Re: [core] Genart last call review of draft-ietf-core-oscore-edhoc-09

[Marco Tiloca <marco.tiloca@ri.se>]

Hello Joel,

Thanks a lot for your review! Please find in line below our detailed 
replies to your comments.

A Github PR where we have addressed your comments is available at 
[GENART-PR].

Unless any concern is raised, we plan to soon merge this PR (and the 
other ones related to other received reviews), and to submit the result 
as version -10 of the document.

Thanks,
/Marco

[GENART-PR] https://github.com/core-wg/oscore-edhoc/pull/15


On 2023-11-12 17:19, Joel Halpern via Datatracker wrote:
> Reviewer: Joel Halpern
> Review result: Ready with Issues
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
>
> For more information, please see the FAQ at
>
> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.ietf.org%2Fen%2Fgroup%2Fgen%2FGenArtFAQ&data=05%7C01%7Cmarco.tiloca%40ri.se%7Ce47f185c87d84047856f08dbe39b1d56%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638354027581953842%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XUx7hDsJGyJYMu%2BaduzqoyF%2FZypfkLsSwJJS7EslZn8%3D&reserved=0>.
>
> Document: draft-ietf-core-oscore-edhoc-09
> Reviewer: Joel Halpern
> Review Date: 2023-11-12
> IETF LC End Date: 2023-11-13
> IESG Telechat date: Not scheduled for a telechat
>
> Summary: This document is ready for publication as a proposed standard
> reviewer note: I did not attempt to verify that the description here of the
> underlying security protocols is correct.  I leave that to the WG and the
> security reviewers.
>
> Major issues: N/A
>
> Minor issues:
>     In reading the first part of section 3, I found myself confused in two
>     regards.  First, the diagram shows the third message as containing EDHOC
>     message_3 + OSCORE-protected data. But the text refers to it as also
>     containing C_R which is not apparently part of EDHOC message 3.  I think
>     this is explained in step 4 of section 3.2, but it is at best jarring at
>     this stage. (Maybe just call it OSCORE option C_R? Or note at this point,as
>     you do later, in the text that the EDHOC C_R and the OSCORE C_R are
>     identical?)

==>MT

The *CoAP request* contains C_R, while EDHOC message_3 does not. In 
fact, that is the case in both the original workflow and the optimized 
workflow.

That is, in both workflows, C_R is not part of EDHOC message_3, and it 
has to be somehow specified in the CoAP request that conveys EDHOC 
message_3.

As to the original workflow, this is already defined in 
draft-ietf-lake-edhoc, and reminded in Section 2 of the present 
document. That is, C_R is specified in the payload of the CoAP request, 
as prepended to EDHOC message_3, i.e.:

 > The request payload consists of the EDHOC connection identifier C_R 
encoded as per Section 3.3 of [I-D.ietf-lake-edhoc], concatenated with 
EDHOC message_3.

As to the optimized workflow in Section 3, the diagram in Figure 2 is 
correct about what it shows. As it happens, C_R is already specified as 
the value of the 'kid' field in the CoAP OSCORE Option included in the 
CoAP request. Hence, we take advantage of that and we do not prepend C_R 
to EDHOC message_3 in the request payload.

Note that there is no concept of "OSCORE C_R" or "OSCORE option C_R", 
and the CoAP OSCORE Option does not include a C_R field. There is only 
EDHOC C_R, as the EDHOC Connection Identifier of the Responder.

To make these points clearer, in Section 3.0 we have revised the bullet 
list introduced by "That is, the EDHOC + OSCORE request ..." to become 
as follows.

 > That is, the EDHOC + OSCORE request is composed of the following two 
parts combined together in a single CoAP message:
 >
 > * The OSCORE Request from Figure 1, which is also in this case sent 
to a protected resource, with the correct CoAP method and options 
intended for accessing that resource.
 >
 > * EDHOC data consisting of the pair (C_R, EDHOC message_3) required 
for completing the EDHOC session, transported as follows:
 >    * C_R is the OSCORE Sender ID of the client and hence transported 
in the 'kid' field of the OSCORE Option (see Section 6.1 of RFC 8613). 
Unlike in the sequential workflow shown in Figure 1, C_R is thus not 
transported in the payload of the EDHOC + OSCORE request.
 >    * EDHOC message_3 is transported in the payload of the EDHOC + 
OSCORE request, prepended to the payload of the OSCORE Request. This is 
because EDHOC message_3 may be too large to be included in a CoAP 
Option, e.g., when conveying a large public key certificate chain as 
ID_CRED_I (see Section 3.5.3 of [I-D.ietf-lake-edhoc]) or when conveying 
large External Authorization Data as EAD_3 (see Section 3.8 of 
[I-D.ietf-lake-edhoc]).

<==

>      Second, the description here is worded in a way that leads the reader to
>      understand that the EDHOC message is part of the OSCOR content.  The
>      processing order and protection structure is spelled out in section 3.2.
>      Maybe just add something like "This structure can be processed in order due
>      to the construction rules in section 3.2?

==>MT

In Section 3.0, we have extended the paragraph right before the bullet 
list as follows.

OLD
 > That is, the EDHOC + OSCORE request is composed of the following two 
parts combined together in a single CoAP message:

NEW
 > That is, the EDHOC + OSCORE request is composed of the following two 
parts combined together in a single CoAP message. The steps for 
processing the EDHOC + OSCORE request and the two parts combined in 
there are defined in Section 3.2 and Section 3.3.

<==

>
> Nits/editorial comments:
>
>

-- 
Marco Tiloca
Ph.D., Senior Researcher

Phone: +46 (0)70 60 46 501

RISE Research Institutes of Sweden AB
Box 1263
164 29 Kista (Sweden)

Division: Digital Systems
Department: Computer Science
Unit: Cybersecurity

https://www.ri.se