[core] WGLC draft-ietf-core-echo-request-tag-05
Jim Schaad <ietf@augustcellars.com> Wed, 10 July 2019 22:16 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B5EE12012A; Wed, 10 Jul 2019 15:16:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DIUrE85WaPy0; Wed, 10 Jul 2019 15:16:49 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 814CB120241; Wed, 10 Jul 2019 15:16:46 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 10 Jul 2019 15:16:40 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-core-echo-request-tag@ietf.org
CC: 'core' <core@ietf.org>
Date: Wed, 10 Jul 2019 15:16:39 -0700
Message-ID: <003901d5376d$27710960$76531c20$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdU3R0WwUSXHRxh8Sg2AOFV0PmUcNg==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/kQDL3_ZtVWqET2wG1nnlUN8HM7E>
Subject: [core] WGLC draft-ietf-core-echo-request-tag-05
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 22:16:52 -0000
Here are some comments: 1. The Abstract needs to say that it updates RFC 7252 - and it would be nice if it summarized what it updated. 2. You can clean up the text dealing with core-object-security 3. In section 2.1 - It is not clear to me why one would use an outer option for the echo option. The inner one would be end-to-end and thus does the freshness thing. What does the outer one do? 4. In section 2.1 (or section 2.2) - There needs to be some text about where the echo options should be reflected in the event that either both inner and outer options are returned or just an outer is returned. Can you use an inner w/o security for a new request? I.e. is the inner echo value considered to be a security value? 5. Not sure if it is permissible for a proxy to modify the request in response to a 4.01 with an echo option or not. Clarification might be useful on this topic. I think I understand the paragraphs about proxies as servers. 6. In section 2.3 - item 1 star 2 - I would think that a server could proactively return an echo option even if the request did not come with one. Thus GET - Content w/ echo - PUT w/ echo 7. In section 2.3 - item 2 - star 2 - s/expect/except/ 8. In section 3 it says that the requests must be integrity protected, but in section 3.1 it says that this may be an outer option and is of class E not class I. (And I recognize that it cannot be class I.) I think that section 3 is probably the incorrect one. 9. I think that section 3.4.1 is missing something, but I have not figure out what it is yet. I'll continue to mull this one over. 10. Section 3.4.2 - I think that it would be reasonable to highlight that two OSCORE blockwise operations meet these conditions as the path is hidden by security. 11. Section 6 - I am having problems with the idea of a forgery of an Echo option, if the option is visible to an attacker why would they need to forge it? 12. Appendix A - I think we have a different definition of forgery for list item 1. I would have labeled this as guessing not forgery. That is probably my security background talking. 13. Appendix A - point 2 - The security is even higher if encryption rather than integrity is used here. jim
- [core] WGLC draft-ietf-core-echo-request-tag-05 Jim Schaad
- Re: [core] WGLC draft-ietf-core-echo-request-tag-… Christian Amsüss
- Re: [core] WGLC draft-ietf-core-echo-request-tag-… Jim Schaad
- Re: [core] WGLC draft-ietf-core-echo-request-tag-… John Mattsson
- Re: [core] WGLC draft-ietf-core-echo-request-tag-… Jim Schaad