IETF Logo Mail Archive

Re: [core] FW: Review draft-tiloca-core-oscore-discovery-04

Marco Tiloca <marco.tiloca@ri.se> Tue, 10 March 2020 18:09 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460813A07FB for <core@ietfa.amsl.com>; Tue, 10 Mar 2020 11:09:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBrmHn5-0vn2 for <core@ietfa.amsl.com>; Tue, 10 Mar 2020 11:09:40 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124DC3A07D8 for <core@ietf.org>; Tue, 10 Mar 2020 11:09:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T2b85IDMTvrZFJOB/i2Tl82+DbFJShVWzCGiNoIHovIR/nxDK/eQ1OcFeyeP/5KwMiP5alfds9ezVXNqh+MaWIUTDVdhUUMhuxw/xBSfRX/kQwW4mpJi210SzqcOgOqt2Tny7aQBLzKqbbiqhXI+oh9zKczbmGJPfhmi4nC3NVZIW2sjl6sam0v+uhWxYyo6KDqqlWX42aJYxxfQfvdPIXnP8yJCbTThOdleE2BgGbQwoR/i6fOpEXDNzJQWrXQYVnK6eTFn6YKimCm3XepwRESCYLcdXgNBoYsQb8qcijLxO7YdmZ0tbjejkX2CGwanoRkOhHypoDIUkhPDIMlX7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=Obi6G7H1s0Da8D07Y6hiaFlqD2tJZ5HAqzI3j8cFsYU=; b=L/hpJt8f3eIQjBPr+vJCYqF8DWMpdMTJuRQBdLktyHIiOqdDrPLqGP/Rc7hIvN+1a90vJZROwE3mOLz35+4YXv8uYEBEtY3wCaRqt8ifHNzjVQNQTWIu/JPOuPeew41s1uozfTfI2qEJ8JA529fhGnfbU3d4Hougol+pkOjdim5h1hALjOocq1vD4Bc9SUMAFCVCCj3UXuml8MxL/n2/cYDRnlzrIaQ/o6L0ED3A1+2at0Jv3vcltwf7i78YkNSTsd1farakR5yjCfk/EYlGzj839LNHrCpw8hH7KqKd+jHtRQzI8zN64SQeDTLNAC8YF7hwarjhuZtWeRWx6JKWXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=Obi6G7H1s0Da8D07Y6hiaFlqD2tJZ5HAqzI3j8cFsYU=; b=Gcs20zupRBjxrgeqB4R8mIwR8H55h9eBGoSH2/XqDxbdI+Y8ZS2dpWGQDYSc4GWPZwqtOViK1q+W5jLhWILU2KeS/r27JPEHMhJtsANjRZfzEir9StJuhdwTEKts71pDSwWBTD991I1JP90QL1Dbs7qer4cH7X6GDi7KhcdrqHM=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=marco.tiloca@ri.se;
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (10.165.195.159) by VI1P189MB0432.EURP189.PROD.OUTLOOK.COM (10.165.196.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Tue, 10 Mar 2020 18:09:37 +0000
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::80e4:7dc7:7d4e:c9cb]) by VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::80e4:7dc7:7d4e:c9cb%4]) with mapi id 15.20.2793.013; Tue, 10 Mar 2020 18:09:37 +0000
To: Jim Schaad <ietf@augustcellars.com>
References: <022101d59f70$9a9cf9b0$cfd6ed10$@augustcellars.com>
Cc: 'Core WG mailing list' <core@ietf.org>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <d6585166-6123-b2d1-5455-aa4e4c8b589c@ri.se>
Date: Tue, 10 Mar 2020 19:09:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
In-Reply-To: <022101d59f70$9a9cf9b0$cfd6ed10$@augustcellars.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="HgSZ8lnVk9KIFkQOtEWWhngCfVUHvRzIP"
X-ClientProxiedBy: HE1PR05CA0131.eurprd05.prod.outlook.com (2603:10a6:7:28::18) To VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.2] (185.236.42.41) by HE1PR05CA0131.eurprd05.prod.outlook.com (2603:10a6:7:28::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Tue, 10 Mar 2020 18:09:36 +0000
X-Originating-IP: [185.236.42.41]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a16aa4e1-1569-466d-827a-08d7c51e31c0
X-MS-TrafficTypeDiagnostic: VI1P189MB0432:
X-Microsoft-Antispam-PRVS: <VI1P189MB04329AA05124E573BC90523799FF0@VI1P189MB0432.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 033857D0BD
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(346002)(376002)(39860400002)(366004)(199004)(189003)(16526019)(186003)(316002)(16576012)(33964004)(66476007)(2906002)(31686004)(53546011)(966005)(5660300002)(44832011)(26005)(956004)(66556008)(2616005)(52116002)(4001150100001)(478600001)(66574012)(6916009)(4326008)(235185007)(6486002)(8676002)(66946007)(8936002)(81156014)(81166006)(86362001)(31696002)(6666004)(21480400003)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P189MB0432; H:VI1P189MB0398.EURP189.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: None (protection.outlook.com: ri.se does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: eNFv1WQb9AG9EznqqWBDXs95PRNLG7ozFHSTYgNVSMG0oZyPUUuMI3bpnRIA+7rpbfLZFvrHmvUBs8+rHTvCnvilQ06+i4DgMGkk7WA5ChblQOjDOx78xnzzbiOnIoknUSi5FGfR0NCafi+aiHOV58/p1ODOoLj52QL7nypDE0A8mgXapknBBlllklth1eD1UVNkOOYYo6xoRMywk/PXxpwzQ6zIFj6YmjTEVHLzMNdDNmfc3d9ZO61V0vonzvUo0HvorQPeWaSp2Q6w3C6e5RlyoF6Usw2UEN/jUdl6nAYm+i6UFeIHvlI4t+9WVFUl6YdKYBeb/uL/sDnXfwQUXwrF1mU+KdgC0XyEoVdDV6uctlNLnI7TIc2kbGD0JDd39cNkp2tWNJcXRbmzKkk/LklmiJd3fqlSMtOWecTdiHwYOyMaN6Ds1CFKZWrD9xemYdmojaZIiMDWrERhk5EBSlnIpXFlc6RsmjIL8LDzI1iu2V+m5O9aovygs7C5ojfIRNwwHKfYNHPUELAhDP8PoA==
X-MS-Exchange-AntiSpam-MessageData: pnJyCZXQz/p2KwhI7Q8LEFlQxlUL7XmmEmqu5YQeF66biNQwSDy3GQYx7F4G/vkTc0lfaveiiP+9rGcqGJR02leRPHV0BIh+JAjZfyzBBwzu29S8Rlt8PusJ5LYZz/hoB8SO7SXT4MTidLZa30opbA==
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: a16aa4e1-1569-466d-827a-08d7c51e31c0
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Mar 2020 18:09:37.2004 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: iUMEc+veRplh/ZU2sKq1fFAV3ochEh7xEaVnMcuy4141TBe6/sdtMVvyqyi2Hlh8UnS6u/UI8bY7pJYls8or6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P189MB0432
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/YLK3194lToYIEnvZr7oEGvyJ4Kc>
Subject: Re: [core] FW: Review draft-tiloca-core-oscore-discovery-04
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 18:09:46 -0000

Hi Jim,

Thanks a lot for your review, also addressed in the latest submitted -05.

https://tools.ietf.org/html/draft-tiloca-core-oscore-discovery-05

Please, see some replies inline.

Best,
/Marco

On 2019-11-20 08:03, Jim Schaad wrote:
> Need to go here as well.
>
> -----Original Message-----
> From: Jim Schaad <ietf@augustcellars.com> 
> Sent: Wednesday, November 20, 2019 3:03 PM
> To: 'draft-tiloca-core-oscore-discovery@ietf.org'
> <draft-tiloca-core-oscore-discovery@ietf.org>
> Subject: Review draft-tiloca-core-oscore-discovery-04
>
> * Should this document be re-written to only use CoRAL-reef?

==>MT
As a first step, we have added an appendix with CoRAL versions of the
(re-)registration and lookup examples.
<==

>
> * Introduction - You have the statement that generally one application group
> uses one OSCORE group.  I don't know that I agree with this statement.  It
> depends to a large extent of how you define an application group.  For
> example, if you are looking at both administration and usage as being in the
> same App group then this is not a true statement.

==>MT
We have relaxed this assumption. Now an application group may use
multiple security groups.
<==

> * Section 2 - If you want ACE-KEY-GROUPCOMM-OSCORE to be an information
> reference, then the definition for 'name' needs to be changed.

==>MT
We have made ace-key-groupcomm-oscore an informative reference.

When introducing the attribute 'sec-gp', now we say: "'sec-gp',
specifying the name of the OSCORE group of interest, as a stable and
invariant identifier, such as the group name used in
[I-D.ietf-ace-key-groupcomm-oscore]".
<==

>
> * Section 2 - Just replace and use the correct terms for countersignature
> algorithm info and countersignature key info structures.

==>MT
Trying to also keep short names for the attributes, we have:

- renamed 'cs_crv' to 'cs_alg_crv';
- renamed 'cs_kty' to 'cs_key_kty';
- added 'cs_key_crv';
- update all examples accordingly.
<==

>
> * Section 3 - For 'app-gp' - the MAY is confusing to me.  Better to say MUST
> occur once for each application group and MUST contain only a single
> application group.  

==>MT
Done.
<==

>
> * Section 5 - I don't care if you specify the same application group
> multiple times.   I don't want to have to figure out how to check this one
> thing and error.  Plus the end result will always be the same anyway

==>MT
We have removed the last sentence "A same application group MUST NOT be
specified multiple times".
<==

>
> * Section 5.1 - I think the anchor in the response is supposed to be absent.

==>MT
See reply from Christian at:

https://mailarchive.ietf.org/arch/msg/core/bUlyq1zHYk5-YWV7RgTkdUkQ21k
<==

>
> * Section 6 - It looks like you are registering [2001:db8:4::4] twice - that
> looks like it will mess things up.
>
> * Section 6 - I am not sure why you are registering the app-grp on the
> individual device rather than on the group itself.  That means that If I go
> in reverse, from the app group to the address of the app group, then I get
> the individual endpoints rather than the group multicast address.  This
> might be done for somebody who wants to get the messages in the group and
> would be permitted to do so.

==>MT
Covering both comments, we have replaced 'app-gp' with a separate
attribute 'in-app-gp' reflecting a node's membership rather than the
group itself:

1) in the two registrations from the CT to the RD, right below the
paragraph "Consecutively, the CT registers ... ".

2) in the response from the RD to the joining nodes, right below the
paragraph "The device with IP address [2001:db8:4::x] can consequently
learn the groups to which it belongs".

The actual double registration is still there, so it's now an open point
about whether removing the registration of application-group members
altogether from the example, or collapse the two registrations into one,
with multiple instances of 'in-app-gp'.
<==

>
>
>
>
>
>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core

-- 
Marco Tiloca
Ph.D., Senior Researcher

RISE Research Institutes of Sweden
Division ICT
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

Phone: +46 (0)70 60 46 501
https://www.ri.se

v2.23.0 | Report a Bug | By Email