IETF Logo Mail Archive

Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 14 August 2019 16:57 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 531BF120BBB; Wed, 14 Aug 2019 09:57:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGgePlmwkdBl; Wed, 14 Aug 2019 09:57:00 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E027120BB6; Wed, 14 Aug 2019 09:56:59 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 0CE3B3818C; Wed, 14 Aug 2019 12:56:11 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id AA77DD1C; Wed, 14 Aug 2019 12:56:58 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Benjamin Kaduk <kaduk@mit.edu>
cc: The IESG <iesg@ietf.org>, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, tte+ietf@cs.fau.de, anima@ietf.org, anima-chairs@ietf.org
In-Reply-To: <20190721021748.GM23137@kduck.mit.edu>
References: <156282301326.15131.7510532622479656237.idtracker@ietfa.amsl.com> <12747.1563315277@localhost> <20190721021748.GM23137@kduck.mit.edu>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 14 Aug 2019 12:56:58 -0400
Message-ID: <1027.1565801818@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/Dice5p9ZGy3GU7oJf5Gq6r4Eh3E>
Subject: Re: [Anima] Benjamin Kaduk's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2019 16:57:03 -0000

https://tinyurl.com/y2skc9xz

Benjamin Kaduk <kaduk@mit.edu> wrote:
    >> We did not resort to a YANG data model for the auditlog responses, so I spent
    >> a few minutes mystified by your complaint... then:
    >> We referenced 7951 (YANG->JSON), but we should have just referenced RFC7159 (JSON)!

    > Oh!  That would make  a lot more sense... (but 7159 is obsoleted by 8259,
    > of course)

got them all now.

    >> If so, the reason for normative language is because, we want to say, "if you
    >> do X, then you MUST do it this way".
    >>
    >> Second, we have referenced some pieces of section 7.2 from section 9.
    >> We think that there are significant security issues by accepting nonceless
    >> vouchers, which we discuss in 11.1.   A variation of the protocol is when
    >> the manufacturer programs the pledge to ALWAYS accept nonceless vouchers.
    >> There could otherwise be some more complex (proprietary, or documented later
    >> on) evaluation of whether to accept a nonceless voucher. For instance, the
    >> MASA could sign them with a different key, perhaps one stored in an HSM.

    > Okay, so it is that the client (well, manufacturer?) chooses whether or not
    > to accept nonceless vouchers.  So we could change the introduction to the
    > enumerated list to be saying that this is a list of exclusive candidate
    > behaviors that could be chosen independently of each other, and not a
    > collection of behaviors all of which are expected to be implemented.

I have revised section 7.2.
My use of normative language seems inconsistent at this point.  I need to
distinguish between "X is possible" from "when doing X you MUST Y" better.

    >> > (14) In Section 5.6:
    >>
    >> >                             The server MUST answer with a suitable 4xx
    >> > or 5xx HTTP [RFC2616] error code when a problem occurs.  In this case,
    >> > the response data from the MASA MUST be a plaintext human- readable
    >> > (ASCII, English) error message containing explanatory information
    >> > describing why the request was rejected.
    >>
    >> > It seems hard to support this stance on internationalization in 2019.
    >>
    >> We don't believe that this response will go anywhere other than logs,
    >> for software suppliers to evaluate.  Localizing these error message causes
    >> more problems in my experience than benefit.  90% of the information is in
    >> the 4xx/5xx code.

    > I should probably defer to my ART-area colleagues here.  But you're saying
    > that mandating English is better than allowing  UTF-8 and otherwise leaving
    > it as implementation defined?

We have removed "ASCII, English), and left this as "UTF-8", with the
expectation that the message may be localized.  Emphasis is on human readable.

    >> > (15) In Section 5.9.4:
    >>
    >> >    To indicate successful enrollment the client SHOULD re-negotiate the
    >> > EST TLS session using the newly obtained credentials.  This occurs by
    >> > the client initiating a new TLS ClientHello message on the existing TLS
    >> > connection.  The client MAY simply close the old TLS session and start
    >> > a new one.  The server MUST support either model.
    >>
    >> > Is this supposed to be sending a new TLS ClientHello in the application
    >> > data channel or as a new handshake message (aka "renegotiation")?  The
    >> > latter is not possible in TLS 1.3 and is generally disrecommended
    >> > anyways even in TLS 1.2.  I would strongly suggest to remove the
    >> > "renegotiation" option and just leave "close the connection and start a
    >> > new connection/handshake".
    >>
    >> Okay, fixed to say:
    >>
    >> <t>To indicate successful enrollment the client SHOULD re-negotiate
    >> the EST TLS session using the newly obtained credentials. This
    >> -          occurs by the client initiating a new TLS ClientHello message on the
    >> -          existing TLS connection. The client MAY simply close the old TLS
    >> -          session and start a new one. The server MUST support either
    >> +          occurs by the client closing the existing TLS connection, and
    >> +          starting a new one. The server MUST support either
    >> model.</t>

    > I'd prefer to s/re-negotiate/re-establish/ as well, but this is probably
    > good enough to clear the discuss.

Changed.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email