IETF Logo Mail Archive

Re: [core] Genart last call review of draft-ietf-core-object-security-13

Francesca Palombini <francesca.palombini@ericsson.com> Thu, 26 July 2018 07:41 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08F13130E47 for <core@ietfa.amsl.com>; Thu, 26 Jul 2018 00:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Hiok8rfL; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Qx/tGz2K
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PO_3OpUccyj6 for <core@ietfa.amsl.com>; Thu, 26 Jul 2018 00:41:47 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B42130DF2 for <core@ietf.org>; Thu, 26 Jul 2018 00:41:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1532590905; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Tyv4o98UTEoDrxfHs87Y3h2oC7aV9tMWohf06P56NM8=; b=Hiok8rfLyrZ1DKNKmPiZuD9fsD6w1rI+oMqWA2779P0msHF/lRoZstEQNvb75qdV 2KiL1UTfOpqkUAm2Khup6nOAXHcty3cnCpUz4Uvkg9sWsSMVCkj4S7ActP8osgzE n3JHydhc+tKjQNUr8AiUdw8lw54s7GbQQebpTk5NU/Q=;
X-AuditID: c1b4fb30-5cb039c0000059c2-12-5b597b398ed2
Received: from ESESBMB504.ericsson.se (Unknown_Domain [153.88.183.117]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id E9.44.22978.93B795B5; Thu, 26 Jul 2018 09:41:45 +0200 (CEST)
Received: from ESESBMB504.ericsson.se (153.88.183.171) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 26 Jul 2018 09:41:39 +0200
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 26 Jul 2018 09:41:39 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lbUycnjywGcudeBXwU3T4TmdS0tDbtoPSxP4LcK17tw=; b=Qx/tGz2KhEMrZnQ2+ROF33J8oIBtZ8N/AsLmCboPcjd4YII+7/AU/Nki5jXUVO9QJiFRrvDzHU914MwMds3Zvbkv1LROACkZzcIEaxwKAUKDwMUgZJW/7eafUdSnOY90UCAbihf8i12Ou8BAKsLLul1qG5fYbYUxrMxQGDG6Em0=
Received: from AM5PR0701MB2737.eurprd07.prod.outlook.com (10.173.93.139) by AM5PR0701MB2674.eurprd07.prod.outlook.com (10.173.93.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.995.10; Thu, 26 Jul 2018 07:41:39 +0000
Received: from AM5PR0701MB2737.eurprd07.prod.outlook.com ([fe80::526:d874:dcbb:a11]) by AM5PR0701MB2737.eurprd07.prod.outlook.com ([fe80::526:d874:dcbb:a11%3]) with mapi id 15.20.0995.008; Thu, 26 Jul 2018 07:41:38 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Joel Halpern <jmh@joelhalpern.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-core-object-security.all@ietf.org" <draft-ietf-core-object-security.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] Genart last call review of draft-ietf-core-object-security-13
Thread-Index: AQHUH86Kl+EdeXBIlUeFKF12MHUt86ShJn6Q
Date: Thu, 26 Jul 2018 07:41:38 +0000
Message-ID: <AM5PR0701MB2737F5900ED0205826901664982B0@AM5PR0701MB2737.eurprd07.prod.outlook.com>
References: <153205248660.10636.17459130896592894639@ietfa.amsl.com>
In-Reply-To: <153205248660.10636.17459130896592894639@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
x-originating-ip: [192.176.1.90]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM5PR0701MB2674; 6:rosRGnHCzkRtY5tsend0mPmvTbghhAoPyDaIFtTQTaWYLy0tjofVc19mdSnaMs3zV5SIQz14eWC8eLb6qgPgQi9RVIlnC7QRcasyy80XN9tGjIj5ueXFg3JFG1A34psqRIv7mKRIPQqx6I2q5bPR8M84rgvvIm02k47j6GD5kS9wUdFET1WGor+YlhhNjR62NFedu2toydv056jdVeKSu0cLVJqshERuCICqcXWisVUMWExwikLgg314UqSI8r+the84BCkY9/uzl4NT8Xa+GLAnSn9Wbtksfw/6SgDcW4FAtGVIOzENelS3O+CzyusEwbGsmmV5vXKAZE30++96xc9jMA2+eic910hH2pfdLQNbOnoS/DtqtTtKa/lV5E644gj0cp78MgqOzp6cu+j+8DPtpAxAiupX2Wf3qg1u/97yBOK3x1Z23ipZpziTluQHDrHotxkN4Du1n65wM8QALA==; 5:dcdz6F4uySEDHC2Fz77tluiCSJF4cbtwbIXfuxEPz6FZvDkmL85QwaHfdss+WogLQOu/cx/oeqYPll25PW00u/wKoGX6XbPmWeFHJplAvxPCWUiHvFW+bf9c/ZYZDEAa0meggmMCaGJnaEqKxjj7R2aruBOjcW45rqAzfPUluq0=; 7:RfgieNWqCyfMXnOkozJ1UxoKT6+ixOezwgdGNaw/2Idwp90/gFn9GYgcieUYuwgw2QCi30tYmIQ0KElZkAuUyOrlEs/tWlDNJbU22tWLGZC2rHqmEmat14ZtZ16PQYQ32Kv1ONIYVhHErNiKheyl6kSK7i5Mkq4OnDuiSRXGubkvhp2tPWylO61zpmLmAFH8C1tpPaykqdUxaEHcL08MFz/Mkh9DEor4p0wgdMI6zcHDyrtNR8dveMYLC7f97moK
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f463cff5-7171-4421-549c-08d5f2cb38e2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600073)(711020)(2017052603328)(7153060)(7193020); SRVR:AM5PR0701MB2674;
x-ms-traffictypediagnostic: AM5PR0701MB2674:
x-microsoft-antispam-prvs: <AM5PR0701MB26740504F11005A4A67A176D982B0@AM5PR0701MB2674.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:AM5PR0701MB2674; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0701MB2674;
x-forefront-prvs: 07459438AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(376002)(346002)(39860400002)(136003)(13464003)(199004)(189003)(33656002)(186003)(26005)(5250100002)(102836004)(6436002)(2900100001)(81166006)(2501003)(44832011)(105586002)(6506007)(53546011)(68736007)(66066001)(8676002)(6306002)(55016002)(2906002)(7736002)(106356001)(76176011)(74316002)(110136005)(54906003)(486006)(476003)(229853002)(7696005)(14444005)(6246003)(446003)(256004)(11346002)(316002)(305945005)(15650500001)(9686003)(25786009)(478600001)(86362001)(97736004)(4326008)(966005)(53936002)(14454004)(8936002)(5660300001)(6116002)(99286004)(81156014)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5PR0701MB2674; H:AM5PR0701MB2737.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: LNbS+opX7HK7a45h8gjx/iGSNbmxhI+QKIy1Dd0FDkNQuBRQt3puLkfz2svga8kV7xanwWjoLX1iIphtWPDfar6VHNaP8DEQIRRfKa4vgt1+igVFeehSyx2fC24udInzXCc3OeLFV0VJJcP0LGnHlxwFSCeMAONGS1RzO1UgVJwM168jzcjYu5MQdRWsg116+O9WHUVZGPd8AZtYFfYfxUd2VtxJSLsEUuJ0oDIpLRNcFm5aznvgtz1PhWJq+vqDQwllAzbArV3YyiRRHtZoMgkjGWRYAbEUXDSsMO9zjhTATjcZL40nb3EUnoQV5TzcDNiP7wvs/oapm1fiJ9lz19E1zYlGVjhZON0ABfTb/Dg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f463cff5-7171-4421-549c-08d5f2cb38e2
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2018 07:41:38.7941 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0701MB2674
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHec85m2fDwetUfNKMGARhzrz0YZFdSdDAENLyFrn0qEPdbEdn GtT2IZSlYjEJbaXicmqgpImh4a2LN7xgGplBaSOzJqnlTEXN7Szo2/95/r/nff4PvDQpNvC8 aYUyh1Er5ZkSvpCqiG3PlR69EZcQaJwhZF2LzaTMVvyIJ5v6/ouSfX1aRcmWh6zEKV64ybRO hI8a1lAUES8MTWEyFRpGffhEkjB9XrfKz170ut5UvMHToiJ3PRLQgI/A8mcrpUdCWoxfI9De M/K4woagZ8jgwhUmAvRj7x0YhctIWHq4zbPPi3E5AVPfMjhqDkFhfw1hN/g4FMZnfzogDxwJ /VsthB0isRnBgG7NAbnjCzAyPbO7g96FomGlIZHjg6F++wlp1xQ+AK/MRciuRTgJiua2nIvP wtZwl4tdC3AYFC/pHX2EfeG3jpslsRd8sFQR3KEYTC/GSE57wsKXbSefDJMzpY4IgPdDydt4 DvGFiao7yB4ZcI8L7EybKc6QwlJ5ufOdSDDoG0gOGkQw3WPkcYY/TLX+cQ6ooG1jx6mPwcJo p5PZB40ls1QZCqr8Lyun/aG6c4XP6UNQV/ODrHTc7waDFRaqGlGNyJNl2KtZacHBAYxakcyy KmWAkslpQbt/pffZZuBztDB/ug9hGklcRca8uAQxT65h87P6ENCkxENkTt1tiVLk+QWMWnVF nZvJsH3Ih6YkXiLZ+dZ4MU6T5zAZDJPNqP+5BC3w1qJ2S6V0Y0GY4V7vfXHPcu2bux03C3yj h2/Tl7Qjrh8fUENEqnm4nr9WxnavCzVhUeOFhW0xA9fSYktt726FRAjCbZdTEs+tW+/bOiY1 jNvEZHKI0tpbu9kU08x/GXWm0DAq2Zun2VDVRfg0C1b9+ld1ipNVBz89Pm6yCKJru6USik2X B/mRalb+F6HREuEnAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/j39iA86K1syW0BAw3P9UzMCnRiY>
Subject: Re: [core] Genart last call review of draft-ietf-core-object-security-13
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 07:41:51 -0000

Hi Joel,

Thanks for your review! I now have updated the draft with improvements from your comments, see inline. Hope this clarifies.

Thanks,
Francesca

> -----Original Message-----
> From: core <core-bounces@ietf.org> On Behalf Of Joel Halpern
> Sent: den 20 juli 2018 04:08
> To: gen-art@ietf.org
> Cc: draft-ietf-core-object-security.all@ietf.org; ietf@ietf.org; core@ietf.org
> Subject: [core] Genart last call review of draft-ietf-core-object-security-13
> 
> Reviewer: Joel Halpern
> Review result: Ready
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area Review
> Team (Gen-ART) reviews all IETF documents being processed by the IESG for
> the IETF Chair.  Please treat these comments just like any other last call
> comments.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document: draft-ietf-core-object-security-13
> Reviewer: Joel Halpern
> Review Date: 2018-07-19
> IETF LC End Date: 2018-07-30
> IESG Telechat date: Not scheduled for a telechat
> 
> Summary: this document is ready for publication as a Proposed Standard
> RFC.
>     My minor concerns from draft -08 have been addressed.
> 
> Major issues: N/A
> 
> Minor issues:
>     Section 7.2 is about sequence numbers.  The first sentence in 7.2 discusses
>     Nonces.  Then the discussion switches to sequence numbers?  My guess is
>     that the Nonce is left over from previous text?
> 

Actually, the first sentence discusses nonces since they are constructed from Partial IVs, which are basically the Sequence Numbers. I added this precision, at the end of the second sentence.

OLD:  An AEAD nonce MUST NOT be used more than once per AEAD key. The uniqueness of (key, nonce) pairs is shown in Appendix D.3, and in particular depends on a correct usage of Partial IVs.

NEW: An AEAD nonce MUST NOT be used more than once per AEAD key. The uniqueness of (key, nonce) pairs is shown in Appendix D.3, and in particular depends on a correct usage of Partial IVs (which encode the Sender Sequence Numbers, see Section 5).

> Nits/editorial comments:
>     In the first paragraph of 3.3, the text reads:
>   The requirement that Sender ID SHALL be unique in the set of all security
>   contexts using the same Master Secret, Master Salt, and ID Context
>   guarantees unique (key, nonce) pairs, which avoids nonce reuse.
>     Unfortunately, that is not a grammatical sentence.
> 
> 

I think this sentence was too long to be readable, so I tried to split it up. Hopefully it makes more sense now.

NEW: This means that Sender ID SHALL be unique in the set of all security contexts using the same Master Secret, Master Salt, and ID Context; such a requirement guarantees unique (key, nonce) pairs, which avoids nonce reuse.

> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core

v2.23.0 | Report a Bug | By Email