[core] Fwd: [Ace] review oscore-groupcomm-2
Peter van der Stok <stokcons@bbhmail.nl> Thu, 20 September 2018 08:02 UTC
Return-Path: <stokcons@bbhmail.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78126130DCE for <core@ietfa.amsl.com>; Thu, 20 Sep 2018 01:02:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vUdhQtdl3osY for <core@ietfa.amsl.com>; Thu, 20 Sep 2018 01:02:54 -0700 (PDT)
Received: from smtprelay.hostedemail.com (smtprelay0001.hostedemail.com [216.40.44.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75F5B124C04 for <core@ietf.org>; Thu, 20 Sep 2018 01:02:54 -0700 (PDT)
Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay01.hostedemail.com (Postfix) with ESMTP id 625D6100E86C4 for <core@ietf.org>; Thu, 20 Sep 2018 08:02:52 +0000 (UTC)
X-Session-Marker: 73746F6B636F6E73406262686D61696C2E6E6C
X-Spam-Summary: 2, -10, 0, , d41d8cd98f00b204, stokcons@bbhmail.nl, :, RULES_HIT:2:4:41:72:152:355:379:582:602:800:871:962:967:968:973:982:983:988:989:1000:1152:1189:1208:1212:1260:1263:1313:1314:1345:1359:1381:1431:1436:1437:1516:1517:1518:1575:1588:1589:1592:1594:1605:1617:1730:1764:1776:1792:2068:2069:2198:2199:2525:2528:2553:2561:2566:2682:2685:2692:2829:2859:2894:2903:2911:2915:2918:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3586:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4050:4250:4321:4362:4425:4557:4641:4659:4860:5007:6117:6119:6261:6298:6506:6659:6678:6747:6748:7281:7464:7802:7875:7903:7904:7909:8557:8568:8603:8784:8985:9010:9015:9025:9177:9388:10004:10848:11232:11604:11658:11914:12043:12291:12295:12379:12438:12555:12679:12683:12895:12986:13139:13141:13144:13161:13181:13190:13199:13215:13229:13230:13439:13846:14094:14096:21060:21080:21433:21450:21451:21625:21691:21740:21809:30034:30048:30054:30060:3
X-HE-Tag: bee46_5333ea5e5ee31
X-Filterd-Recvd-Size: 16355
Received: from mail.bbhmail.nl (imap-ext [216.40.42.5]) (Authenticated sender: webmail@stokcons@bbhmail.nl) by omf12.hostedemail.com (Postfix) with ESMTPA for <core@ietf.org>; Thu, 20 Sep 2018 08:02:51 +0000 (UTC)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=_10289174853389145c72c2fd1d3f67b9"
Date: Thu, 20 Sep 2018 10:02:51 +0200
From: Peter van der Stok <stokcons@bbhmail.nl>
To: Core <core@ietf.org>
Organization: vanderstok consultancy
Reply-To: consultancy@vanderstok.org
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <866876ae4798de793536ea7f13396df2@bbhmail.nl>
References: <866876ae4798de793536ea7f13396df2@bbhmail.nl>
Message-ID: <0029fdca1c78326bc10e5332ed55b99c@bbhmail.nl>
X-Sender: stokcons@bbhmail.nl
User-Agent: Roundcube Webmail/1.2.7
X-Originating-IP: [90.0.6.116]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/RShxMIYgdH3P2pvnO9sSvLv7_RA>
Subject: [core] Fwd: [Ace] review oscore-groupcomm-2
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Sep 2018 08:02:57 -0000
Hi authors, Thanks for this useful document. I have no comments on sections 3 and 4 that read rather easily. Some comments on the other sections follow below: Section 1.1 Introduce group request (GR)-message and response message in relation to GR-client and GR-server to clarify text in section 2. To be used consistently throughout the text. End page 3. The phrase on the use of DTLS seems a bit far-fetched; Do you mean that multiple DTLS sessions are started for each group request sent by a client? Group ID: s/a same Group Manager/a given Group Manager/ End section 1.1; remove: "by a different group member or by a non-group-member" This only excludes itself. Section 2 Where does the endpoint store all these contexts? I assume local storage is used. Text substitution suggestions: s/Each endpoint in the group stores:/Each endpoint in a group makes use of:/ s/endpoints in the group/endpoints in a given group/ s/The ID Context parameter stores the group ID/The ID Context parameter contains the group ID/ The Sender context description is confusing. I understood that both a client when sending a group request, and a receiver when sending a response message use the sender context for sending the message. The text seems to suggest that only a group request need a sender context and not the response message. If the Sender context applies only to group request messages, the term request context is more appropriate and distinguishes from the sender context in OSCORE Same confusion about the recipient context; the text seems to exclude that a group request client also needs a recipient context. Table 1: why "each" Recipient context and not "each" sender context? Public key of the associated other endpoint: is this the group request client endpoint or any endpoint sending to this recipient? Section 2.1: should the section not refer to oscoap-joining draft in ACE? Section 3 'kid' parameter value; Does this only apply to response messages sent by group request servers? Section 5; I don't think that I understand the problem. One of the conditions is that a client which is not part of a group cannot decrypt the group messages, and a client that has left the group cannot decrypt the group messages either. That constitutes already a pretty firm synchronization. My assumption was that this would be effectuated by distributing new master secret every time the group changes. In Appendix C, you suggest the epoch in the GID (Chaging the epoch, the GID may remain constant over group changes). My recommendation is to make the epoch compulsory for synchronization purposes. During membership of a group, a GR-client can consecutively number its messages starting at zero every time a new epoch is started (with a new master secret as specified in section 2.1). See also remark on A.2. Section 6, what is the relation of section 6 with with oscoap-joining. Is oscoap-joining required to validate all the requirements of section 6? Methods to handle loss of synchronization are not responsibility of GM but responsibility of the sender of group request messages. No total ordering on all messages is required, only partial ordering on the messages of a given sender. I assume that the ordering of epochs is done by GM. Trusted key repository: Also when the group manager makes use of an additional secure storage device, it remains responsible for the key repository. Acting as a network router is out of scope IMO. RFCs exist to create and route group messages and it is immaterial which devices host the routing agents. This is also a subject of appendix D; same remark applies there as well. Autonomously and locally enforcing… ; what is the difference with bullet 2 of section 6? 7.1 I don't understand the remark that all group members are trusted. What does that mean? IMU, They have been authorized to join a group and are trusted per definition. 7.2 Case A and Case B refer to cases in OSCORE draft? 7.3 Does it not need an explanation how one sender belonging to two groups with the same GID can be distinguished by a receiver that is member of these two groups as well? The text at the end of appendix C is not very convincing. A.1 bullet 2; remove: "e.g. by grouping lights….." (it is unknown how large groups in one room can be, leave alone a floor) A.1 Establishments an management of security contexts: I hope that a general key management scheme is not necessary to provide the GM with a protocol to distribute new master secrets for the next group epoch. A.2 Source Authentication, s/ensure/verify/ Message Integrity, s/ensure/verify/ Message ordering: Messages should be given a sequence number by the sender, a new coap option could be defined. Total ordering of the messages in a Group is not required. Appendix C: Could this text (or a variant) not become normative text to provide simple source ordering. Appendix D: first three paragraphs double with Appendix A, just differently formulated. Suggest to remove or better review separation with appendix A. See router comment of section 6. Appendix D.1 is very informative but provides many choices. Oscoap join should specify the choices. According to me much of the text of Appendix D.1 should go to oscoap-join to motivate the choices made for oscoap join. Appendix D.2. My suggestion is to make the GM the key repository, or connect a key repository to it, that needs to be accessed through the GM. Appendix D3. Should this not be normative text in oscoap-join? Appendix E. A relation between message freshness and message ordering is suggested that I do not understand. When a sender sends only one message ever, the ordering is assured, but freshness is not guaranteed on reception. Suppose only ordering is guaranteed with sequence numbers in the message; Losing messages can be detected. A procedure to receive lost messages is indeed necessary. But this involves storage of messages at the sender (how many?), and possibly re-encrypting to guarantee freshness when they are repeated on loss detection. Hope this helps. Greetings, peter -- Peter van der Stok vanderstok consultancy mailto: consultancy@vanderstok.org, stokcons@bbhmail.nl www: www.vanderstok.org [1] tel NL: +31(0)492474673 F: +33(0)966015248 _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace Links: ------ [1] http://www.vanderstok.org
- [core] Fwd: [Ace] review oscore-groupcomm-2 Peter van der Stok
- Re: [core] Fwd: [Ace] review oscore-groupcomm-2 Marco Tiloca