[core] Review of draft-ietf-core-oscore-groupcomm-05
Ludwig Seitz <ludwig.seitz@ri.se> Wed, 24 July 2019 12:13 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E93B1201CB; Wed, 24 Jul 2019 05:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wDQAOdj6xyef; Wed, 24 Jul 2019 05:13:38 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00041.outbound.protection.outlook.com [40.107.0.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9590D1201A0; Wed, 24 Jul 2019 05:13:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fCQYB9m7ud1ya+1bRF1VJEo3pE6Quk1F5rtrzo+mCvWFXXHyt6YaOhGhxjs9kgpZaoUflm6iayA+psCaV3ablcKvlWpWreRt2Hjv0Lgzuq2BJ+ev9mWZrWF9r5jIpteNRGf1glNppSKIwv6UioFGuMweCaU6f3UHeOPmyAaohDEp8cxGW17kL9zpCdOU+dM2QJBgBROf5eiqsrGuyAvKSS3G+oEHc9O8ab0UAVehfAlSnBvxhzp0iP1+X2vOJUSL1DjCZWvZvNZ970vNdPfaoRnkfVhxwHe1i4PpXSGfKLw0qcZ/crje05i9GK2JaFf9950dyOhH9O8NQaU8+Ym7mQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hh5B95vlgaWjudYeH5sBTrdBAafWC7CHxe9OeYZtdtE=; b=STwM7l0fsXmbgIxRc1baC0xwAYUssczpK7IbqaX1u4YwHBwTWBHjwq4hMNHCiK8rnytn8f5Kp0JytLjH8wbmc3wuNmw8KrozrTdHjefOp/1r8byavThFiZNXTwxTirdfoFZeKz6WW705xMDYI6CxqyScr/DbErl7C5bcfv8z8a+ghyfchK2CWqWV1uSszGaU8G3r9IXMfV3Sy/OweD7Ssw5cVwFD1Sg4/xiE9y/es9wimcXmVNAHrjUmf79HJE4EuGJj24Dwd4dLlpqEG3FSYrqCWct6BIiiGsHXXEYV1DkQa0hLVOkIStKqsBxOlrJNUOr6CS5KeiTth0uLK1wi4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se;dmarc=bestguesspass action=none header.from=ri.se;dkim=none (message not signed);arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector2-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hh5B95vlgaWjudYeH5sBTrdBAafWC7CHxe9OeYZtdtE=; b=bZ2y/hokqcqFj2efGtgfwfAWk7ZxtshLHlSQeQz5t1iVG3tzaDqM0iM+2JmuH4EAg4SlfPrfBWk8n1ZwTj0woXL0FOz1OkPiopGzPqsKGGe1zI5z34KswbmKEnZqzlSuD678EZKmtI5UkZRpdyj5dlGpFgT9oB8qx6/0zzow9kw=
Received: from AM5P189CA0007.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:15::20) by DB6P18901MB0216.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:27::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Wed, 24 Jul 2019 12:13:35 +0000
Received: from HE1EUR02FT011.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::201) by AM5P189CA0007.outlook.office365.com (2603:10a6:206:15::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2094.12 via Frontend Transport; Wed, 24 Jul 2019 12:13:34 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT011.mail.protection.outlook.com (10.152.10.174) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2115.10 via Frontend Transport; Wed, 24 Jul 2019 12:13:34 +0000
Received: from [10.112.134.122] (10.100.0.158) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 24 Jul 2019 14:13:34 +0200
To: draft-ietf-core-oscore-groupcomm@ietf.org
CC: core <core@ietf.org>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <523312fb-74ff-2845-7371-1a33202ae4af@ri.se>
Date: Wed, 24 Jul 2019 14:13:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms070008060207060707090209"
X-Originating-IP: [10.100.0.158]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(396003)(136003)(39860400002)(2980300002)(199004)(189003)(58126008)(568964002)(476003)(126002)(16586007)(2351001)(316002)(22746008)(6916009)(65806001)(16576012)(2616005)(65826007)(70206006)(356004)(44832011)(65956001)(70586007)(6666004)(31686004)(2906002)(3846002)(6116002)(71190400001)(81166006)(81156014)(106002)(31696002)(53936002)(86362001)(66574012)(336012)(64126003)(22756006)(33964004)(8936002)(14444005)(450100002)(68736007)(40036005)(305945005)(478600001)(7736002)(26005)(486006)(186003)(16526019)(235185007)(386003)(69596002)(4326008)(5660300002)(5024004)(8676002)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P18901MB0216; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0868f24f-5dc4-44e9-51cf-08d7103059c7
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:DB6P18901MB0216;
X-MS-TrafficTypeDiagnostic: DB6P18901MB0216:
X-Microsoft-Antispam-PRVS: <DB6P18901MB0216CC667F6C4CFCD81210AA82C60@DB6P18901MB0216.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 0108A997B2
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: Sd8neWj/LhPTmYgGj+zsNr+kC2eMbIfmeA9n0RKTAGK0fbEeCqURx7tEfsVst8OY0iC48z+P6ZXqiLkiExJDU3WmmZ86hlOWb8l5YjOcjddPKomDisphYmCeMQ1mG+Mtftsggm6SF8hpoyc5WwnVtPYVff0Spn4FpPLa2Ev+xfexMpERYIuMaNrPtQREJJkQxb1GsqzuIxFHZA5M+z758W6fZCC0OYwsvZcNGv+Dic+pie6sh5VLmvY8PMDoed6OxPIFn9fWvP61RsJcty3ADiKx8IDhM3giTGaPnQAJGgioawDZd16/AlidhoY5QABsbz7ZfzTFmq4bt7Jb7oyUBOjms8O8vGtnRxfYA6kZYbuPB2ebSb0TJylraU52ZMyoZSKHEDGLHlFax6nMoVbbaY8N6OfS/fl0GMEVDQt4vm4=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jul 2019 12:13:34.5763 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0868f24f-5dc4-44e9-51cf-08d7103059c7
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P18901MB0216
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/4CUIYY8h2V_w68BtbXE6iEgHKxk>
Subject: [core] Review of draft-ietf-core-oscore-groupcomm-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 12:13:41 -0000
Hello Marco, Göran, Francesca and Jiye, here are some review comments on draft-ietf-core-oscore-groupcomm-05: == All document: Update references to OSCORE to point to RFC 8613 == 1.1 Why allow collisions between Group Identifiers managed by a single GM? This seems unnecessary and dangerous, is there a good use-case where this is warranted? == 2. Why not require the application to prevent collisions between Gids? == 2. "If not already stored in the Recipient Context associated to the sender, the recipient retrieves the sender's public key from the Group Manager, which collects public keys upon endpoints' joining the group, acts as trusted key repository and ensures the correct association between the public key and the identifier of the sender, for instance by means of public key certificates." Note that this requires a device to have two parallel sessions open (one with the GM and one on which the message linked to the potentially missing public key. This may not always be feasible on very constrained devices. == 2.1. "After a new Gid has been distributed, a same Recipient ID ('kid') should not be considered as a persistent and reliable indicator of the same group member. Such an indication can be actually achieved only by verifying countersignatures of received messages." This is really counter-intuitive and dangerous. Why can identifiers be redistributed within the same group? Shouldn't the GM make sure that the same identifier is assigned to a group member, even if the security context is updated? If the only reliable identifier is the public key, why not make the sender/recipient ID a hash of that public key? == 3. "... with an Authenticated Encryption with Additional Data (AEAD) algorithm" AEAD expands to "Authenticated Encryption with Associated Data" == 3.1 "The external_aad in the Additional Authenticated Data (AAD) is extended as follows." As far as I can tell the external_add is not "in" the AAD, it is the AAD, so I'd suggest to rephrase to "The external_aad structure of the Additional Authenticated Data (AAD) ..." == 7. "2. [...] Such policies can be enforced locally by the Group Manager, or by a third party in a trust relation with the Group Manager and entrusted to enforce join policies on behalf of the Group Manager." This feels unnecessary in the context of this document, since it doesn't deal at all with the how/where/why of the policies governing access to a group. I would suggest to delete this sentence. == 7. "3. Driving the join process to add new endpoints as group members." This sounds weird. What does "driving the process" mean? Perhaps just rephrase to "handle the join process"? == 7. "4. Establishing Security Common Contexts ..." This part of the sentence sounds like there is an unintentional word swap. Did you mean "Establishing the Common Context part of the Security Context"? Note that the term "Security Common Context" appears in several other places throughout the document. == 8.3 "... a key management scheme for secure revocation and renewal of Security Contexts and group keying material ..." Isn't the "group keying material" part redundant? If I understood everything correctly it is part of the Security Contexts. == 8.4 Second paragraph. If I read this correctly you propose that applications allow recipients to continue using invalid security contexts for a limited time after a security context update. This sounds dangerous and unnecessary. Why would we want to propose such a measure? We could adopt the equivalent procedure here to the one proposed in the third paragraph, that is "If a sender receives a Security Context update shorty after having sent a message, it can re-send that message using the new Security Context." == 8.5 Why would an application even allow non-unique group identifiers? This makes the whole concept of the group identifier useless. Is there a realistic use case where this could happen? Otherwise I suggest removing this text. == 8.9 "Group OSCORE derives the Security Context using the same construction of OSCORE" should be: ...same construction as ... == 8.10 "Thus, other that in such unlikely case, it cannot be defined that only messages with sequence number which are equal to previous sequence number + 1 are accepted." I cannot make sense of this sentence, please rephrase, possibly splitting it into several sentences. == 8.14 "...this parameter explicitly relate two or more communicating endpoints," should be "...explicitly relates two ..." == 9.1 and 9.2 Would be nice if there was a sentence or two explaining the difference between the two registries, as it is not immediately obvious. == 9.3 "The IANA Registry established in this document is defined" should be "Registries ... are defined" == Appendix B 5th bullet The abbreviation LLN should be expanded. == Appendix B 6th bullet " The latters may reply back ..." Should be "The latter ..." == Appendix B 6th bullet Expand the abbreviation "MPL" Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
- [core] Review of draft-ietf-core-oscore-groupcomm… Ludwig Seitz
- Re: [core] Review of draft-ietf-core-oscore-group… Marco Tiloca