IETF Logo Mail Archive

Re: [core] Review of draft-hartke-core-stateless-01

John Mattsson <john.mattsson@ericsson.com> Tue, 16 October 2018 08:45 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECA46130D7A for <core@ietfa.amsl.com>; Tue, 16 Oct 2018 01:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.365
X-Spam-Level:
X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=RbIwVjc/; dkim=pass (1024-bit key) header.d=ericsson.com header.b=dhz3qRo4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id renPIGeonepN for <core@ietfa.amsl.com>; Tue, 16 Oct 2018 01:45:41 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63B3E12D4EE for <core@ietf.org>; Tue, 16 Oct 2018 01:45:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1539679539; x=1542271539; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=dhDoFDYU212rB75zZgPQFfU8oPyKbj1tjBQCi9PbCWc=; b=RbIwVjc/YGSopzzJhqccNBksb0HkQRoqwtzC7N1lwThkWLgfnc4fI8VRdDXiTimN pZzNwFR4ICm79C/MbcOOvgfihDh1cTVPYHajskULRz03Eg6yOhi2J9+5tDyYbbl9 ugvokpz4MizDazY+2F+IW4jftmJzMXPcD80UHQzM2NQ=;
X-AuditID: c1b4fb2d-fb3d09e000003a27-72-5bc5a5331df2
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id E5.E6.14887.335A5CB5; Tue, 16 Oct 2018 10:45:39 +0200 (CEST)
Received: from ESESSMB504.ericsson.se (153.88.183.165) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 16 Oct 2018 10:45:38 +0200
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB504.ericsson.se (153.88.183.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Tue, 16 Oct 2018 10:45:38 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dhDoFDYU212rB75zZgPQFfU8oPyKbj1tjBQCi9PbCWc=; b=dhz3qRo4/gSdPFvlqcY99l2eeDRgggcq/skm3reGJJ7o8vCmfCJnn2cn1OhgU/GZKxXX/XiDS9vQpNVnBDK9BLyXS9GTnRzcrVK5e+DJv6z3zsUszvu8EtRs/egoXCo6Dd7oQW0g0aD/gOwIpd/oVHxuyRie4sz/iHF85h1TCCg=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB1307.eurprd07.prod.outlook.com (10.164.51.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1250.18; Tue, 16 Oct 2018 08:45:37 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::fcb5:ca45:9e56:1910]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::fcb5:ca45:9e56:1910%2]) with mapi id 15.20.1250.019; Tue, 16 Oct 2018 08:45:37 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Klaus Hartke <hartke@projectcool.de>
CC: "core@ietf.org WG" <core@ietf.org>
Thread-Topic: [core] Review of draft-hartke-core-stateless-01
Thread-Index: AQHUYNfZsjBmLksMAEaMYb2ZC1oTX6UZ+gkAgAe/A4A=
Date: Tue, 16 Oct 2018 08:45:36 +0000
Message-ID: <87F5FF6A-669E-440A-B794-B0A9CA218169@ericsson.com>
References: <8A91272A-2A90-443D-A9FD-973E5F77C273@ericsson.com> <CAAzbHvaqZuHE8AMzMFkXSbV0xbXPX3LoQNwKLU_xtNYVyCH71g@mail.gmail.com>
In-Reply-To: <CAAzbHvaqZuHE8AMzMFkXSbV0xbXPX3LoQNwKLU_xtNYVyCH71g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.11.0.180909
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.81]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1PR07MB1307; 6:M4NL9e/3+21U2VOWv+bu7pmnFMMwmEQghXMsTtKZiBH94u0A5e8VGnif3X520klSbCOhs3rgdnQEEFzKaGJZRWFje/tckD2+Ukv5ADSPhvlTJjpcnjpHL3iZUIIgXOx80K1KRq8Usq9pCLU9K2wL3/p56OyFnVvGzjh2ZGtWz1kmy4RbZDLXLMkfABqHAYU2F7Jj17pQ42v85Zdr7U7+strTl4V4H3XSzCUatKoK+88emtM8tBS2FOXbTNalTt/oLP1eMftIG0KqxWYtpxKyvcKXLB77LG7Goyt68RuzwJwgIZaqh1VGtyyG0/t9SHRrrvEVJI+DgGdbW3zLDGPQ+L0DI9rQxgR3BGY0ifXJTFBXIPPMu1uf/H6p3XPueZSXrdaHpECRy8ZeasiTmI0UjSihoBNCklTH+8m4h3cxenFk/GGSIfYBz++TEo4faN2kcQG/JyDH46aZAYOWSqPmHQ==; 5:2mHPWXTKTG1epUvbnS3vewvJlZsZp/HpSEiS9n+2kq9yChKGQ3qztgREwyumkqdxCW1Jvd1lfyJXgAv+dKi/8qdnJ5a0XoOeZ1hny1QHn4MyPvqFXg3xj7VAjVSVS/xlN1Wqq9CdnEAbZhTHgnWrK2uCUe3zj0JPd5PYYGTzFfs=; 7:cKnLIGZR4gTrRiV+gIecsPoQpn6rrg423Os8pPGnZUZ6VQxVIM3P5Jj2esJ7uxtnTM6as95AxXwlFrQjp8/2xRmH05KHGyi2EHzEspDqLijqw4pJoZkAc+J0pbj2stR2ltQqTIiYHl5B6dAse3A9QaOb1GC82j1b/TaATZXzVrlhqftLKmGFzoeyRtPP/ovsEvssSBktB3+cKLl/JvUHcXdexCy3ov+vrMqAOio/r8pYPLu6z3KVjpSyLONPVU7o
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 971c8256-e581-4e01-fb65-08d63343be6b
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB1307;
x-ms-traffictypediagnostic: HE1PR07MB1307:
x-microsoft-antispam-prvs: <HE1PR07MB13079C47AD3B1098E2980A3889FE0@HE1PR07MB1307.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(158342451672863)(72170088055959)(278428928389397)(248295561703944)(37575265505322);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149066)(150057)(6041310)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051); SRVR:HE1PR07MB1307; BCL:0; PCL:0; RULEID:; SRVR:HE1PR07MB1307;
x-forefront-prvs: 0827D7ACB9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(376002)(366004)(396003)(346002)(13464003)(199004)(189003)(316002)(6306002)(33656002)(8676002)(25786009)(53936002)(476003)(486006)(11346002)(6512007)(68736007)(76176011)(99286004)(2616005)(36756003)(305945005)(3846002)(6116002)(81156014)(6246003)(86362001)(81166006)(106356001)(4326008)(2906002)(66066001)(7736002)(105586002)(5250100002)(2900100001)(5660300001)(8936002)(83716004)(71200400001)(71190400001)(14454004)(44832011)(478600001)(966005)(97736004)(82746002)(6436002)(6486002)(229853002)(446003)(102836004)(6916009)(58126008)(256004)(6506007)(53546011)(14444005)(186003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB1307; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: BP4Z7POFDcwfXrGFsBsAmNPkQpdOWMUob/CsQkHRGlr4ITCJHorw7/mUX+3B6n1DNh8PbtmnTRrgRRj5KsHyAYH1SGXEh02rRXJF+6XllpmlkF7aUObR6MHGan5CXdGpiQjlwQbYLHhWuV1BuFzip9koUgOOjNmnUfhGiagMWAZ1DxOarvE/csOe/xLANrhwwQztd8xXbT+ATMGIt1g70c9WcoqbHyi1zM8+qUEs1mGlZh64icmW8pl1X2BnYook6fuIBL6tSHAL9Atam4muLbKKmhIsQ08be6iBGIDjti9LNliwg3lUIUVmI3EsXC6OyALmbGDE5KiW7ywZuxd6QNoeLoZEp4TtRBVYfgUCkFE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <CE40005A1B402041BE6AD93442746C13@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 971c8256-e581-4e01-fb65-08d63343be6b
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2018 08:45:36.8514 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB1307
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SfUhTYRTGfe+9m9fV6HVqHgypVlaOnKYjRMwS/EMooQhDHJVTLyp+tqvm Isik+Zk6/MAvbKVbpamrULQhiyYmq1CSQMykclKZKQNDsw9t3rug/57nnN9zzsvhpUlJncCP zsjJZ9Q5qiypUES1JAxeDgozjipDmssCwi1LJjL829MZ4gQRazCsE7FfHGXoNJEoikxlsjIK GXVwVJIo/d6SDeW9SS5yvO5ExUiXVIloGrAC2kbTK5GIluBRBEOf10jerCJY/9lJ8cZAwKdx h3DLUFhHgrZmWcB36gno7SkT8mYOQa223JnxoIU4BNqHi4Vb2hsfgpGmaa5O4gMwZxzntBeO hLKvJoJnjsGmbcrFR4B9bJOrUzgAJg31HC/Gx6Fj2ubaXIrg5rs+LuCBz0DDxG8OQngnrL3o IfhlvvB2Xs9pwBgMwxMkr31gwb4h2NI+OBj0H8oFfPY8aLVNAp7ZA8+buyhe+8OkvgptLQZs cYcu64praBA4GhtdQ+Ng6bpOwENjCGZv9SP+xjJ4YhLxTCZsWL6TPFODoPv+I0qHwlr/e2yr M0LiQDCZg/lyLAy22Ale74WGqo/urdwxPMHWMk/dRoJu5MMyLJudFhomZ9QZKSybmyPPYfIf I+dPedb/K2gIPViMtiJMI+l2cdGdUaVEoCpkNdlWBDQp9Rb7a5wlcapKc4VR515UF2QxrBXt oimpr1jePZwowWmqfCaTYfIY9b8uQXv4FaO+eK9L0VHt+8TVPxQxBwvM5zZl25YXM5OziaMx 5jqJMl4/lSh/35GcUJ3rb1fcCDu7cPdlqGllJMmmYy/Uee0uMV7tfThQQOS1Uco/ilWZsWQs Ka1CMzCzP+6a1e2k3KI55VbaGbGhdwv0PVzxqs5zB6qtacsbSJEZQqNmzSlSik1XHZGRalb1 Fx5rXywlAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/HhlkTdYKzu_SQvfUGolrtnhT1ns>
Subject: Re: [core] Review of draft-hartke-core-stateless-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 08:45:47 -0000

Hi Klaus,

To new comments:

- Note that to fulfill the updated requirements on Token processing in Section 5 of draft-ietf-core-echo-request-tag-02, clients cannot be stateless, or the extended token must have a large enough random part. I think Section 5 of draft-ietf-core-echo-request-tag and draft-hartke-core-stateless would benefit from being discussed together. If draft-hartke-core-stateless is working group adopted, it might make sense to move the updated token processing from draft-ietf-core-echo-request-tag to draft-hartke-core-stateless.

- The use case of stateless proxies is requested by 6tisch and is reasonable simple to analyze from a security and privacy perspective. The use case of stateless non-proxy client is from a security and privacy perspective a completely different and much more complicated beast (the token contains the whole privacy sensitive request (+ maybe internal state) and replay must be mitigated). As 6tisch needs this draft ASAP, I think it might be best to remove the use case of "stateless" non-proxy clients and focus on the extended token mechanism and the use case of "stateless" proxies.

More comments inline 

>> - Section 3 talks about integrity protection and freshness. I think the draft also need to talk about replay. Without replay protection, an attacker can easily fool a client (or a proxy in a client role) that it sent more requests than it actually did. Receiving a response can change state or cause other side effects, and receiving several responses to a single request is therefore bad. I do not think this is a problem in the 6tisch use case with proxies, but it becomes a problem when the mechanism is used by non-proxy clients. And if the intermediaries works like firewalls shielding clients from outside traffic, it is a security consideration also for the proxy use case.

>I thought the term "freshness" would imply that. Could you provide some text to clarify the paragraph?

I think what you want so to say for "stateless" non-proxy clients is that the mechanism used to produce the tokens MUST protect against replay. Note that this means that 100 % "stateless" is not possible. For proxy clients, I do not know if you always need replay protection. I do not know if freshness (in the sense that the time period between sending the request and receiving the response is small) is needed. I can help by providing text, but less discuss what it needed first.

>> - The mechanism can be used to fill the available memory of a proxy, causing DoS, this should be mentioned in the security considerations. I think the draft should also say which Token lengths an implementation supporting this draft needs to support: 65804 bytes or something smaller? Up to the implementation?

>The idea in the interim call yesterday was along the lines of: A node in client role needs to support token lengths up to the maximum length of the tokens it sends; the supported token length for a node in server role is up to the implementation. If the serialized state fits in this implementation limit, it works; otherwise, there's probably not much the node in client role can do anyway to make the state smaller, so it fails.

This is exactly what I was looking for. I think this should be added to the draft. But I still think that the security considerations should discuss that the mechanism can be used to fill the available memory of a proxy, causing DoS.

> Should there be a mandatory-to-implement minimum length, e.g., 24 bytes?

I am fine with " up to the implementation" if that is what you agreed.

>I think there needs to be a requirement that the node in server cannot
change its maximum supported length at will (e.g., when it runs out of
memory), because that would make discovery of support unreliable.

Is the alternative, i.e. just rejecting requests any better?

>>- The TODO security considerations should talk about privacy and pervasive monitoring. When used by a proxy, the draft need to discuss that the mechanism may make information (like client IP) available on paths where the information was not available before. If used by a non-proxy client without encryption if can reveal a lot of privacy sensitive information that would otherwise be encrypted.

>Contributions are welcome!

I can help by providing text, but less discuss what it needed first.

>> - I think the encryption requirement (MAY) is too weak. Is there a reason not to encrypt at the same time as integrity protection is done? The encryption requirements should maybe be different for proxy clients and non-proxy clients.

>WOULD PROBABLY [1]? :)

:) For non-proxy clients, this stateless use case basically means that the client puts the whole request (+ maybe some internal state) in the token. If the client uses (D)TLS or OSCORE to protect requests. I think the requirement needs to be SHALL/MUST encrypt.

> More seriously: Since this is not an interoperability issue, I'm not sure how much we can require here in general. More input on this would be great.

As this is a security/privacy/pervasive monitoring there is no problem to have SHALL/MUST even if it is not an interoperability issue. In fact, RFC 7258 says that workings groups need to mitigate pervasive monitoring when possible.

>>- I think the draft should give developers some recommendation regarding cryptographic algorithms.

>This is not an interoperability issue. But giving some implementation guidance might be helpful indeed. What algorithm should be recommended?

For a non-proxy client, I think AES_CCM with a 64 bit tag could be recommended. For a proxy client that does not need encryption, HMAC-SHA-256 could be recommended.




-----Original Message-----
From: Klaus Hartke <hartke@projectcool.de>
Date: Thursday, 11 October 2018 at 14:29
To: John Mattsson <john.mattsson@ericsson.com>
Cc: "core@ietf.org WG" <core@ietf.org>
Subject: Re: [core] Review of draft-hartke-core-stateless-01

Hi John,

thanks a lot for the review!

John Mattsson wrote:
> - Should maybe mention that part of the state can be serialized, i.e. something between figure 1 and figure 2

Added between figure 1 and figure 2.

> - The mechanism (extended token) and the use case (stateless client) are very entangled. I think it would be good to separate them a little bit more. Some implementations may fit their state in 8 bytes. And maybe some future applications have other use cases for extended token.

Added at the end of section 1:

   While the mechanism (extended token lengths) and the use case
   (stateless clients) presented in this document are closely related,
   both can be used independently of the other: Some implementations may
   fit their state in 8 bytes; some implementations may have other use
   cases for extended token lengths.

> - Section 3 talks about integrity protection and freshness.

I thought the term "freshness" would imply that. Could you provide
some text to clarify the paragraph?

> - The mechanism can be used to fill the available memory of a proxy, causing DoS, this should be mentioned in the security considerations. I think the draft should also say which Token lengths an implementation supporting this draft needs to support: 65804 bytes or something smaller? Up to the implementation?

The idea in the interim call yesterday was along the lines of: A node
in client role needs to support token lengths up to the maximum length
of the tokens it sends; the supported token length for a node in
server role is up to the implementation. If the serialized state fits
in this implementation limit, it works; otherwise, there's probably
not much the node in client role can do anyway to make the state
smaller, so it fails.

Should there be a mandatory-to-implement minimum length, e.g., 24 bytes?

I think there needs to be a requirement that the node in server cannot
change its maximum supported length at will (e.g., when it runs out of
memory), because that would make discovery of support unreliable.

> - The TODO security considerations should talk about privacy and pervasive monitoring. When used by a proxy, the draft need to discuss that the mechanism may make information (like client IP) available on paths where the information was not available before. If used by a non-proxy client without encryption if can reveal a lot of privacy sensitive information that would otherwise be encrypted.

Contributions are welcome!

> - I think the encryption requirement (MAY) is too weak. Is there a reason not to encrypt at the same time as integrity protection is done? The encryption requirements should maybe be different for proxy clients and non-proxy clients.

WOULD PROBABLY [1]? :)

More seriously: Since this is not an interoperability issue, I'm not
sure how much we can require here in general. More input on this would
be great.

> - I think the draft should give developers some recommendation regarding cryptographic algorithms.

This is not an interoperability issue. But giving some implementation
guidance might be helpful indeed. What algorithm should be
recommended?

Klaus

[1] https://tools.ietf.org/html/rfc6919

v2.23.0 | Report a Bug | By Email