Re: [core] Comments on draft-ietf-core-echo-request-tag-02

Christian M. Amsüss <christian@amsuess.com> Wed, 17 October 2018 14:18 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45EC2130DD6; Wed, 17 Oct 2018 07:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.921
X-Spam-Level:
X-Spam-Status: No, score=-0.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5195qfWGU_g; Wed, 17 Oct 2018 07:18:18 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F7BB130DD5; Wed, 17 Oct 2018 07:18:18 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id E5BB841B7B; Wed, 17 Oct 2018 16:18:15 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bf]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id BF5B82A; Wed, 17 Oct 2018 16:18:14 +0200 (CEST)
Received: from hephaistos.amsuess.com (hephaistos.amsuess.com [IPv6:2a02:b18:c13b:8010::71b]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 6BF9C43; Wed, 17 Oct 2018 16:18:14 +0200 (CEST)
Received: (nullmailer pid 12534 invoked by uid 1000); Wed, 17 Oct 2018 14:18:14 -0000
Date: Wed, 17 Oct 2018 16:18:14 +0200
From: Christian =?iso-8859-1?B?TS4gQW1z/HNz?= <christian@amsuess.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: draft-ietf-core-echo-request-tag@ietf.org, core@ietf.org
Message-ID: <20181017141813.GA4084@hephaistos.amsuess.com>
References: <00fa01d461b0$2a314f40$7e93edc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt"
Content-Disposition: inline
In-Reply-To: <00fa01d461b0$2a314f40$7e93edc0$@augustcellars.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/KHh8vwSER2tAsYYqW67RyJxpduE>
Subject: Re: [core] Comments on draft-ietf-core-echo-request-tag-02
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2018 14:18:20 -0000

Hello Jim,

thanks for your review; we're working it into an updated document for
WGLC.

Responding to the comments related to Request-Tag:

On Thu, Oct 11, 2018 at 03:17:12PM -0700, Jim Schaad wrote:
> * Section 3.1 - The note to the RFC editor has me confused.  Firstly, I am
> not sure why it should be moved rather than just staying here.  

Updated. I hope that the process of submission will be clear enough
beforehand that we can remove the paragraph or move the text ourselves
-- if (as I expect) OSCORE enters AUTH48 before we submit ERT to the RFC
editor, that text will be gone by then.

> * Section 3.1 - I think that the value of Request-Tag is potentially going
> to be different depending on if it is in the inside rather than the outside.
> You may be doing two different block transfers and each needs its own value.

Updated to explicitly state that those values are independent because
they relate to an inner or outer blockwise transfer.

> * Section 3.2 - the first paragraph does not scan.  I am not sure what it
> says as it seems to be contradictory.

That paragraph assumed a very particular implementation method for
servers (that unknown options are processed in bulk before known
options); does this re-wording read better to you?:

  The Request-Tag option does not require any particular processing on
  the server side outside of the processing already necessary for any
  unknown elective proxy-safe cache-key option: The option varies the
  properties that distinguish blockwise operations (which includes all
  options except elective NoCacheKey and except Block1/2), and thus the
  server can not treat messages with a different list of Request-Tag
  options as belonging to the same operation.

> * Section 3.2 - para 2 - The example sentence looks odd.  Do you mean it can
> have a cached response not a free response?

That was worded confusingly and is now changed.

> * Section 3.2 - para "especially" - I find the first sentence very hard to
> understand.

That paragraph has become obsolete with the presence of core-stateless
anyway and was replaced with a reference there later in the proxy
application.

> * Section 3.3 - last para - how do you recycle something that is absent?  I
> think the last clause needs examining.

Added a sentence on absent Request-Tag options being a value of its
own, explaining why that can be recycled just as well.

> * Section 3.4.1 - Item 2 - how is a client supposed to be able to know this
> if the proxy in the middle just passes it through w/o changing it?  Two
> different clients could end up with the same Request-Tag.  One would hope
> that they would have different tokens because of the proxy however.

The whole 3.4.1 is, as per item 1, only applicable to blockwise
operations split into end-to-end protected individual exchanges.

(Ie. DTLS w/o proxies, or inner blockwise in OSCORE).

If that does not answer the question, I don't fully understand it,
please help me find where we diverge.

> * Section 3.4.1 - This seems backwards.  I thought that OSCORE was tightly
> bound to the end point, but this paragraph says it is not.

That was my idea of OSCORE inner-blockwise being allowed to jump
transports (which it could easily do but is not specified that way);
I've replaced the paragraph with a weaker and more hypothetical one.

(By "bound to the end point" I meant that whereas a running DTLS session
will only stay alive while IP/port/interface quintuple stays the same,
an OSCORE context can be used even after those endpoint identifiers have
changed.)

> * Section 3.4.3 - You have a "Section TBA" here
>
> * Section 3.4.3 - Please keep the section for justification of Request-Tag
> being repeatable.

Given that we now do groundwork for Stateless which is more directly
applicable, that document is now referenced instead, and left in.


Thanks again
Christian

-- 
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom