[core] 答复: Artart last call review of draft-ietf-core-oscore-edhoc-09
"Pengshuping (Peng Shuping)" <pengshuping@huawei.com> Fri, 24 November 2023 08:44 UTC
Return-Path: <pengshuping@huawei.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AFACC151073; Fri, 24 Nov 2023 00:44:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsIr-uJjWAaN; Fri, 24 Nov 2023 00:44:53 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61102C17C525; Fri, 24 Nov 2023 00:44:42 -0800 (PST)
Received: from lhrpeml500006.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Sc7ns6YcCz6D8X3; Fri, 24 Nov 2023 16:44:33 +0800 (CST)
Received: from canpemm100008.china.huawei.com (7.192.104.152) by lhrpeml500006.china.huawei.com (7.191.161.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 24 Nov 2023 08:44:38 +0000
Received: from canpemm500008.china.huawei.com (7.192.105.151) by canpemm100008.china.huawei.com (7.192.104.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 24 Nov 2023 16:44:36 +0800
Received: from canpemm500008.china.huawei.com ([7.192.105.151]) by canpemm500008.china.huawei.com ([7.192.105.151]) with mapi id 15.01.2507.035; Fri, 24 Nov 2023 16:44:36 +0800
From: "Pengshuping (Peng Shuping)" <pengshuping@huawei.com>
To: Marco Tiloca <marco.tiloca@ri.se>, "art@ietf.org" <art@ietf.org>
CC: "core@ietf.org" <core@ietf.org>, "draft-ietf-core-oscore-edhoc.all@ietf.org" <draft-ietf-core-oscore-edhoc.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Artart last call review of draft-ietf-core-oscore-edhoc-09
Thread-Index: AQHaHiQudAEX234Mfkyzo9NyYP8xsrCJKDnA
Date: Fri, 24 Nov 2023 08:44:36 +0000
Message-ID: <0991e7f91a4a4d1b8fc79655c169acad@huawei.com>
References: <169995403049.46907.612833618941949882@ietfa.amsl.com> <c5de1d9c-0a47-4ca5-818e-47c0668ffc1a@ri.se>
In-Reply-To: <c5de1d9c-0a47-4ca5-818e-47c0668ffc1a@ri.se>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.82.195.89]
Content-Type: multipart/alternative; boundary="_000_0991e7f91a4a4d1b8fc79655c169acadhuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/S4wYT8rNabS9H1gVitwS5mII00Y>
Subject: [core] 答复: Artart last call review of draft-ietf-core-oscore-edhoc-09
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Nov 2023 08:44:57 -0000
Hi Marco, Thank you for making the updates. It is much clearer now. I have no other comments. Thank you! Best Regards, Shuping 发件人: Marco Tiloca <marco.tiloca@ri.se> 发送时间: 2023年11月23日 23:45 收件人: Pengshuping (Peng Shuping) <pengshuping@huawei.com>; art@ietf.org 抄送: core@ietf.org; draft-ietf-core-oscore-edhoc.all@ietf.org; last-call@ietf.org 主题: Re: Artart last call review of draft-ietf-core-oscore-edhoc-09 Hello Shuping, Thanks a lot for your review! Please find in line below our detailed replies to your comments. A Github PR where we have addressed your comments is available at [ARTART-PR]. Unless any concern is raised, we plan to soon merge this PR (and the other ones related to other received reviews), and to submit the result as version -10 of the document. Thanks, /Marco [ARTART-PR] https://github.com/core-wg/oscore-edhoc/pull/17 On 2023-11-14 10:27, Shuping Peng via Datatracker wrote: Reviewer: Shuping Peng Review result: Ready with Issues I am the assigned ART-ART reviewer for this draft. Summary: I have some minor concerns about this document that I think should be resolved before publication. Comments: I think this document is basically ready for publication. Major Issues: "No major issues found." Minor Issues: Where the "C_R" is actually carried is not clear. It would be good if the following text in Section 3 could be more clear about it, and it might also be helpful to show the "C_R" in Figure 2. " EDHOC data consisting of the pair (C_R, EDHOC message_3) required for completing the EDHOC session. Note that, as specified in Section 3.2, C_R is transported in the OSCORE Option of the OSCORE Request rather than in the CoAP payload of the EDHOC + OSCORE request. " ==>MT In order to clarify where C_R is transported, we have made the following changes. In Section 3.0, we have revised the bullet list introduced by "That is, the EDHOC + OSCORE request ..." to become as follows. > That is, the EDHOC + OSCORE request is composed of the following two parts combined together in a single CoAP message: > > * The OSCORE Request from Figure 1, which is also in this case sent to a protected resource, with the correct CoAP method and options intended for accessing that resource. > > * EDHOC data consisting of the pair (C_R, EDHOC message_3) required for completing the EDHOC session, transported as follows: > * C_R is the OSCORE Sender ID of the client and hence transported in the 'kid' field of the OSCORE Option (see Section 6.1 of RFC 8613). Unlike in the sequential workflow shown in Figure 1, C_R is thus not transported in the payload of the EDHOC + OSCORE request. > * EDHOC message_3 is transported in the payload of the EDHOC + OSCORE request, prepended to the payload of the OSCORE Request. This is because EDHOC message_3 may be too large to be included in a CoAP Option, e.g., when conveying a large public key certificate chain as ID_CRED_I (see Section 3.5.3 of [I-D.ietf-lake-edhoc]) or when conveying large External Authorization Data as EAD_3 (see Section 3.8 of [I-D.ietf-lake-edhoc]). Also in Section 3.0, we have updated Figure 2 to show the inclusion of C_R in the CoAP OSCORE Option of the EDHOC + OSCORE request. That is: OLD ``` | -------------- EDHOC + OSCORE Request ------------> | | Header: 0.02 (POST) | | Payload: EDHOC message_3 + OSCORE-protected data | ~snip | <--------------- OSCORE Response ------------------ | | Header: 2.04 (Changed) | | Payload: OSCORE-protected data | ``` NEW ``` | -------------- EDHOC + OSCORE Request ------------> | | Header: 0.02 (POST) | | OSCORE: { ... ; kid: C_R } | | Payload: EDHOC message_3 + OSCORE-protected data | ~snip | <--------------- OSCORE Response ------------------ | | Header: 2.04 (Changed) | | OSCORE: { ... } | | Payload: OSCORE-protected data | ``` In Section 2, we have similarly updated Figure 1 to show the inclusion of C_R in the CoAP OSCORE Option of the OSCORE request. That is: OLD ``` | ---------------- OSCORE Request -----------------> | | Header: 0.02 (POST) | | Payload: OSCORE-protected data | ~ snip | <--------------- OSCORE Response ----------------- | | Header: 2.04 (Changed) | | Payload: OSCORE-protected data | ``` NEW ``` | ---------------- OSCORE Request -----------------> | | Header: 0.02 (POST) | | OSCORE: { ... ; kid: C_R } | | Payload: OSCORE-protected data | ~ snip | <--------------- OSCORE Response ----------------- | | Header: 2.04 (Changed) | | OSCORE: { ... } | | Payload: OSCORE-protected data | ``` Also in Section 2, we have extended the ninth paragraph as follows: OLD > After this exchange takes place, and after successful verifications as specified in the EDHOC protocol, the client and server can derive an OSCORE Security Context, as defined in Appendix A.1 of [I-D.ietf-lake-edhoc]. After that, they can use OSCORE to protect their communications as per [RFC8613]. NEW > After this exchange takes place, and after successful verifications as specified in the EDHOC protocol, the client and server can derive an OSCORE Security Context, as defined in Appendix A.1 of [I-D.ietf-lake-edhoc]. After that, they can use OSCORE to protect their communications as per [RFC8613]. Note that the EDHOC Connection Identifier C_R is used as the OSCORE Sender ID of the client (see Appendix A.1 of [I-D.ietf-lake-edhoc]). Therefore, C_R is transported in the 'kid' field of the OSCORE Option of the OSCORE Request (see Section 6.1 of RFC 8613). <== -- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
- [core] Artart last call review of draft-ietf-core… Shuping Peng via Datatracker
- Re: [core] Artart last call review of draft-ietf-… Marco Tiloca
- [core] 答复: Artart last call review of draft-ietf-… Pengshuping (Peng Shuping)