IETF Logo Mail Archive

Re: [core] 🔔 WG Last Call of draft-ietf-core-oscore-groupcomm

Esko Dijk <esko.dijk@iotconsultancy.nl> Tue, 11 January 2022 09:14 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498DA3A1F91; Tue, 11 Jan 2022 01:14:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E6SlMOPWYf6r; Tue, 11 Jan 2022 01:14:35 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50091.outbound.protection.outlook.com [40.107.5.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C87DC3A1F8F; Tue, 11 Jan 2022 01:14:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JSM7QWT6mMOxoJ4dRffxgreMwZcNQ4e3DAi3sc5tB3qa5bt24ckYzIROs/e2jHrbhlVbu/Ci2Q8WBPDAtPf3XnkEOcDENgrhudK0notq7shWuBcuXE/RPQUdFoy2+beksDA2amucCKmrOlAm+nSNGutT4qkzdBd3tksA0My1ZBVkjsIZySFrSey/gDE6O+n1BDIXmrZJb7z+YXjmmjZlSc5hTlwTMOlwPYi+OuoJpi5ctvPQX4E378p4XVVtf9Ptp9fFN6oVp6Am5TYEiwX77iU+yzzrAe07hGlHpoxE8VEzsaI6mHuVaSalXCXpAO9ugXWY1X+tuTYBj4ubDpM/Kg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OFKdXUC7dhWvqAulwsdTAbnWfEaDw5tzdHnjxtbnFIs=; b=gOvIeDuXgEQHY0i4FHiqzlR7wiFqIuMinaNpX2WHeNbC2ABNd/rjyi6s8iltrvWxf8gic0HHI2NEu/toGT9eTPGbW/9gUOYmcU+REkqyhaIl47eRzZtJEe1VPBQnqEA78ZcuiVE8WuVLDSDwt3LwUvgeWQuxMlzdb9eBadQlS+Z8QMWPDV1Bv7rELYG0IIPrNsbfBj2dIIKUIQW6R7f1R2xp475QDdtoA3Qog+i624T74Yjy1/PiSfGCHAOO1ohGOlOUHQiZcy2AZ10U52IFstXuPrsuT1IL0/TzSQ47rbrKgejqgsuev1fPELaPBkY+k/5nwncmw/8qoSt6U/uYaQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OFKdXUC7dhWvqAulwsdTAbnWfEaDw5tzdHnjxtbnFIs=; b=OIe9xkuexVQhjdwPLiXK3llDIE0Fd22/cmmWOXYr0ySP7P53yawNhxAhZqdo3j17BxUI11anjStNwKCMZ6YYb02COFNx1ZshtWISfJa5nOdOnB0DLE+ScwNRV1oghyaC2IK7r/6NNvI3pizijFwTkz63zpxWhRx5DYC+up6eq+4=
Received: from AM8P190MB0979.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:1d3::8) by AM8P190MB0897.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:1dd::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.9; Tue, 11 Jan 2022 09:14:26 +0000
Received: from AM8P190MB0979.EURP190.PROD.OUTLOOK.COM ([fe80::8c97:2e2:2318:2bae]) by AM8P190MB0979.EURP190.PROD.OUTLOOK.COM ([fe80::8c97:2e2:2318:2bae%6]) with mapi id 15.20.4867.012; Tue, 11 Jan 2022 09:14:26 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Jaime Jiménez <jaime@iki.fi>, "core@ietf.org" <core@ietf.org>
CC: "draft-ietf-core-oscore-groupcomm.authors@ietf.org" <draft-ietf-core-oscore-groupcomm.authors@ietf.org>
Thread-Topic: [core] 🔔 WG Last Call of draft-ietf-core-oscore-groupcomm
Thread-Index: AQHX1ZwLhI+MshUoXUubuOyktGdNOqxd3p0g
Date: Tue, 11 Jan 2022 09:14:26 +0000
Message-ID: <AM8P190MB09793B5DFBA3340109FC46EBFD519@AM8P190MB0979.EURP190.PROD.OUTLOOK.COM>
References: <e1c0ac8b-cfa8-4a26-9d19-eee6d9f697b0@www.fastmail.com>
In-Reply-To: <e1c0ac8b-cfa8-4a26-9d19-eee6d9f697b0@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dfc8479d-0a40-4807-eb18-08d9d4e2c41f
x-ms-traffictypediagnostic: AM8P190MB0897:EE_
x-microsoft-antispam-prvs: <AM8P190MB0897337E7BD9A3AE890BD1ECFD519@AM8P190MB0897.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0scKianfwrOKUznyz87DRjTR0uBAWSrpnK9IsKm0YXkoChVg/qQU6iZZbQ2hytMxdweZ5a3Qwn32aOkCCttKhqaAhWD3u6ThM6EGm7ped3Bt45mzjL1feClnYWYJvOOtjpGt/DzCvEM6VsW6x1C2bVtIXL/W4A/HRrl4vOA6AkA+WPjatODq6ljWG2MWP1v2NbjTyDxsSmQiOQ1Ez6MhOlV4XjDGdNMAys4bmCFrak9ytefBfICCHtqB9Bgz5iGCgM892z4sfDzL34/7Zm4tRvelgq05oPLIEivlmfNcKlpyRfT6Yg0xBEQYDu303RuREcbdsO7XIfaDfJu1YWJRDZfZiPHmPdbsMRMQRqv/3TVn5AOme774gkQt3VZRWSNuVD8WsAnVBfYHNHcTppx8g71S6AFqYBJHlzsyoN76l4X/e8hi0XxxJXdZU9CJtgN0expB9yIiDdjtAsEWDEqvsNSeLGVr7XdiE+O8MjIGXdyXP3SXjUG3oFtBDdfwXj5ZlWOXYrsY8wsd6Vkm5rZMjjfJVDz/qn28F8qf8yYC65eRGu5CGhfFp8nteO5Zcubi0a9Ize1ldFJEnLs05HLYmGpHvADedNpOuiqUndw/vTKUDRzifrXGKtb+MYipaiCxJMFNCsgWdTxM+yL68XO9TPC6YkdHhwELzYRzMB9Ycqp1MQQXckI2fQcw7yxixTNzqZKDpBTh1TSp4EF5lBDO5HvGoKEe/vKJ+NaeoYVCNJkWLXIbnmPRm+/bke0AI/XhbuKtMKnrBWJ8sOOHLZbcTdevHjs9O7TBA4XYRk/8Jec=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8P190MB0979.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(346002)(376002)(39830400003)(366004)(136003)(396003)(966005)(8936002)(71200400001)(122000001)(30864003)(66574015)(38100700002)(53546011)(186003)(6506007)(83380400001)(44832011)(33656002)(55016003)(9686003)(66946007)(508600001)(52536014)(66556008)(316002)(66446008)(64756008)(7696005)(110136005)(66476007)(5660300002)(2906002)(4326008)(86362001)(76116006)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: G3k1tmHkhLDc8+X4n31bNr1qTVJ4QXJAD0KRz++kcDk5zQONtlVuhB9xtZLamuvPJ55gW5Qi+KSMKg82rWaLz4Q7h47Tg1SNPuBIaH/2EGFbj3tzkL+R54oVgZ+VxDpXpNnTGGM4H68LnIn41lqFPTHZzoqAWm4zyuza/PaxcFf4RwB8wvf10ZNS9sXGYDOrWeBHTpNFGCTgkcVx+3Y8eRzSUUY4oN9dkWji49pCYyMrHHiW40FZyayBkJKBRgw7v1ZntPwjRqXgvu2CVjQBT2Yw1b2EztXj6mFGITSGW0KKC6HkT+Mws0GWT3w7rcgZq0pXREUfzfPs2cvG27hC/efG3w9iNdkYIFjgu6bNxKEapSocwkDMefWsYVl0Ld6blJJ9MLfx0EGiGIXK+CvEYcz2kIDvatDIZIpWVzPJCO5KC2/A4C0RrHs2v5zpNjw3hhSD73lChs6m9Be0XjLan6IxYFfnR1w3PhygmMgeGLtBb9UABc90cBdAYxxbmypM26fPyn/LbkS7v4g7OI29uok1etIWv5R5FWtPGRJjVvQguZG0xbIPcjkNBZ4/0RZ4YQ0jW9zJyTWzaTcyzyolQnkRBB3fq0Vy2Ovqr9ihnn1mZHg+TcmD4tBEnWHhBU67J3Fd7d1aTf+w9UcpgWD66mC1cNcffpP47xYsm3p87FzT4mRFHHYkdxfgrXS3AokotRg8CCnkuWZhQI7wngDu3otXObX9Oq6UPeqoReD3gGvT8shfYWMNGkyD4xOSryTrb0uRbOPt98bD4AUBLfp/xqFR/RojFxGe7Yr/aBtUqn7lV9+PohzxQB53h41VWSf9yjt0c9VNMDZCeHrM6zDoIEK8kfmYywRoMjzZk4E8GnRFths8XYtS0EmgdKEyYbdMIYBzdeFkRmU6tly5+yHz6IG5aATK4YvQ/BDGGKwTz1SKd4H1L/j5RPwjRjtlOgEDJAmzGYQCaMR5SoUhVS2Pycx13MiCOlwV2+LfiWbbhQG4har5FouUXjJf0vh6wDkYePzWUbHnG8M0YAY6xaF3XZbX7+3BN1DArMaqDRdRr1VWoqypxoPvKd1ckdOFy/UNXcjDXKrqtbl7SW2tJ9SPawPT6fg08qU1USVCeeXQ4autJwi9kVmb91xMSiDWi9mN3VZuESxv1xQunEgRe2daxqtMSFacZazYd+2mp0PsNO1Q0lqUUGg3G1PaKa7KbBLo73TwVMz/WZac4uVQkb9jUvIu+gGnIRsfGzvpqYOXkL60Wp0/lDwliTpLXEuWCFdw8t27IveSj9YDlQf4dzKB1QQRZbym98/qLPWb1mL/u+3M8Wa212dJPu4tpp/Jzt0qyv+0iIaIFqyl2j7hHRNTQnVhE2ivgv606gaNLoEv3fqiUQRv7ywjEyAntzw9CmSejOdanX1R3ATIZzjSqFaDog/KoZANw8rhJ3lkZIX3WKcpMlSEt95XaYCQBqnz7Fo4RVlldrP0Bhak1GGlfTVz9PSgM1rG43Dq3/9QdTAyHMAf/CI0oJ3pWnp3QAPMRgv0J+7wb67W7Sey5cNw/JxB5mC+224x1U1QqadTWcReYUWBJ2UebGROBpaInwmv4KyeBv1HCM1+QlIU545iXFLOdtrudhrI5l4dMUeM9mMZU6lghm+5pbjed0Q4xcK+4ZeuTs96l5mAxocETNPx3mEtYGhxYSlIg67Ap/Y38TzKgRgAo6LflCb2CAcnB7+JCiz/t3h0xmFSbVD9wZsFJ2Lt9Q==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P190MB0979.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: dfc8479d-0a40-4807-eb18-08d9d4e2c41f
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2022 09:14:26.6978 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pgf0IbJlvdkrFAZ/3TBIvqVBcgO1oOLU48lTIo3XtQXpZEZtTJhUHPqWc633Adf7EEbyO8ISRBccA8GILAgBK2rNcfQwLF9J73z3EFhMVgM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P190MB0897
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/7aOZ4YXBI0IvCBOYlHOftDzuCVY>
Subject: Re: [core] 🔔 WG Last Call of draft-ietf-core-oscore-groupcomm
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2022 09:14:41 -0000

Hi everyone,

I completed my review of draft-ietf-core-oscore-groupcomm for this 2nd last call. Below some points for discussion or clarification are listed. In another email today or tomorrow I'll send the editorial/textual/nit comments.
Overall my impression of the draft is good; there has been much attention to detail and guidance for the readers/implementers. Also its scope is set to support as many variations as possible (e.g. with/without pairwise mode, group mode, with/without Observe, Blockwise, supporting observation across rekeying events, etc.).  The downside of that is that the spec becomes complex at particular places to support all of that at the same time, securely. Maybe implementers will therefore consider to implement a subset only to avoid some of the complexity; which should be ok.

Best regards
Esko

--- 

1
"in order to protect the routing information of packets from observers"
-> this feels counter-intuitive; which routing information is protected by DTLS?  IP headers remain visible. Or is there more/other routing information protected by wrapping Group OSCORE messages in DTLS?

"but has the benefit of restricting the symmetric keying material while distributing only the public key of each group member."
-> can be formulated more clearly: in what way is the symmetric keying material restricted? E.g. do we mean restricting any given symmetric key to only those 2 CoAP endpoints that need to communicate using it. It is not restricted in the sense of restricted scope or, say, restricted (lower) key length.
  And 'while distributing only the public key of each group member' could be more specific also. To what other node(s) is the public key of a group member sent? E.g. only to those CoAP endpoints that need to communicate with that group member, not to 
all group members I think. 

1.1 Terminology
Perhaps the difference between "node" and "endpoint" can be reiterated here, even though it was defined by RFC 7252.  In this draft the 'term' node is often used e.g. in Section 3.2 to indicate a node with a single endpoint where that endpoint joins a group.  So when we talk about a 'node as a group member' that it means a single endpoint hosted on that node. Later in Section 3.2. it e.g. states endpoints are removed from the group which then excludes nodes from communication with the group. In case a node can host multiple endpoints, we may need to say then that all endpoints of a particular node need to be removed from the group. (Assuming it can have multiple like defined by RFC 7252.) So then it becomes important for security reasons to get the distinction clear.

2.3 / 2.4.1
Section 2.3 discusses format requirements for public keys. It also says "For example, an X.509 certificate is provided as its direct binary serialization." which was quite confusing to me as it suggests the entire certificate is denoted as a "pubic key" and used as such in 2.4.1 procedures.
Does this mean in Section 2.4.1 the entire X.509 certificate is used to derive the pairwise key? That seems less efficient as a node then has to store the entire X.509 certificate of each peer, instead of just the public-key part of it (the SubjectPublicKeyInfo structure). That will take more memory than perhaps needed.
Maybe there's some reason the full certificate is used and not just the SubjectPublicKeyInfo part of it? It could avoid further parsing of the certificate structure.  Also when only a part is used it needs to be really clearly defined to avoid unclarities about what part to really use (as we had in the ANIMA WG).
And another thought: besides memory impact, would using the full X.509 be more overhead on a constrained device instead of just the SubjectPublicKeyInfo part of it? I.e. the input to the HKDF(.) is substantially longer when using the full cert. 

2.4.1
the adjective "(signature)" is used a couple of times. I don't see a "signature public key" being defined explicitly. Also Fig 1 does not use "(signature)". Do I miss something?

3.2
See Section 1.1 comment.

"The Group Manager MUST check if the new Gid to be distributed coincides with the Birth Gid of any of the current group members"
-> This is unclear to me. In the first paragraph of 3.2, it is stated that GM creates a new Gid. So how could it coincide if it is really new? (Also not clear what 'coincide' means here. Equal? If so, we should write 'equals')
-> What is the purpose of evicting the elder members?  This is puzzling, as the aim is to keep the elder members in the group surely.

3.2.1

	Even when an endpoint joining a group is recognized as a current
	   member of that group, e.g., through the ongoing secure communication
	   association, the Group Manager MUST assign a new Sender ID different
	   than the one currently used by the endpoint in the group, unless the
	   group is rekeyed first and a new Gid value is established.
-> How can an already-joined endpoint, i.e. a member, join the same group?  Or does this text assume that the GM knows the endpoint is a member while the endpoint itself "forgot" this or purposely deleted its group-related data to do a re-join?
Section 3.3 step 6 has the same question.

Figure 2 says "After changing Group ID, an unused kid can be assigned". Do we mean here a previously used kid (under a Gid=N) that is currently unused (under Gid=N), can be re-assigned after Gid change to Gid != N ?  Not sure whether we can fit the intended sentence in such a small space. Maybe "After Group ID change, a formerly used kid can be re-used" ?

8
Recommendations in the last paragraph to not send back any error message: is this also applicable when the group request is sent over a unicast transport? In that case it should be ok to respond error, since there's no risk of amplification attack.
E.g. for a unicast pairwise request it is defined that an error can be sent e.g. in 9.4.  Although sending group request over unicast is generally not recommended as stated elsewhere in the draft, there were some valid cases cited so we can consider group request over unicast cases.

8.3.1
"For each ongoing observation, the server can help the client to
   synchronize, by including also the 'kid context' parameter in
   notifications following a group rekeying, "
-> I'm wondering in what way this helps. Is it a reduction of time / energy used by the client, because sending it lets the client avoid trying out decryption/validation using first the old Gid/context, which would fail?
The downside of optionally including it is a more complex handling in the code i.e. more message variations = more code paths = more things potentially going wrong and to test.

10

	Constrained IoT devices may alternatively represent Montgomery curves
	   and (twisted) Edwards curves [RFC7748] in the short-Weierstrass form
	   Wei25519, with which the algorithms ECDSA25519 and ECDH25519 can be
	   used for signature operations and Diffie-Hellman secret calculation,
	   respectively [I-D.ietf-lwig-curve-representations].

-> This sounds optional ('may'). But the paragraph is in the section "Mandatory-to-Implement"; why place it there?
-> Also several SHOULD/RECOMMENDED items are in this section.  Same question, doesn't it contradict the title?

11
I did not find a consideration about selecting the value/length of the Master Salt, and whether it needs to be set at all (i.e. other than the default value of Master Salt). Is it useful for group communication? In what situations?

What about a consideration on a possible DoS attack:  an attacker first blocks the IP communication path to the Group Manager , and then trigger a mass power-cycle (reboot) including devices that are doing Group OSCORE communication. These device will then not perform group communication anymore due to the section 2.5.1.1 requirements last paragraph.   Blocking the IP communication path to the GM could be done e.g. by injecting fake DNS responses for GM hostname queries or by removing a network link that's used for routing towards the GM. At least in the movies an attacker is ocassionally able to trigger a power outage for a few seconds  ;) 

11.1
"Thus, a current group member owning the
      latest group keying material does not own the public key of any
      former group member."
-> Not sure what this intends to say. A group member may store a public key of any group member. But it never "owns" the public key of another node, in the sense that it doesn't have access to its private key right?
Maybe it was intended to say that due to protocol/GM design, a node doesn't store the public key of a former group member because it gets deleted at the moment that the member leaves.
Changing "owned" to "stored" may help to rephrase.

11.7.2
Towards the end the reader may lose a bit the context of the prior "would" statements. E.g. we have:

	Since the Partial IV is 5 bytes in size, this requires 2^40
	   operations to test all the Partial IVs, which can be done in real-
	   time.  The probability that a single given message M1 can be used to
	   forge a response M2 for a given request would be equal to 2^-24,
	   since there are more MAC values (8 bytes in size) than Partial IV
	   values (5 bytes in size).

Is this in the context of the present solution specified, or in context of a hypothetical case of a countersignature that does *not* cover the OSCORE Option?
Same question for the paragraph:
	Note that, by changing the Partial IV as discussed above, any member
	   of G1 would also be able to forge a valid signed response message M2
	   to be injected in the same group G1.
(In other words: do we want to say here that a member of G2 can *not* forge a valid signed response message M2, because we now have a countersignature that covers the OSCORE Option?
Or do we want to say that a member of G2 *can* forge in real-time.)

References
Quite a number of references are informative. This may need to be changed for some, based on the guidelines in https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/. 

Reference [I-D.mattsson-cfrg-det-sigs-with-noise] is used in a normative requirement (SHOULD), so the reference should be normative even though some implementations may not use it.  (Assumption here is that most will.)
Similar for [I-D.ietf-ace-key-groupcomm-oscore],    [I-D.ietf-ace-key-groupcomm-oscore]: used in a SHOULD.
CoAP Observe RFC 7641 plays an important role so should be a normative reference.  That is true regardless of the fact that Observe is an optional feature; since many of the sections define specific protocol elements for Observe i.e. it defines new technology that builds normatively on Observe.

Reference [I-D.ietf-core-echo-request-tag] is used in a normative MUST requirement (in 2.5.1.2), so here the reference should be normative.
Or do I misunderstand this? It can also be interpreted as only Appendix E being the target of the MUST requirement, while [I-D.ietf-core-echo-request-tag] is only informative - but that seems to be not the case, as the format of the Echo option is actually used in the Appendix E approach. In other words you need to read [I-D.ietf-core-echo-request-tag] definitions to implement the solution of Appendix E and it cannot work otherwise. 

Appendices
All: Some appendices have normative language; so it seems they are not merely informative. Is there a particular reason for putting this information in an appendix and not in main text?
Should we indicate in the introduction which Appendices are normative and which informative?

Appendix A.1
"Multicast data security ciphersuite: all members of a security group must agree on a ciphersuite"
-> Isn't it determined by the GM? E.g. the GM needs to establish a ciphersuite that all members can support. There's no agreement protocol or so.

Appendix D
	It is RECOMMENDED that the join process adopts the approach described
	   in [I-D.ietf-ace-key-groupcomm-oscore] and based on the ACE framework
	   for Authentication and Authorization in constrained environments
	   [I-D.ietf-ace-oauth-authz].
-> the part "and based on the ACE framework ..." is not so clear. Is applying [I-D.ietf-ace-oauth-authz] RECOMMENDED? Or is it just informational saying that [I-D.ietf-ace-key-groupcomm-oscore] is basing itself on [I-D.ietf-ace-oauth-authz], as a "FYI" statement? Section 3 language on this same subject is more clear and could be used instead.  Or maybe refer to the Section 3 statement from here to avoid duplication.

Appendix E
Given the normative-references discussion above and normative references made to Appendix E, why isn't this content in a main document section?


-----Original Message-----
From: core <core-bounces@ietf.org> On Behalf Of Jaime Jiménez
Sent: Tuesday, November 9, 2021 20:00
To: core@ietf.org
Cc: draft-ietf-core-oscore-groupcomm.authors@ietf.org
Subject: [core] 🔔 WG Last Call of draft-ietf-core-oscore-groupcomm

Dear CoRE,

as we discussed yesterday, the authors of draft-ietf-core-oscore-groupcomm think their draft is ready for a 2nd WGLC. The current version of the draft (v13) is not expecting any updates so you can start your planned reviews.

https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-groupcomm-13

In addition to the email list discussion reviewers could consider opening new issues on the Github repo of the draft as courtesy to the authors.

https://github.com/core-wg/oscore-groupcomm

As we have the IETF ongoing and the document needs time to be digested, we place the end of the call on the 1st of December with a possibility of extension depending on the number of reviews.

>From the minutes I take that CA, RH, ED and TF would give it thorough look. Thank you already for that, much appreciated!!

Ciao!
-- 
Jaime Jiménez

_______________________________________________
core mailing list
core@ietf.org
https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email