Re: [core] Comments on draft-ietf-core-echo-request-tag-02
Christian M. Amsüss <christian@amsuess.com> Wed, 17 October 2018 14:18 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45EC2130DD6; Wed, 17 Oct 2018 07:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Level:
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5195qfWGU_g; Wed, 17 Oct 2018 07:18:18 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F7BB130DD5; Wed, 17 Oct 2018 07:18:18 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id E5BB841B7B; Wed, 17 Oct 2018 16:18:15 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id BF5B82A; Wed, 17 Oct 2018 16:18:14 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 6BF9C43; Wed, 17 Oct 2018 16:18:14 +0200 (CEST)
Received: (nullmailer pid 12534 invoked by uid 1000); Wed, 17 Oct 2018 14:18:14 -0000
Date: Wed, 17 Oct 2018 16:18:14 +0200
From: "Christian M. Amsüss" <christian@amsuess.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: draft-ietf-core-echo-request-tag@ietf.org, core@ietf.org
Message-ID: <20181017141813.GA4084@hephaistos.amsuess.com>
References: <00fa01d461b0$2a314f40$7e93edc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt"
Content-Disposition: inline
In-Reply-To: <00fa01d461b0$2a314f40$7e93edc0$@augustcellars.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/KHh8vwSER2tAsYYqW67RyJxpduE>
Subject: Re: [core] Comments on draft-ietf-core-echo-request-tag-02
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2018 14:18:20 -0000
Hello Jim, thanks for your review; we're working it into an updated document for WGLC. Responding to the comments related to Request-Tag: On Thu, Oct 11, 2018 at 03:17:12PM -0700, Jim Schaad wrote: > * Section 3.1 - The note to the RFC editor has me confused. Firstly, I am > not sure why it should be moved rather than just staying here. Updated. I hope that the process of submission will be clear enough beforehand that we can remove the paragraph or move the text ourselves -- if (as I expect) OSCORE enters AUTH48 before we submit ERT to the RFC editor, that text will be gone by then. > * Section 3.1 - I think that the value of Request-Tag is potentially going > to be different depending on if it is in the inside rather than the outside. > You may be doing two different block transfers and each needs its own value. Updated to explicitly state that those values are independent because they relate to an inner or outer blockwise transfer. > * Section 3.2 - the first paragraph does not scan. I am not sure what it > says as it seems to be contradictory. That paragraph assumed a very particular implementation method for servers (that unknown options are processed in bulk before known options); does this re-wording read better to you?: The Request-Tag option does not require any particular processing on the server side outside of the processing already necessary for any unknown elective proxy-safe cache-key option: The option varies the properties that distinguish blockwise operations (which includes all options except elective NoCacheKey and except Block1/2), and thus the server can not treat messages with a different list of Request-Tag options as belonging to the same operation. > * Section 3.2 - para 2 - The example sentence looks odd. Do you mean it can > have a cached response not a free response? That was worded confusingly and is now changed. > * Section 3.2 - para "especially" - I find the first sentence very hard to > understand. That paragraph has become obsolete with the presence of core-stateless anyway and was replaced with a reference there later in the proxy application. > * Section 3.3 - last para - how do you recycle something that is absent? I > think the last clause needs examining. Added a sentence on absent Request-Tag options being a value of its own, explaining why that can be recycled just as well. > * Section 3.4.1 - Item 2 - how is a client supposed to be able to know this > if the proxy in the middle just passes it through w/o changing it? Two > different clients could end up with the same Request-Tag. One would hope > that they would have different tokens because of the proxy however. The whole 3.4.1 is, as per item 1, only applicable to blockwise operations split into end-to-end protected individual exchanges. (Ie. DTLS w/o proxies, or inner blockwise in OSCORE). If that does not answer the question, I don't fully understand it, please help me find where we diverge. > * Section 3.4.1 - This seems backwards. I thought that OSCORE was tightly > bound to the end point, but this paragraph says it is not. That was my idea of OSCORE inner-blockwise being allowed to jump transports (which it could easily do but is not specified that way); I've replaced the paragraph with a weaker and more hypothetical one. (By "bound to the end point" I meant that whereas a running DTLS session will only stay alive while IP/port/interface quintuple stays the same, an OSCORE context can be used even after those endpoint identifiers have changed.) > * Section 3.4.3 - You have a "Section TBA" here > > * Section 3.4.3 - Please keep the section for justification of Request-Tag > being repeatable. Given that we now do groundwork for Stateless which is more directly applicable, that document is now referenced instead, and left in. Thanks again Christian -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [core] Comments on draft-ietf-core-echo-request-t… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Christian M. Amsüss
- Re: [core] Comments on draft-ietf-core-echo-reque… Göran Selander
- Re: [core] Comments on draft-ietf-core-echo-reque… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Göran Selander
- Re: [core] Comments on draft-ietf-core-echo-reque… Jim Schaad
- Re: [core] Comments on draft-ietf-core-echo-reque… Göran Selander
- Re: [core] Comments on draft-ietf-core-echo-reque… Carsten Bormann