[core] Review of draft-ietf-core-oscore-groupcomm-05
Ludwig Seitz <ludwig.seitz@ri.se> Wed, 24 July 2019 12:13 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E93B1201CB; Wed, 24 Jul 2019 05:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wDQAOdj6xyef; Wed, 24 Jul 2019 05:13:38 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00041.outbound.protection.outlook.com [40.107.0.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9590D1201A0; Wed, 24 Jul 2019 05:13:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fCQYB9m7ud1ya+1bRF1VJEo3pE6Quk1F5rtrzo+mCvWFXXHyt6YaOhGhxjs9kgpZaoUflm6iayA+psCaV3ablcKvlWpWreRt2Hjv0Lgzuq2BJ+ev9mWZrWF9r5jIpteNRGf1glNppSKIwv6UioFGuMweCaU6f3UHeOPmyAaohDEp8cxGW17kL9zpCdOU+dM2QJBgBROf5eiqsrGuyAvKSS3G+oEHc9O8ab0UAVehfAlSnBvxhzp0iP1+X2vOJUSL1DjCZWvZvNZ970vNdPfaoRnkfVhxwHe1i4PpXSGfKLw0qcZ/crje05i9GK2JaFf9950dyOhH9O8NQaU8+Ym7mQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hh5B95vlgaWjudYeH5sBTrdBAafWC7CHxe9OeYZtdtE=; b=STwM7l0fsXmbgIxRc1baC0xwAYUssczpK7IbqaX1u4YwHBwTWBHjwq4hMNHCiK8rnytn8f5Kp0JytLjH8wbmc3wuNmw8KrozrTdHjefOp/1r8byavThFiZNXTwxTirdfoFZeKz6WW705xMDYI6CxqyScr/DbErl7C5bcfv8z8a+ghyfchK2CWqWV1uSszGaU8G3r9IXMfV3Sy/OweD7Ssw5cVwFD1Sg4/xiE9y/es9wimcXmVNAHrjUmf79HJE4EuGJj24Dwd4dLlpqEG3FSYrqCWct6BIiiGsHXXEYV1DkQa0hLVOkIStKqsBxOlrJNUOr6CS5KeiTth0uLK1wi4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se;dmarc=bestguesspass action=none header.from=ri.se;dkim=none (message not signed);arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector2-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hh5B95vlgaWjudYeH5sBTrdBAafWC7CHxe9OeYZtdtE=; b=bZ2y/hokqcqFj2efGtgfwfAWk7ZxtshLHlSQeQz5t1iVG3tzaDqM0iM+2JmuH4EAg4SlfPrfBWk8n1ZwTj0woXL0FOz1OkPiopGzPqsKGGe1zI5z34KswbmKEnZqzlSuD678EZKmtI5UkZRpdyj5dlGpFgT9oB8qx6/0zzow9kw=
Received: from AM5P189CA0007.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:15::20) by DB6P18901MB0216.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:27::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Wed, 24 Jul 2019 12:13:35 +0000
Received: from HE1EUR02FT011.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::201) by AM5P189CA0007.outlook.office365.com (2603:10a6:206:15::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2094.12 via Frontend Transport; Wed, 24 Jul 2019 12:13:34 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT011.mail.protection.outlook.com (10.152.10.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2115.10 via Frontend Transport; Wed, 24 Jul 2019 12:13:34 +0000
Received: from [10.112.134.122] (10.100.0.158) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 24 Jul 2019 14:13:34 +0200
To: draft-ietf-core-oscore-groupcomm@ietf.org
CC: core <core@ietf.org>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <523312fb-74ff-2845-7371-1a33202ae4af@ri.se>
Date: Wed, 24 Jul 2019 14:13:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms070008060207060707090209"
X-Originating-IP: [10.100.0.158]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(396003)(136003)(39860400002)(2980300002)(199004)(189003)(58126008)(568964002)(476003)(126002)(16586007)(2351001)(316002)(22746008)(6916009)(65806001)(16576012)(2616005)(65826007)(70206006)(356004)(44832011)(65956001)(70586007)(6666004)(31686004)(2906002)(3846002)(6116002)(71190400001)(81166006)(81156014)(106002)(31696002)(53936002)(86362001)(66574012)(336012)(64126003)(22756006)(33964004)(8936002)(14444005)(450100002)(68736007)(40036005)(305945005)(478600001)(7736002)(26005)(486006)(186003)(16526019)(235185007)(386003)(69596002)(4326008)(5660300002)(5024004)(8676002)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P18901MB0216; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0868f24f-5dc4-44e9-51cf-08d7103059c7
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:DB6P18901MB0216;
X-MS-TrafficTypeDiagnostic: DB6P18901MB0216:
X-Microsoft-Antispam-PRVS: <DB6P18901MB0216CC667F6C4CFCD81210AA82C60@DB6P18901MB0216.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 0108A997B2
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: Sd8neWj/LhPTmYgGj+zsNr+kC2eMbIfmeA9n0RKTAGK0fbEeCqURx7tEfsVst8OY0iC48z+P6ZXqiLkiExJDU3WmmZ86hlOWb8l5YjOcjddPKomDisphYmCeMQ1mG+Mtftsggm6SF8hpoyc5WwnVtPYVff0Spn4FpPLa2Ev+xfexMpERYIuMaNrPtQREJJkQxb1GsqzuIxFHZA5M+z758W6fZCC0OYwsvZcNGv+Dic+pie6sh5VLmvY8PMDoed6OxPIFn9fWvP61RsJcty3ADiKx8IDhM3giTGaPnQAJGgioawDZd16/AlidhoY5QABsbz7ZfzTFmq4bt7Jb7oyUBOjms8O8vGtnRxfYA6kZYbuPB2ebSb0TJylraU52ZMyoZSKHEDGLHlFax6nMoVbbaY8N6OfS/fl0GMEVDQt4vm4=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jul 2019 12:13:34.5763 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0868f24f-5dc4-44e9-51cf-08d7103059c7
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P18901MB0216
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/4CUIYY8h2V_w68BtbXE6iEgHKxk>
Subject: [core] Review of draft-ietf-core-oscore-groupcomm-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 12:13:41 -0000
Hello Marco, Göran, Francesca and Jiye,
here are some review comments on draft-ietf-core-oscore-groupcomm-05:
==
All document:
Update references to OSCORE to point to RFC 8613
==
1.1
Why allow collisions between Group Identifiers managed by a single GM?
This seems unnecessary and dangerous, is there a good use-case where
this is warranted?
==
2.
Why not require the application to prevent collisions between Gids?
==
2.
"If not already stored in the Recipient Context associated to the
sender, the recipient retrieves the sender's public key from the Group
Manager, which collects public keys upon endpoints' joining the group,
acts as trusted key repository and ensures the correct association
between the public key and the identifier of the sender, for instance by
means of public key certificates."
Note that this requires a device to have two parallel sessions open (one
with the GM and one on which the message linked to the potentially
missing public key. This may not always be feasible on very constrained
devices.
==
2.1.
"After a new Gid has been distributed, a same Recipient ID ('kid')
should not be considered as a persistent and reliable indicator of
the same group member. Such an indication can be actually achieved
only by verifying countersignatures of received messages."
This is really counter-intuitive and dangerous. Why can identifiers be
redistributed within the same group? Shouldn't the GM make sure that the
same identifier is assigned to a group member, even if the security
context is updated? If the only reliable identifier is the public key,
why not make the sender/recipient ID a hash of that public key?
==
3.
"... with an Authenticated Encryption with Additional Data (AEAD) algorithm"
AEAD expands to "Authenticated Encryption with Associated Data"
==
3.1
"The external_aad in the Additional Authenticated Data (AAD) is extended
as follows."
As far as I can tell the external_add is not "in" the AAD, it is the
AAD, so I'd suggest to rephrase to "The external_aad structure of the
Additional Authenticated Data (AAD) ..."
==
7.
"2. [...] Such policies can be enforced locally by the Group Manager, or
by a third party in a trust relation with the Group Manager and
entrusted to enforce join policies on behalf of the Group Manager."
This feels unnecessary in the context of this document, since it doesn't
deal at all with the how/where/why of the policies governing access to a
group. I would suggest to delete this sentence.
==
7.
"3. Driving the join process to add new endpoints as group members."
This sounds weird. What does "driving the process" mean? Perhaps just
rephrase to "handle the join process"?
==
7.
"4. Establishing Security Common Contexts ..."
This part of the sentence sounds like there is an unintentional word
swap. Did you mean "Establishing the Common Context part of the Security
Context"?
Note that the term "Security Common Context" appears in several other
places throughout the document.
==
8.3
"... a key management scheme for secure revocation and renewal of
Security Contexts and group keying material ..."
Isn't the "group keying material" part redundant? If I understood
everything correctly it is part of the Security Contexts.
==
8.4 Second paragraph.
If I read this correctly you propose that applications
allow recipients to continue using invalid security contexts for a
limited time after a security context update. This sounds dangerous and
unnecessary. Why would we want to propose such a measure? We could adopt
the equivalent procedure here to the one proposed in the third
paragraph, that is "If a sender receives a Security Context update
shorty after having sent a message, it can re-send that message using
the new Security Context."
==
8.5
Why would an application even allow non-unique group identifiers? This
makes the whole concept of the group identifier useless. Is there a
realistic use case where this could happen? Otherwise I suggest removing
this text.
==
8.9
"Group OSCORE derives the Security Context using the same construction
of OSCORE"
should be: ...same construction as ...
==
8.10
"Thus, other that in such unlikely case, it cannot be defined that only
messages with sequence number which are equal to previous sequence
number + 1 are accepted."
I cannot make sense of this sentence, please rephrase, possibly
splitting it into several sentences.
==
8.14
"...this parameter explicitly relate two or more communicating endpoints,"
should be "...explicitly relates two ..."
==
9.1 and 9.2
Would be nice if there was a sentence or two explaining the difference
between the two registries, as it is not immediately obvious.
==
9.3
"The IANA Registry established in this document is defined"
should be "Registries ... are defined"
==
Appendix B 5th bullet
The abbreviation LLN should be expanded.
==
Appendix B 6th bullet
" The latters may reply back ..."
Should be "The latter ..."
==
Appendix B 6th bullet
Expand the abbreviation "MPL"
Regards,
Ludwig
--
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51
- [core] Review of draft-ietf-core-oscore-groupcomm… Ludwig Seitz
- Re: [core] Review of draft-ietf-core-oscore-group… Marco Tiloca