Re: [core] Comments on draft-ietf-core-oscore-groupcomm-05
Marco Tiloca <marco.tiloca@ri.se> Wed, 10 July 2019 09:10 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D89641200EB; Wed, 10 Jul 2019 02:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YgIRt2aetTCK; Wed, 10 Jul 2019 02:10:30 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0601.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::601]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E8131200FA; Wed, 10 Jul 2019 02:10:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ocCyFBOmB600/oIqBoSDWlYZsg2FL4nDwOzYpNlP+JrUTq01lCfNwAj9byKm4Po3oasctpnnI+TicoLy3VPN81+SA32JxGpX6tksoY0Md7gC9oU5suB7UHORBtf1QoSRS77qt27kFYA7yz/tb9yAmWc/iHjsO6fgoKJR6vZK8YGm78SM1RxWjy/aEyhRYHdb5Z+djXgpMEDrqVDhmu4kspsNIoWxjXUbQnSe56kZWjQvNqsRCIOMTxTc45Qz/6tZWOc7lTQ6nnRAkZvjn4Gf0/2+Ic18eJLsheHhSGcC7et/irO2FY/DTKa9wrdiiPPeyWmzWt4jJoB8iBMBmlaV/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J0qCk0kBVolunRrcE0y0xwfLGsiCK+TC87RSkmZaEE8=; b=HQneSaymJmwEY4dnREUaeKDGUTEQ1gmNrCuCY8P6bAtt8SCpx1/uhXtQjNxNBW9eDl/H/07VuEgt8pQhEZdblrzfgSIb6i+WmKR5aElNS5tp/l5b2NNE6O9jiiba0Wyu9f9BSI3QGTzJI86ppX498vhTaRjQju7Jp4M50M+jFsRxWMLVyGKeLWppa3cTiOJbOtn0FT75jfgiXvGO+JVctO0Y5nXtoQpBHANQrzQQsK2vNi8TY2QP3L/zI7+WQtYQy0DEt1+09QqIBvkAUZ9snk2FM2s2aChXJ3jVZ7dnyWZ4Ab4/Onsd7/g5Tkyu3yRucTNRWk8lSV61tMNPQR9o4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se;dmarc=bestguesspass action=none header.from=ri.se;dkim=none (message not signed);arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector2-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J0qCk0kBVolunRrcE0y0xwfLGsiCK+TC87RSkmZaEE8=; b=Y9cZlJEF3TSZslkh5/6/F7JDBcHg8UkorYtKbtZUTKFaSokp3a6sjlQi9ovdmdYw0Hk9Xll6D4FSFEjeql/5z7hrfX2CtxAgzMDig7p01Z/SRAgeoKJtm+LsgoNo6sOdhlBtIrBZ6m3t7+ykaU4J++Am6ySN4rklKWJhVCspyhA=
Received: from DB6P189CA0001.EURP189.PROD.OUTLOOK.COM (2603:10a6:6:2e::14) by AM5P189MB0403.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:21::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Wed, 10 Jul 2019 09:10:27 +0000
Received: from VE1EUR02FT006.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e06::207) by DB6P189CA0001.outlook.office365.com (2603:10a6:6:2e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2073.10 via Frontend Transport; Wed, 10 Jul 2019 09:10:27 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by VE1EUR02FT006.mail.protection.outlook.com (10.152.12.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2052.19 via Frontend Transport; Wed, 10 Jul 2019 09:10:26 +0000
Received: from [10.8.2.7] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 10 Jul 2019 11:10:25 +0200
To: Jim Schaad <ietf@augustcellars.com>, draft-ietf-core-oscore-groupcomm@ietf.org
CC: core@ietf.org
References: <17bc01d53542$af0bfdd0$0d23f970$@augustcellars.com>
From: Marco Tiloca <marco.tiloca@ri.se>
Openpgp: preference=signencrypt
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <e8c23b34-0335-3e3b-1f7f-03ab27aeee26@ri.se>
Date: Wed, 10 Jul 2019 11:10:20 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <17bc01d53542$af0bfdd0$0d23f970$@augustcellars.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="MlgMpz5LWcXd9Hjj3Dizb3aWI2Vq6IaFD"
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-1.sp.se (10.100.0.161) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(346002)(136003)(2980300002)(189003)(199004)(336012)(386003)(44832011)(4326008)(66574012)(26005)(316002)(16576012)(16586007)(58126008)(64126003)(126002)(486006)(53546011)(2616005)(11346002)(476003)(68736007)(2906002)(235185007)(478600001)(356004)(6666004)(186003)(70586007)(81156014)(110136005)(81166006)(69596002)(966005)(8676002)(5660300002)(16526019)(70206006)(65956001)(65806001)(22746008)(71190400001)(21480400003)(65826007)(7736002)(8936002)(6306002)(568964002)(86362001)(106002)(305945005)(31696002)(40036005)(22756006)(6246003)(76176011)(31686004)(446003)(53936002)(5024004)(14444005)(36756003)(33964004)(229853002)(3846002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P189MB0403; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: dbc58e74-1778-4437-3216-08d7051672d2
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:AM5P189MB0403;
X-MS-TrafficTypeDiagnostic: AM5P189MB0403:
X-Microsoft-Antispam-PRVS: <AM5P189MB0403A290ACF7D4A49F5BCF7199F00@AM5P189MB0403.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 0094E3478A
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: zkrnMzxxZJtx74abFwMc4yYhUk0DC+I8bMTUILKZ9Ka9/Y950ktojmeWCBEZITGydv+c0vvaQxodaXWgO5+fnag4dUcx66BromuzTbxY3clS8ClDAasgHfZo7diafLD7Y/blfWaZXYsupmq2cbcp1Vk5bhRutD6kY0eT0VULv/RLnZA+ojy3noCT5RuDrfJln52YPMGcVO5htTEB5thfRvEAR7dZKj/dADhDRun694IgOCb+uY0Pq0vOduaKrzLTy3gHpu02peZpW0FCFgs6Z8pOiZivEXtq3DcFvOSICg3qMzc7GhF2CwaElmpa4GIVKuG3qwCkCHOuQibsmV2RoMUCpJWt3wd+c1m3IFBkDevoJgveF4hkGlgIqyOFkAtgBMtAjRIeMzl98kdMcdIFu2jQOsrTrhumzDNqX2bYcYA=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2019 09:10:26.8630 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: dbc58e74-1778-4437-3216-08d7051672d2
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P189MB0403
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/BiQDfMTDLGUT38OczU9Hd8pDGi4>
Subject: Re: [core] Comments on draft-ietf-core-oscore-groupcomm-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 09:10:36 -0000
Hello Jim, Thanks for your comments. Please, find some answers inline. Best, /Marco On 7/8/19 6:07 AM, Jim Schaad wrote: > This is not a full review, I did a fast look at the differences in between > -04 and -05 and am commenting on these. > > 1. The addition of two optional parameters in the aad_array in section > 3.1. In terms of have a deterministic string result this is considered bad > practice as if only one of them is supplied, it could be confused with the > other one. <MT> Ok, we will change the encoding of 'par_countersign' and 'par_countersign_key'. We can use the same encoding of 'sign_parameters' and 'sign_key_parameters' in the 'sign_info_res' array of https://tools.ietf.org/html/draft-ietf-ace-key-groupcomm-02#section-3.3 </MT> > 2. Who is supposed to validate the parameters dealing with signatures? Is > this the responsibility of the KDC or does each entity need to do this? Is > there an optimization that can be applied so that all of these parameters > don't need to be distributed with the rest of the public key fields at a > later date? <MT> Yes, it's up to the Group Manager (KDC), when handling the joining of a new group member and collecting its public key. For instance, the joining process described in ace-key-groupcomm-oscore takes care of this, see https://tools.ietf.org/html/draft-ietf-ace-key-groupcomm-oscore-02#section-4.3 We will also clarify it in this document, and add a bullet point in Section 7, i.e. the list of responsibilities of the Group Manager. As to the second part of the comment, do you mean a minimal shortened encoding of public keys? For instance, a COSE Key where some parameters are not included, and default values are assumed instead? If so, this should also mean having some more admitted ACE Public Key Encoding values than the normal "COSE_Key", see Figure 2 in https://tools.ietf.org/html/draft-ietf-ace-key-groupcomm-oscore-02#section-4.1 </MT> > > 3. I am not sure why RSA-OAEP in the tables, I have never heard of anybody > using these as signature algorithms. <MT> That was an oversight. We will remove the last three entries in the registry. </MT> > 4. Why did you insert the OSCORE_options field into the aad_array before > the options field? It would be cleaner to have it at the end to minimize > the differences between the structures. <MT> Right, we will move the OSCORE option to the end, after the class I options. </MT> > 5. Just what is the type in section 9.2 for EdDSA? <MT> Do you mean the key type 'kty' ? It is 1 (OKP), as specified in the "Description" column. What is missing? </MT> > > Jim > > > -- Marco Tiloca Ph.D., Senior Researcher RISE Research Institutes of Sweden Division ICT Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.ri.se
- [core] Comments on draft-ietf-core-oscore-groupco… Jim Schaad
- Re: [core] Comments on draft-ietf-core-oscore-gro… Marco Tiloca