Re: [core] Genart last call review of draft-ietf-core-object-security-13
"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 26 July 2018 12:26 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB0D13110F; Thu, 26 Jul 2018 05:26:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zboIEgSoYV5q; Thu, 26 Jul 2018 05:26:46 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1711F13110C; Thu, 26 Jul 2018 05:26:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id E9371250FFE; Thu, 26 Jul 2018 05:26:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1532608005; bh=56uammgHeMwp2DxYQG2/IMImAAprkl+5nnED2ldZ9jE=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=fUo7V4sZ9kMnRKKivWslmPlC1MReXVEELMEz6Wqf9TGFnPAqmtWwgVbrFXgPYZz8D srBPJ3Do0lg3r8JhllLIiw8S5tknpxrA4LurdPupt7uxSvH407NJxDuBoG0xfcGYBt HJvg4axtspHl12jRuHNOoGJqEaNazzn+DN1QdmgM=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (unknown [66.194.108.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 472E4250D02; Thu, 26 Jul 2018 05:26:44 -0700 (PDT)
To: Francesca Palombini <francesca.palombini@ericsson.com>, "gen-art@ietf.org" <gen-art@ietf.org>
Cc: "draft-ietf-core-object-security.all@ietf.org" <draft-ietf-core-object-security.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "core@ietf.org" <core@ietf.org>
References: <153205248660.10636.17459130896592894639@ietfa.amsl.com> <AM5PR0701MB2737F5900ED0205826901664982B0@AM5PR0701MB2737.eurprd07.prod.outlook.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <e25b84f6-e12b-55b6-db52-7096c024da58@joelhalpern.com>
Date: Thu, 26 Jul 2018 07:26:43 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <AM5PR0701MB2737F5900ED0205826901664982B0@AM5PR0701MB2737.eurprd07.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/dJ_QuWt86W-kXr6jwL0FEQd4zVM>
Subject: Re: [core] Genart last call review of draft-ietf-core-object-security-13
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 12:26:48 -0000
Thank you. Those changes nicely address my concerns. Yours, Joel On 7/26/18 2:41 AM, Francesca Palombini wrote: > Hi Joel, > > Thanks for your review! I now have updated the draft with improvements from your comments, see inline. Hope this clarifies. > > Thanks, > Francesca > >> -----Original Message----- >> From: core <core-bounces@ietf.org> On Behalf Of Joel Halpern >> Sent: den 20 juli 2018 04:08 >> To: gen-art@ietf.org >> Cc: draft-ietf-core-object-security.all@ietf.org; ietf@ietf.org; core@ietf.org >> Subject: [core] Genart last call review of draft-ietf-core-object-security-13 >> >> Reviewer: Joel Halpern >> Review result: Ready >> >> I am the assigned Gen-ART reviewer for this draft. The General Area Review >> Team (Gen-ART) reviews all IETF documents being processed by the IESG for >> the IETF Chair. Please treat these comments just like any other last call >> comments. >> >> For more information, please see the FAQ at >> >> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >> >> Document: draft-ietf-core-object-security-13 >> Reviewer: Joel Halpern >> Review Date: 2018-07-19 >> IETF LC End Date: 2018-07-30 >> IESG Telechat date: Not scheduled for a telechat >> >> Summary: this document is ready for publication as a Proposed Standard >> RFC. >> My minor concerns from draft -08 have been addressed. >> >> Major issues: N/A >> >> Minor issues: >> Section 7.2 is about sequence numbers. The first sentence in 7.2 discusses >> Nonces. Then the discussion switches to sequence numbers? My guess is >> that the Nonce is left over from previous text? >> > > Actually, the first sentence discusses nonces since they are constructed from Partial IVs, which are basically the Sequence Numbers. I added this precision, at the end of the second sentence. > > OLD: An AEAD nonce MUST NOT be used more than once per AEAD key. The uniqueness of (key, nonce) pairs is shown in Appendix D.3, and in particular depends on a correct usage of Partial IVs. > > NEW: An AEAD nonce MUST NOT be used more than once per AEAD key. The uniqueness of (key, nonce) pairs is shown in Appendix D.3, and in particular depends on a correct usage of Partial IVs (which encode the Sender Sequence Numbers, see Section 5). > >> Nits/editorial comments: >> In the first paragraph of 3.3, the text reads: >> The requirement that Sender ID SHALL be unique in the set of all security >> contexts using the same Master Secret, Master Salt, and ID Context >> guarantees unique (key, nonce) pairs, which avoids nonce reuse. >> Unfortunately, that is not a grammatical sentence. >> >> > > I think this sentence was too long to be readable, so I tried to split it up. Hopefully it makes more sense now. > > NEW: This means that Sender ID SHALL be unique in the set of all security contexts using the same Master Secret, Master Salt, and ID Context; such a requirement guarantees unique (key, nonce) pairs, which avoids nonce reuse. > >> _______________________________________________ >> core mailing list >> core@ietf.org >> https://www.ietf.org/mailman/listinfo/core
- [core] Genart last call review of draft-ietf-core… Joel Halpern
- Re: [core] Genart last call review of draft-ietf-… Francesca Palombini
- Re: [core] Genart last call review of draft-ietf-… Joel M. Halpern