GI6424@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [110.8.254.3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bfd564ed-548c-4dcb-0f39-08d7414e9b78
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: MN2PR00MB0638:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <MN2PR00MB0638004CA7DC7FED63A7A2EBF5870@MN2PR00MB0638.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01713B2841
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(39860400002)(396003)(376002)(136003)(346002)(53754006)(199004)(189003)(51914003)(13464003)(66556008)(2906002)(76176011)(7696005)(8990500004)(316002)(25786009)(22452003)(446003)(4326008)(2171002)(11346002)(99286004)(6116002)(6436002)(15650500001)(26005)(3846002)(33656002)(10090500001)(476003)(55016002)(229853002)(486006)(9686003)(186003)(6306002)(2501003)(6246003)(305945005)(966005)(102836004)(74316002)(71190400001)(71200400001)(7736002)(86362001)(14454004)(110136005)(66476007)(6506007)(256004)(14444005)(53546011)(66446008)(76116006)(66946007)(8936002)(478600001)(5660300002)(10290500003)(66066001)(64756008)(52536014)(81156014)(81166006)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR00MB0638; H:MN2PR00MB0574.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4SzH/zkoWZF47Mih6VgQQ06y4wLH+dEW6vWBwBCBoU+EkV1OFdviec1TlLFFvuF21j2HB+OuTxNKPa1pSZfl1BCvCUPFm9WoMy3i0LqsQS/IFf5bO7DLEJen+crfp0Sld3+3KviOqDCsc+hxWVhoBZry2Z5sqmjyY+OvkJCsOS92pxbgng+gvZ5BRJWO4MHHlw0+yEeM9lfmAncdgIdRt1qQtjU1IhxBjOoJZcs8/VAlflJAmUdjoy7UP1ajCxOI3f5PQzr5G9+WqazRAOGVgvqLuwifkBg8jP7btJW7M4nB/NWebXkvQr2zfh/O68CCDnLNe5hjsM4X7h6rePeKh8MjLedA0bA8zVwnQnnDO56vnrUObLckkgZPIXGLQinQ7v3c7cT5CUO6cIVaW9eegtx42xhJQ/yyiiwmiaaEOJc=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bfd564ed-548c-4dcb-0f39-08d7414e9b78
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2019 00:23:36.5157 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: RXG8h9CI/sFF/Qlryz+h37Ow7TMmcJWZsvw2AEKyaOQitL1ZktlGgLpCxBskM48sOEDXxJi0qlpg/zJdrIMuLg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR00MB0638
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/z58nzs2aUsOP8ZioViOHRV4tf3I>
Subject: Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 00:23:41 -0000

I'm fine with us making both of the proposed changes.

				Thanks,
				-- Mike

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu>; 
Sent: Tuesday, September 24, 2019 4:35 PM
To: draft-ietf-ace-cwt-proof-of-possession.all@ietf.org
Cc: ace@ietf.org
Subject: Re: New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

On Tue, Sep 24, 2019 at 04:33:18PM -0700, Benjamin Kaduk wrote:
> Hi all,
> 
> Thanks for the updates; they look good!
> 
> Before I kick off the IETF LC, I just have two things I wanted to 
> double-check (we may not need a new rev before the LC):
> 
> (1) In Section 3.2 (Representation of an Asymmetric 
> Proof-of-Possession Key), the last paragraph is a somewhat different 
> from the main content, in that it mentions using "COSE_Key" for an 
> encrypted symmetric key, analogous to the last paragraph of Section 
> 3.2 of RFC 7800.  I had wanted to see some additional discussion, but 
> we agreed that this was analogous to RFC 7800 and we did not need to 
> go "out of parity" with it on this point.  So we should be able to go 
> ahead without new text here, but did we want to explicitly refer back 
> to that portion of RFC 7800 to make the connection clear?
> 
> (2) In 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith
> ub.com%2Fcwt-cnf%2Fi-d%2Fpull%2F27%2Ffiles&amp;data=02%7C01%7CMichael.
> Jones%40microsoft.com%7C3db4c9b38e6a4b2a13e408d74147db9e%7C72f988bf86f
> 141af91ab2d7cd011db47%7C1%7C1%7C637049649201375862&amp;sdata=vAL0NqVzv
> sqDAt5JYv0HdtUomFc5ldKJQtla3dtL%2BuM%3D&amp;reserved=0 we removed a large chunk of text since it contained several things that are inaccurate.  The only things that were removed that I wanted to check if we should think about keeping was the note that the same key might be referred to by different key IDs in messages directed to different recipients.  What do people think about that?

Oops, and my notes were unfortunately misalgined to the terminal window
size:

(3) I think we were going to change the [JWT] reference to [CWT], in Section 4:

   Applications utilizing proof of possession SHOULD also utilize
   audience restriction, as described in Section 4.1.3 of [JWT], as it
   provides additional protections.  Audience restriction can be used by
   recipients to reject messages intended for different recipients.

That way we won't get asked to make [JWT] a normative reference.

-Ben