[core] Comments on draft-ietf-core-oscore-groupcomm-05
Jim Schaad <ietf@augustcellars.com> Mon, 08 July 2019 04:07 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 768081200F7; Sun, 7 Jul 2019 21:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KOaeAwsK6lj; Sun, 7 Jul 2019 21:07:45 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A93E81200FA; Sun, 7 Jul 2019 21:07:44 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sun, 7 Jul 2019 21:07:38 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-core-oscore-groupcomm@ietf.org
CC: core@ietf.org
Date: Sun, 07 Jul 2019 21:07:36 -0700
Message-ID: <17bc01d53542$af0bfdd0$0d23f970$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdU1PP7XubLCxVcXRXWqYEWM0UaFqA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Z2dmalKySkKbjcRDNH8n9vxATMQ>
Subject: [core] Comments on draft-ietf-core-oscore-groupcomm-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 04:07:47 -0000
This is not a full review, I did a fast look at the differences in between -04 and -05 and am commenting on these. 1. The addition of two optional parameters in the aad_array in section 3.1. In terms of have a deterministic string result this is considered bad practice as if only one of them is supplied, it could be confused with the other one. 2. Who is supposed to validate the parameters dealing with signatures? Is this the responsibility of the KDC or does each entity need to do this? Is there an optimization that can be applied so that all of these parameters don't need to be distributed with the rest of the public key fields at a later date? 3. I am not sure why RSA-OAEP in the tables, I have never heard of anybody using these as signature algorithms. 4. Why did you insert the OSCORE_options field into the aad_array before the options field? It would be cleaner to have it at the end to minimize the differences between the structures. 5. Just what is the type in section 9.2 for EdDSA? Jim
- [core] Comments on draft-ietf-core-oscore-groupco… Jim Schaad
- Re: [core] Comments on draft-ietf-core-oscore-gro… Marco Tiloca