IETF Logo Mail Archive

Re: [core] [Gen-art] Genart last call review of draft-ietf-core-stateless-05

Alissa Cooper <alissa@cooperw.in> Thu, 23 April 2020 20:56 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79A843A0860; Thu, 23 Apr 2020 13:56:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=Dsoios27; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ENf1PyKh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cib7QTBrUl0f; Thu, 23 Apr 2020 13:56:53 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E6063A085E; Thu, 23 Apr 2020 13:56:52 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 98EC95C0874; Thu, 23 Apr 2020 16:56:51 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Thu, 23 Apr 2020 16:56:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= from:message-id:content-type:mime-version:subject:date :in-reply-to:cc:to:references; s=fm2; bh=bDTNQH29SWSgalNEeVtMC6W mDCIY6T/s1PY/ll/zX5s=; b=Dsoios27SLA8Ddo6zdToFKKmAaLfeAfDAaT6yIW fuJPB4kzl16Gh17H7bn+Bf3A0ZogM2qxYbm9QA4bqRa/9Ks2pVWZ09uHYT4VqkRf KDz5oF5bwiuDKVL/zY4cibGxZw5QPHdZsLJMQVNp2dcZP7LbmhKNtsOJ/NhSpeXN stGL/Jqd8MJdNRCBsN6wdlaggqTjyUm3b6Hbdojop0XaHjFKbWm27s/OGRk99hqu wMeg0HegBh+Pp50NUINT1MIbuNwpC0lDBN0yA76GMEktKzuka+7o4HicUpWTY/MO raPaGXKmBiMwo37tkQpbmOi+YX9uxjL2gXG2OeD+WZBt8/w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=bDTNQH 29SWSgalNEeVtMC6WmDCIY6T/s1PY/ll/zX5s=; b=ENf1PyKhpW4sMkmHUmp6dX iBmCbjPWFjSbu4bZw2fbpPT+uu7m2YwFjuX8zMlnygX6wpSaqBJTJKNpQu/BapUp 2SRthqyQBGU9Yn2QBGkw1UVb/yx+D6difXrYfEE5BS01qVZlIFCXCwybTIUB8UQ6 S3C2PzTK8ZjOu2yJBw+r9GnhbI2GiSt2Y3Wd+o5biq8gA3//7BDNDqXJVEhvb6JF 6IyML6r6yFV4Q4yQ7VceUGBrsMrSbBB5CUDo8H2z2LwRdWD+bOtB52E8sNP40TVJ 74+GEv6JzOaMtkbpDICTACC38dONgzJu7KH63ItuXDidwYlwsD7rPcAf7TsmEtEA ==
X-ME-Sender: <xms:EgGiXsT-PZVyVYZTZLAHYZSomqqMqHAHHhxdOYAUpDekv1T7F5hYaw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrgeelgdduvddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffktgggufffjgfvfhfosegrtdhmrehhtddvnecuhfhrohhmpeetlhhishhs rgcuvehoohhpvghruceorghlihhsshgrsegtohhophgvrhifrdhinheqnecuffhomhgrih hnpehivghtfhdrohhrghenucfkphepudejfedrfeekrdduudejrdejkeenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrlhhishhsrgestghooh hpvghrfidrihhn
X-ME-Proxy: <xmx:EgGiXkkjMuKgW3lCg0MMQIhS-9jnd4aFlxSKb_uLEZu3z07nmMVXCw> <xmx:EgGiXoFogAIVlFETF0kvGQXwHFczFvZcBnnFLsoKTtIGLcLqWGcTSg> <xmx:EgGiXvkcZK2tvdnsS76Hm-zsY_Sej2dh1y5f9f3k2RLtQ9Gqwm1cUw> <xmx:EwGiXvbBPxCEPM3g4YYmtlHBbjd3SOj0QvF3wqKEGuukq0bLWnBScg>
Received: from rtp-alcoop-nitro2.cisco.com (unknown [173.38.117.78]) by mail.messagingengine.com (Postfix) with ESMTPA id 7680B3280064; Thu, 23 Apr 2020 16:56:50 -0400 (EDT)
From: Alissa Cooper <alissa@cooperw.in>
Message-Id: <899B1D87-E497-4344-8A1C-2E6B65B2F6E1@cooperw.in>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A9A023AA-AEC9-4AF3-A770-A63B61E8E1A3"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.5\))
Date: Thu, 23 Apr 2020 16:56:50 -0400
In-Reply-To: <CAFgnS4XY3YPo7eBfzfMeyXE_RPLWqE1eOQhQCDf0iky8-z=LAQ@mail.gmail.com>
Cc: Klaus Hartke <klaus.hartke@ericsson.com>, "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-core-stateless.all@ietf.org" <draft-ietf-core-stateless.all@ietf.org>, "core@ietf.org" <core@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
To: Dan Romascanu <dromasca@gmail.com>, Klaus Hartke <hartke@projectcool.de>
References: <158573098630.30833.17715509721846547699@ietfa.amsl.com> <HE1PR07MB4346B6585F88A677DAF998E3E6C90@HE1PR07MB4346.eurprd07.prod.outlook.com> <CAFgnS4XTyD7AxwgbyAK9oWw_B+Owi6qCwbLhpSp1vn8LH+Lr2Q@mail.gmail.com> <CAAzbHvYWx394b+1tFpd4Ko6N_MON=93xqUxOSm-0KEY7dMkE8g@mail.gmail.com> <CAFgnS4XY3YPo7eBfzfMeyXE_RPLWqE1eOQhQCDf0iky8-z=LAQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.9.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/bTiegVNTFf9q-r7pUMVgaQj9eXo>
Subject: Re: [core] [Gen-art] Genart last call review of draft-ietf-core-stateless-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 20:56:56 -0000

Dan, thanks for your reviews. Klaus, thanks for your responses. I entered a No Objection ballot.

Alissa


> On Apr 12, 2020, at 6:11 AM, Dan Romascanu <dromasca@gmail.com> wrote:
> 
> Looks good to me. Thanks for addressing these points. 
> 
> Regards,
> 
> Dan
> 
> 
> On Sun, Apr 12, 2020 at 12:31 PM Klaus Hartke <hartke@projectcool.de <mailto:hartke@projectcool.de>> wrote:
> Dan Romascanu wrote:
> >> > 1. It would be useful to include some considerations whether the authors
> >> > consider useful / possible / allowed that the mechanism (extended token
> >> > lengths) presented in this document can be used for other purposed than
> >> > the by-design the use case (avoiding per-request state).
> >>
> >> The last paragraph in Section 1 says:
> >>
> >>    While the use case (avoiding per-request state) and the mechanism
> >>    (extended token lengths) presented in this document are closely
> >>    related, both can be used independently of each other: Some
> >>    implementations may be able to fit their state in just 8 bytes; some
> >>    implementations may have other use cases for extended token lengths.
> >>
> >> Does that solve your issue?
> >
> > Actually this is exactly the paragraph that triggered my concern. Does 'using independently' mean that you encourage or do not care implementations in the future dealing with other use cases? If the answer is yes, maybe the current text is fine. If the answer is 'rather not' than a discussion would be welcome.
> 
> The paragraph is intended to give permission that extended token
> lengths may be used for other purposes than avoiding per-request
> state. Of course, these will need security considerations etc., but
> those are out of this document's scope.
> 
> >> > > The use of encryption, integrity protection, and replay protection of
> >> >    serialized state is recommended in general, unless a careful analysis
> >> >    of any potential attacks to security and privacy is performed.  AES-
> >> >    CCM with a 64 bit tag is recommended, combined with a sequence number
> >> >    and a replay window.  Where encryption is not needed, HMAC-SHA-256,
> >> >    combined with a sequence number and a replay window, may be used.
> >> >
> >> > A few issues with this paragraph. Why are not 'recommended' and 'may'
> >> > capitalized? The formulation 'is recommended in general' seems odd, and
> >> > the rest of the sentence does not clarify. What does 'a careful analysis of any
> >> > potential attacks' mean? Who is supposed to perform this analysis and who
> >> > can ensure it is 'careful enough' at any given point in time for any potential
> >> > attacks?
> >>
> >> AFAIK, the Security Considerations section is supposed to discuss security-related issues that users need to be aware of, but not make normative statements. So all the normative requirements are in Section 3.1. (Where 'users' in this case are implementations and specifications that decide to make use of this implementation strategy in clients.)
> >>
> >> Overall, it's a bit difficult to make normative requirements here, because these are usually about the interoperability e.g. of a client and a server. But in this case, the client only needs to interoperate with itself (it needs to accept a token that it created itself) and the only real requirement is that "client implementations MUST NOT be vulnerable to maliciously crafted tokens". The meaning of "vulnerable" and "malicious" here depends a lot on the application/deployment-specific context; the document can really just highlight some potential issues that users should take into consideration.
> >>
> >> I'm open to concrete suggestions for text improvements, though..
> >
> > I believe that I understood the point that you are making. If I am to suggest text improvements, I would:
> >
> > - s/recommended in general/recommended/
> > - clarify, maybe in this very words that "the requirement is that client implementations must not be vulnerable to maliciously crafted tokens"
> 
> I've made these two changes in the Security Considerations section and
> also tried to improve clarity in section 3.1. I will submit a -06
> shortly.
> 
> Thanks!
> 
> Klaus
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art

v2.20.3 | Report a Bug | By Email