Re: [core] FW: Review on draft-ietf-core-oscore-groupcomm-03
Marco Tiloca <marco.tiloca@ri.se> Tue, 15 January 2019 15:48 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4376128D09 for <core@ietfa.amsl.com>; Tue, 15 Jan 2019 07:48:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.043
X-Spam-Level:
X-Spam-Status: No, score=-2.043 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l_OnxOQz5nrT for <core@ietfa.amsl.com>; Tue, 15 Jan 2019 07:48:38 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50050.outbound.protection.outlook.com [40.107.5.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B07C1228B7 for <core@ietf.org>; Tue, 15 Jan 2019 07:48:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-ri-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ImawG7y5zET/9R0h56MwG8gjjHax07x68FyX9Sa02Vs=; b=Wa+lItucL/MjobbJyyEtu5fCg5XzVJUCLmocyY1gdO3t2vZCzb28sNi+OOkItTTulEjc4yJvaoml4yU8Hngb58VoO2UJ7ZnTBwHenxLwD4DvQ5grCQBn2BB3Bn+ABrKKHVaDT5bJW0CgxGjeLr7N10QXmBPSVZ0xCoJMnZvZT+s=
Received: from DB6P18901CA0010.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:16::20) by HE1P189MB0329.EURP189.PROD.OUTLOOK.COM (2603:10a6:7:58::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.20; Tue, 15 Jan 2019 15:48:34 +0000
Received: from HE1EUR02FT063.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::202) by DB6P18901CA0010.outlook.office365.com (2603:10a6:4:16::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1516.14 via Frontend Transport; Tue, 15 Jan 2019 15:48:33 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT063.mail.protection.outlook.com (10.152.11.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.1471.13 via Frontend Transport; Tue, 15 Jan 2019 15:48:33 +0000
Received: from [10.114.72.194] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Tue, 15 Jan 2019 16:48:32 +0100
To: Jim Schaad <ietf@augustcellars.com>, core@ietf.org
References: <001201d4a82d$65ec80e0$31c582a0$@augustcellars.com>
From: Marco Tiloca <marco.tiloca@ri.se>
Openpgp: preference=signencrypt
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <922bd2ea-f308-c26b-cb39-ea522bbfc34d@ri.se>
Date: Tue, 15 Jan 2019 16:48:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <001201d4a82d$65ec80e0$31c582a0$@augustcellars.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="mwbfnahTyu2jHYJBDh9TIWoNyztRvUubL"
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(376002)(39860400002)(136003)(396003)(346002)(2980300002)(51914003)(51444003)(199004)(189003)(13464003)(33964004)(568964002)(69596002)(229853002)(31686004)(26005)(77096007)(6666004)(356004)(106466001)(76176011)(3846002)(6116002)(22746008)(71190400001)(53936002)(235185005)(16526019)(486006)(84326002)(8676002)(6246003)(8936002)(186003)(81156014)(53546011)(81166006)(66574012)(386003)(478600001)(44832011)(33896004)(74482002)(2616005)(36756003)(104016004)(22756006)(16586007)(21480400003)(2906002)(476003)(7736002)(106002)(31696002)(65806001)(86362001)(58126008)(14444005)(5024004)(305945005)(126002)(6306002)(40036005)(316002)(11346002)(446003)(97736004)(68736007)(65826007)(966005)(336012)(64126003)(16576012)(110136005)(65956001)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1P189MB0329; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; HE1EUR02FT063; 1:91RN0NmG56VvP7rpbtPcF+bMRIAfTZKpoVDa12wCYABMHW4khPiz3qpfldmIMpFMSeryebbiHVxGjGA9wOkcL+1JcPXMqZKTnrGOls4qXub5vOt7Z3t7Np0ni9OhzEvj
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 56cfdf83-bf37-4640-92c9-08d67b00e792
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:HE1P189MB0329;
X-Microsoft-Exchange-Diagnostics: 1; HE1P189MB0329; 3:ro5j8QFrfRaebJTTwJBa/bdT1mbBr8/Ha281tT89TXDs+U4qY5HodZrwNeQseqU6sawAe2jHxj0k3jBIxS2vu1PMV5flqxAXS8s0iw0oC65cZFQ4QpYAWriIYI8Wah7EM4/vj/S4QLuarlWCDesry6w2634H0jwhjAxBRU1vl0CEwGeoFscNDRmk893VWKM6d4Z8VZN+1OBeRwGV+lZJtYfW7E3oWfzm+mDrJHa0zYNdV+i5mfMnogYqY5MvbwIRvQ+DDOtCAXOKL7bN1qTYWqZpA8LAQSuOQMicje2hkmeeAs0rWaYVy1P9xgYcYg5PN31ttjt/tzyw3++VdCiFx+Nsezp6AUSFC2F+/1vPU7bRTCraezCAtmPc7CGLs/o5; 25:vWhc7T78kIABL8H0DtJ2JLfv7SLZZ728ol61T6p6irj7SZpuZVUaR82Q9pw8lY7otGdaR/odJm04EgVHpUThMrqp+rizLM49/Xg8HzGfS8DrQPZkZVY37r+KILmgPeoWgeRI4tVDMiazfH/beZv5+6FVnKtDsW6sF/rF1QQZauKHE8LdHywFeXnxIIbVbzzaCpsW62bu7zVmSDruYBMbkn7snoO00emhyxgYKPUhAj2+0QrWmV3347iP66bu1PCTOKsfWX3Szw9242zHzna9JFsMKYBa+z/xnmc46zEPy/BMRKB7djncG+teTCyLU9SXNOXPVkBJfnEYPSZVC5R1+Q==
X-MS-TrafficTypeDiagnostic: HE1P189MB0329:
X-Microsoft-Exchange-Diagnostics: 1; HE1P189MB0329; 31:zq2MidvfEpLJPhiPWltXNcBYiTChK47MrzUal2UeAfQ3ErlPpwgyzlVG2GcgQ9kJjvayMwtr/QfZj6hYg5AKY1T++sF7CtvZaoQ/crHL8Uc5wBZiippzvnMZ/il+33fZsp4Rn543fdF1fxzFoYyAP3uQ6mVXspIDqdyz842GGN7R0d/oIZUmfVXk0LhPAndEy2q4Q+wBzIWLj3edRgiBBlOXDmEj6j9dLeutNC04oqY=; 20:15S7aZ11D7CXVKMu/+ncB5OC00FmixvIK/MLXMkSEjuJisHCP1FpA7C+HQCE64NDVtKY7UFuXb7ym9/9m8NSm4uqHupvpviT4Iu/7UysSiIHM6G92Cl6DVHKOEkBh7O/5cMc+a9tb2AfWw87SrF42jY7SOs/oQ7yBz4YtlW89HlUTrSzaFaXU/SY0ION0thBCpQcKTQ113iXrxrgzxVaFT563MMXnBSz2rPFz93+1UXAG4wS8IjasXUvb5ZsPRy9; 4:qizNLQ2b8WNg0j83QVpTeelHZGhxL+Geln0smQVK75LzjZ1gYLUIr0Dj3Jb7Ohi/27XDBVrbJ0zGw1jCyDzb8NE75XKTaw8ne/lctL2Dw4y0d1B6XU48WVTj2w76sYMTbS5koPYAQO1tJ5D7Ei/Rqx134hAAFIeQnslC3/B+29RvMOIzkKZ+butInjJCFm5lx/2YJhT2/YGWbB55pjtp+B6F4Bq9MxYddhjCxlpAJMgENaZf2R2Gi0uAbmBPRmG8P/9vPf6QIqEqn1wSku2/+eOEVpOHwBtCgWWHiyWdoP/FxaMjetIeuAqQgC3lr4Bw
X-Microsoft-Antispam-PRVS: <HE1P189MB03297CFA2657080E177DD7B899810@HE1P189MB0329.EURP189.PROD.OUTLOOK.COM>
X-Forefront-PRVS: 0918748D70
X-Microsoft-Exchange-Diagnostics: 1; HE1P189MB0329; 23:4iDziKQ/RquZYnnq+pxbxYSBJC/R6nLSl5eV8QohaNUBDDUluxOGzM7NeQDucnAqMFGb2LoeiLNDbv3VouiDo/dpl0lrBxxQcDtzGQRhM+hQ4TwsEROSMi4b2hsrvLRt/o8sa7S2Oqd/jv7TnLN+zvxgadAziWl6yD3fdo35OwJ/kvGva17ylt+XlGSUkRT8W6IOEzO9EeQsKYwSN351QoX7owDXUFidkvc91nqhVR7aiWrqJoAVLJ3Ef4MX1C1hokmM/AXgyprzYwMXvGaqV4umMFs8qQndIK7kq7n7Npys+DtxwFzNbGgywqgVTUKNc8i5pOQ7rm8yH9KjK5pnqalX9YuSZ5H7v7EYs1YDcL+5EEUmr1vf8yZ41M9bO5S1ETefoiwHiqKci9lsRy9DHWFYESEty85FMPO2PFokRtyc2JvvcbRKAiClwgN8yFkyMOnJdfjEk2IzBRA6Pv8I7zTLQFO5F2VIHvXjrnirU76GjmHbDZas613tAROn0cff7hZHk3yYc8kDM5QHKdvnjVPwgNdbNaaA2pgQmWUhmkencASobOTqs46+Bh9a+Vu73gjTMonER3kVugu447wpM0xZYBU/ChnBIwZ/9Dn+YczGPuM0oEyKkmUksod9uP0vnaXVa3Ubhm2RYrgr8szEzRjQJRwqTddGFjJtcoZWi7sI6kgObiqy5MJbch7fRkXOCKq6RiuipvIX/NmGJWDvft/7dwgtdPzSZlAzuiyU/F318sPD7q/rmsy/OX5oLSAdVE367pqjYGWpC1sJZvE1tq1j0yTwjgtgCSvsEIfGpiOBpVPGi2sbIf9/rQGzgO9PGG8MFJIeGdvcXNhs8fX1S5/qE6bcirOQIe/j1Lm7iINUj7XtNWsbnl+I5Jbr+gi0SLnHYzGKJQ4prSak29AuoOs+yFiCmybdrQxk7L2w5e3oexh2Ky48l88WuuLGFpSAs3ZzTvziE6pW6dYRiK5tbNlG84jUQp9pXs1s96Bg3XsFrJ5X5hosKoVq26r1VdNxcXO1QVQhVmnGCyDAlBD0dn7YxtMenRabz1BkUFbe9YDcsj+rljVv0VPctoK0BpkOTvMz5xMUuTphqA+z3K6cUh2KqSBh3RE2LTT0pE/SEIFKn1ooHht2TN7bUJxxZRd7AFxOB97QWvQ0dLkwV98NTmEg7HEKTLlCUXZnN3ILrpojKJYqEwQkbbXV5uyeR9ZqTSySwo0qpEEa9xj5lAPC79192qqU7AhuUTN998bp+bcnmZpvNIiuil6WZVZIJ1rFrWT8QWsWFs9OBSmty3lBe92Qckb4jWnC9A12Rb2zrrnCwpvjbOg+aHRe/f6SyQKoXsMrjXBTkhFPxQeOKlJKHcHF2K+7iRTAkI4I1sXoGB8xnUmyK/i5dDls1H1kOgI+eKy93Pn2AW9aG7rN6V9oG8qKf+fxBDQnrcrgQaCFk1tiLoE6iow5m3pkf+huhNbbqJMGVYalQa8d4zWUk6731B1rLqHCUW4VxbEQxoUdwXzmO5532eOhHcc6EJNQMGCmhpeU2GxnNjJewyQU7R34l2f9LdKlhvPcjTQZoV/hC1xY0zeavV0nNA+CIkQ/9MlWpRb9AFSQWzxIyQK4eHeFg2eJlnliSP8juLeqLIedeZRDq8f22Fj5WxWoPAM8iDcG5SRwMkVQ1AqImNiwu3dZVw==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: UY+5FozQxrQ2wz+nkmlEiFIFasCbEiNhZDiN0oX8iQlODQ1BspxAzRbJyn9SVOeUBztkDUNwtyCjNa9R5hneneNefVSlN0GPKxYhvX3llOhY3wNkfoc/dZ3mVBhxyuHZEFSInnlaOhdzV71Vx3rEvnyyMdL5StTMp7XiSO7/J/2yvJj5HXiZnqfLoSH1KE3mDO2X1O2UsuZroDTH/u6K8GeHqKMMiUk8rVpuPRvlj/eHAT+ANNFZnOtxaJGndBnq36WVNhZFKvtUs/KJAx7Bzvqxv6qvwiy3LUEOOF6ur2tZCL4onG/5yYDY7yTISjX3rLAMmj3vdK0kdtrOpglyx2BOMOrIFJsAlkAzwD1MS9B4/LqcgXyWEA/81w5WailvldRlZD1AIsXFD/1znCw3MqQS177fnC8hoZLpjXtQ9o0=
X-Microsoft-Exchange-Diagnostics: 1; HE1P189MB0329; 6:w7IvsGVasQW2UumnIBcOPhY8ainn1hF5qL4DpyBbiHWCkkTBH77opTgvq2cVlU0QKm94qPARrxTpS1+K4QOkl5aDK+jEZf5976f3P6kkqVLjML2494ZtZxaD9mG5lfh1ia2qv4yCqyqJ7EgIakKV4e5dDfmyThrD6ROAfeRoAlhHGOMDo15D357D4TCV83uz88tx9ZalajWZ4ttLXP9m8zAtO+t4deP26Q2f+GwnaDw0rk/9BKw+74/p++GFJAN82G4F0ejcPOSip5CUzOk7nrx2q9ww8jElsFm9LFQWCkg+h4gwaTrfeXMdW1abBNE58TvEdhSNO1W+wXe6PgeF/BPJORThcWXN76EHPFrr7VrpLTz1GfWqlSvIoaQooXTef223VoLXjSCKMwd6H/OMa4rPugLKFuet+zzZWI/y4AZE4nNJKJfh5QexDEGkQbiHX6FpC5KNcLM0T7wcI0Y9fw==; 5:oqSKWvT3CE5WPeS5+wk386a5a1LaPORv77ScAs100Ne8tasxd4odOonfGq6daYPtGgjooFyTnYsgE/lwY2+ZOzbnkEED1WbqD6nqXGkqOEn2Lca0dwATkpB5gAj0yMGYdYwuUEiRYQM+P9+1zS6thI/vWzWg6rWO1BfYeIo0XeWmxrMq1IVI+GvVTaJubHHPUd1KW58lQKcBS4nb7QlMBg==; 7:zlXmzJgDI59MGuHXXAuFtR9xK2J9n/giOLrO1FmNYF24savmzo/f0EA9k5XUvZrKk1kMXsn/1QTkyO1Tas7v8KRxwk5Xw1mVg5rGorSKLCuam8BECdvv4c0QDaxBfnkO0M8FLUpCio5LMBrmMhky8Q==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jan 2019 15:48:33.3613 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 56cfdf83-bf37-4640-92c9-08d67b00e792
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P189MB0329
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/BVGdqKPAl6T4mc6hW_EyAfzYYbk>
Subject: Re: [core] FW: Review on draft-ietf-core-oscore-groupcomm-03
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 15:48:42 -0000
Hello Jim, Thanks for the good comments! Please, find our answers inline. Best, /Marco On 1/9/19 4:10 PM, Jim Schaad wrote: > Send to the right mailing list. > > -----Original Message----- > From: Jim Schaad <ietf@augustcellars.com> > Sent: Tuesday, January 8, 2019 11:00 PM > To: 'draft-ietf-core-oscore-groupcomm@ietf.org' > <draft-ietf-core-oscore-groupcomm@ietf.org> > Cc: 'cose' <cose@ietf.org> > Subject: Review on draft-ietf-core-oscore-groupcomm-03 > > So I did a quick run through on this document with the intention of starting > an implementation. During this process I came across the following issues: > > * There should be a note someplace in the document to the effect that if a > new group id is generated, then there must be no reliance on the kid for an > entity being the same. This can only be done by looking at the signing > public key. Also if an entity gets to the point of nearing a roll-over, > then the Group Manager could just assign a new kid rather than re-keying the > entire group. <MT> Agree, the 'kid' of an endpoint might change, for instance due to the re-assigning procedure you mention. About that, We can extend Section 2.2 "Wrap-around of partial IVs" and describe a 'kid' renewal as an alternative to the full group rekeying. This would result in group members possibly retaining stale Recipient Contexts. Applications can define policies to delete (long) unused Recipient Contexts to save storage space. </MT> > * Section 4.1 - Given that the signature is no longer part of the option > value, something that is both good and bad, I am unsure that there is any > requirement for the 'CounterSignature0' bit to be part of the bit array. > According to the requirements, one can always assume that for a group > message the counter signature will always be appended to the encrypted text. <MT> It is true that the countersignature is always present for a group message. We have been having more discussion on the usefulness of the signature bit, and considering the possibility to remove its definition in the bit array. </MT> > * Section 3. I am not clear if the group ID should be part of the aad_array > or not. If it does not need to be present then I think that some text as to > why it does not need to be covered would be appreciated. I should note that > I don't think that it needs to be there but have not proven it to my > satisfaction yet. <MT> We are now re-evaluating if we should add the Context ID (which in Group OSCORE contains the Group ID) to the external_aad, together with other pieces of information that may require to be authenticated. The Context ID can be added to the external_aad already for unicast OSCORE, and that would be inherited for Group OSCORE, both for signing and encrypting. </MT> > * Section 5 - The text says that Observe is not defined for group setting. > I am not sure that this is a true statement. RFC 7641 does not say anything > one way or another about doing observer for multicast. The only issue that > I can see is the fact that the path may not always be setup correctly if > going through a proxy, but for local network without a proxy I don't see any > reason why it should not work. <MT> It's true that RFC 7641 does not say anything. However, Section 2.10 of RFC 7390 says: "CoAP Observe does not support a group communication mode. CoAP Observe only supports a unicast mode of operation." We can think more about the possibility of Observe over multicast, also in the light of RFC 7390, and what this would imply in particular for Group OSCORE, but right now we do not see why Observe should not work out of the box with Group OSCORE. </MT> > * Section 5.1 - I am unclear of why you are looking at talking about > re-transmission in this context. This needs to be clarified. <MT> This paragraph "Requests sent over Multicast ... possible retransmissions." seems actually positioned in the wrong place. It should rather be right before Section 5.1. Also, it should be extended with an explicit reference to Section 2.5 of RFC 7390. </MT> > * Section 6. - The fact that they are non-confirmable does not preclude > acknowledgement even in a group situation. It may not be advised in general > but it is allowed. <MT> Actually, Section 4.3 of RFC 7252 says: "A Non-Confirmable message MUST NOT be acknowledged by the recipient." </MT> > * Section 6. - Note that responses can be confirmable even if the request is > not. <MT> We can extend the paragraph right before Section 6.1 as follows. "Furthermore, according to Section 5.2.3 of [RFC7252], responses to Non-confirmable group requests SHOULD be also Non-confirmable. However, endpoints MUST be prepared to receive Confirmable responses in reply to a Non-confirmable group request. </MT> > * Section 6.1 - You are missing the signature step here. <MT> We can extend Section 6.1 with the following third bullet point. Note that the mentioned "step 5" refers to Section 8.1 of draft-ietf-core-object-security. * In step 5, the countersignature is computed and the format of the OSCORE message is modified as described in Section 4.2. In particular, the payload of the OSCORE message includes also the counter signature (if present according to the bit flag). </MT> > * Section 6.2 - I believe that there should be the ability to decouple the > processing of a response from the query back to the GM. Specifically, if > you get a new kid for the group id, one should be able to ignore the current > message and start an async request for the new keying information on that > new sender. Forbidding this should be an application decision not general > purpose. Perhaps this should also include a note about the fact that a > server might observer the GM in order to get these new kids in a timely > manner. <MT> We can clarify the following points: 1) An endpoint can asynchronously query the GM at any point in time, to acquire information for processing incoming messages. Such requested information includes especially public keys of group members. 2) An endpoint can asynchronously generate a Recipient Context whenever it wants and it has the necessary information to do so. That is, a Recipient Context may be generated well in advance receiving a message from the corresponding endpoint for the first time. 3) An endpoint can "subscribe" to the GM for updates on the group membership, i.e. for getting an updated list of Sender IDs in the group upon membership changes. This can be achieved in a number of ways, e.g. through Observe. </MT> > * > > > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core -- Marco Tiloca Ph.D., Senior Researcher RISE Research Institutes of Sweden Division ICT Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.ri.se
- [core] FW: Review on draft-ietf-core-oscore-group… Jim Schaad
- Re: [core] FW: Review on draft-ietf-core-oscore-g… Marco Tiloca