Re: [core] Comments on draft-ietf-core-echo-request-tag-02

Göran Selander <goran.selander@ericsson.com> Thu, 18 October 2018 21:32 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F5A312F1AC for <core@ietfa.amsl.com>; Thu, 18 Oct 2018 14:32:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.386
X-Spam-Level:
X-Spam-Status: No, score=-3.386 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=ec4F6OMG; dkim=pass (1024-bit key) header.d=ericsson.com header.b=fB+UgOR9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HTQWtwCG7bTR for <core@ietfa.amsl.com>; Thu, 18 Oct 2018 14:32:41 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84871130DEF for <core@ietf.org>; Thu, 18 Oct 2018 14:32:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1539898357; x=1542490357; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gHXsbZJL1Yq2Lv/hxUlPJ0Pdm+h137BiXYF4pvOIAxQ=; b=ec4F6OMGUihXFdDLkRUmoslKx2Re6ot+c3xeeq7QZCV+0eGIPt46dbjvl4BtW3wl bMC6S7aOtVhG8+jTmCcostw7RAGoeeI3PExrvByLNPwAhoCOL3s7jgNErmgi5fcK rtYvfV0oP/TeVGqZB+/2QRlKxZ/jGymln10sz6t8vTk=;
X-AuditID: c1b4fb25-a0b8c9e0000018b4-c4-5bc8fbf5ad0a
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 86.A6.06324.5FBF8CB5; Thu, 18 Oct 2018 23:32:37 +0200 (CEST)
Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 18 Oct 2018 23:32:13 +0200
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 18 Oct 2018 23:32:13 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gHXsbZJL1Yq2Lv/hxUlPJ0Pdm+h137BiXYF4pvOIAxQ=; b=fB+UgOR98urDhgH+xQ3ld52BJ32+2zxqkHdY8cAYCC2UwcdrTGYGfrjE+z7ewnxwS4aQ2EpIGVAnj7x7t3iEbyfyKVc+yvhJioyjwDrVbveLHLqA2xyMeb+F2LuAdZVAq6toD8hmrROO6OvOOyTHCyfTUeYFiACtOv7zFNd2OfY=
Received: from AM6PR07MB4822.eurprd07.prod.outlook.com (20.177.190.219) by AM6PR07MB4118.eurprd07.prod.outlook.com (52.134.117.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.5; Thu, 18 Oct 2018 21:32:11 +0000
Received: from AM6PR07MB4822.eurprd07.prod.outlook.com ([fe80::f195:bdf:6a62:3bcc]) by AM6PR07MB4822.eurprd07.prod.outlook.com ([fe80::f195:bdf:6a62:3bcc%2]) with mapi id 15.20.1250.022; Thu, 18 Oct 2018 21:32:11 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>
CC: "draft-ietf-core-echo-request-tag@ietf.org" <draft-ietf-core-echo-request-tag@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: Comments on draft-ietf-core-echo-request-tag-02
Thread-Index: AdRhDB0VTl1oEFpfS0G4KIUfFU0HbAFGCCUAAEWjJwA=
Date: Thu, 18 Oct 2018 21:32:11 +0000
Message-ID: <E207969D-C945-4E7A-94E7-C3F08EC46882@ericsson.com>
References: <00fa01d461b0$2a314f40$7e93edc0$@augustcellars.com> <20181017141813.GA4084@hephaistos.amsuess.com>
In-Reply-To: <20181017141813.GA4084@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.12.0.181014
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [83.251.145.234]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM6PR07MB4118; 6:fbsup+g4XMFjn2+1XfHdsRVUzGGaWiHEs1L6PO4UtZBcfHcdoIfiRSsjPjh7ctJfDGtEiujU3SLiLidOMHpAN2FZikdjvkWskd9jW/RR1+0kc6slQRAXPuYR04Xukc+atiDGSr7Vt4A+n273ytcKDUP7VZsb5PgPSgDrfsOsNioZen++QvKwi//dvdyDI7MPs5XN2PrgoQ2JehQ5li14c1NNc2WCsUTtFAKe1jUxngYSreLEI+1vo3/B4UgOghbnfae+VLmo/CLMNr2mGZrIizOyQ38Uv2eqgxVyCpYr8tMofDBc6PDxoRBSIzTx/zrq0UPBXorj9SLEeNvTvpkPmHJINuqAsmDN8BC9PwX79UkjrxBeAdad3GFjQvuYm8o+a0gb4PFQUU+ObXU6GWCG3gVgm4hHWXNt5+2m4Jifexci/hrlE1+y8zjxbGWsee8gb9K0NYm28rwufvXfF4qdZQ==; 5:wrgxpGR42XCmVn1bPQFRDUNDAqV4XEfqvpsKpfSLAH4DoxVM8F1N6KGdHU9Z5ZGJ8CsI+TpzssdgCj25qxI79D0NuF+xn4/IGSEpClGd2WZkSSjWfwNijwEZx9JUETnfP5D9y2+m7DHBSuVEkkLiJ21ZJfbqkJJrhM26A8SBnpY=; 7:97iKqGaH7BRM29CC3MXqUhkaz62Gau7sJrLcABnYX0ayLVhOnq7U8p6XCVKeectj7QTbcy4P1RG7/vny1mJw5EEHEdwxPRJHsnkOaPjQqwJkgKPYciDsgCBysyhUlElBy5YvTE9foPZCeA17UYmvyA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c1fe2fa6-d932-4ba3-f910-08d6354129e8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:AM6PR07MB4118;
x-ms-traffictypediagnostic: AM6PR07MB4118:
x-microsoft-antispam-prvs: <AM6PR07MB4118F7D98C3744AE916831C1F4F80@AM6PR07MB4118.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(158342451672863)(17755550239193);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149066)(150057)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:AM6PR07MB4118; BCL:0; PCL:0; RULEID:; SRVR:AM6PR07MB4118;
x-forefront-prvs: 08296C9B35
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(39860400002)(376002)(366004)(51444003)(53474002)(199004)(189003)(6246003)(14454004)(33656002)(66066001)(4001150100001)(26005)(97736004)(478600001)(102836004)(3846002)(6116002)(14444005)(186003)(256004)(4326008)(5250100002)(25786009)(53936002)(36756003)(85182001)(106356001)(85202003)(105586002)(6916009)(68736007)(99286004)(53546011)(6506007)(76176011)(66574009)(446003)(58126008)(2616005)(8676002)(486006)(11346002)(54906003)(81166006)(81156014)(8936002)(2900100001)(476003)(229853002)(6486002)(6436002)(6512007)(82746002)(71190400001)(71200400001)(83716004)(316002)(86362001)(2906002)(5660300001)(305945005)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB4118; H:AM6PR07MB4822.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: OJph1B5EDNjqZggkz8PwmKuBiBl9sAdLUegwu0VyJDhAHoFsGtWRwvpZ7hAAnq6+mfYrouWizHlaXCeybjJCScAaXWcA79OY3uCl9bhpQDOflCRbE8Rh+GfW906U1EmSO3/558j6rkk9MGI2mpcSJD6P8/5jkImiYo+g8yadVIQVcoTW7lENYYWRvfHdxUjLqOVxh/DENSb7zTDVJ0vWZtyGC/PgOLXlXlHCfStf4zJcIMuCMjjkBvwJEEZFv5aZ6TnfBOmeMkupdqjGwq5MsrxNDpvA+TjvbMjtgvRMW9OJ5akcTEhCAfG4jszdeWi8lrq9l6pJz9mCRKdiv9Av6P0fw3KQCS0rYBLX71ge7OE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <6A6D33069CD75E449EED171FA887047B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c1fe2fa6-d932-4ba3-f910-08d6354129e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2018 21:32:11.0623 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4118
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0hTYRjHfc85bsfV4G2pe7KbDiQUNjUTV2llFBl0+1apXaYevF/Yljci ZhbJXKC4KTNBwRnVTE0tMyVwrJx2Re2iBN6GGZSkNc0rbecs6Nvv/zz/58LzvjQp0nv60WnZ akaZrciU8ASU8VxnvtSxYosPbZ6Uyp//aCHlY7Zuntxcvcg7RMY+qq3mxZpMS8QZIk4Qlcxk puUxypADlwWpM1Ol/Fx7UsFyXYIG1Sq0iKYB7wGz/ZgWCWgRfoFg2jxIcGIBwbJpGHHCRMCv kkbSJShcToLN+tZtqySgvdXI1yIvpxhH8OmL0MU8fATGNZOEi73xLnhsHmGZxNdg7reO9W/G UfBkRuv2RIPd3MXjeB/0N9xh4xQOhK6WFU8XC/FBqOr4Q3KzcsGodyAXe+H90L+wxNYi7AuL A03uWWIYtdexDBiDqecdybEPfJtaZ3v64BCof1VNcrUX4Xqzhsd5JNB9s9/t3w6DdWXsKQB/ 5EFT1Xt3Uyn8NBjcppPQ2zNLcqY+BBW9AxSXCAajrdHNGbCqXXRPSIDRtQayHIXX/LdsjfNR SBwELc9CuHAsfNXoKI4DQF82wa9hb7EJ+o12qh55PkA+KkaVmJWyO1zGKNOSVKqcbFk2o25D zr/S27ES+BQNfY+xIEwjyUZhvsMWL/JU5KkKsywIaFLiLXR0OkPCZEVhEaPMuaS8ksmoLGgr TUnEwonI9jgRTlGomQyGyWWU/7IE7eWnQUU6q1wXbTDMy1PGQnW2tYD1l2210rITAssGvnU9 5k1fwYLeVxwZtGqYG2u/empLuunu68TiytnGOH/6grYoYkd65I37Z1u9p4kPjoDafL5sbVtQ ZUnJkLjq8NRDiew2cbomwsN/7+fj+ntGj8H5/ALrzorS4uHGW+c7wo4SI2oJpUpVhAWTSpXi L7JlcNYnAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/rYyYcTNwhIwF3xKP_c6V_O1lp-c>
Subject: Re: [core] Comments on draft-ietf-core-echo-request-tag-02
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 21:32:43 -0000

Hi Jim,

Thanks for comments, responses to the remaining comments below. The CoRE WG Github is updated.

On 2018-10-12, 00:17, "Jim Schaad" <ietf@augustcellars.com> wrote:

    I have read this document and I have the following comments:
    
    * Introduction - you say several enhancements, but there are only two new
    options.  What are the other enhancements?
    
GS: "several" removed. A number of applications are listed, e.g. in section 2.3, but no need to go into that here.

    * Introduction - The sentence "This document specifies ..." this sentence
    says you are doing two thing and then there are two sentences.  I think you
    can tighten this up with a colon following "Request-Tag option:", delete the
    rest of this sentence and keep the next two sentences.

GS: Done.
    
    * Section 1.1 para 1 - I think you should provide a couple of reasons why
    this is not a suitable solution.  I can think of multiple different reasons:
    a) The amount of traffic and resources required - which may not be a problem
    with both sides just one. b) Going through proxies where the freshness gets
    lost as a client renegotiation does not get to the server and a proxy
    renegotiation says nothing about the client. c) Amount of time involved.

GS: Motivation included.

    * Section 1.3 - I am a bit lost in this section.  When doing matches between
    a request and a response I am matching up the message id and the token if it
    exists.  You need some additional text in here to describe why it is that
    you are talking about something interesting to me.  
    
GS: Text updated and example included.

    * Section 2.1 - Something seems to be odd.  I don't think the RFC editor
    note is correct.  I think a paragraph must have disappeared

GS: Paragraph added.
    
    * Section 2.2 - I don't think if you reboot that you have lost time
    synchronization, rather you have lost time continuity.  That said the
    current term may be state of art and thus correct.  To me synchronization
    implies a minimum of two parties.

GS:  "continuity" seems to be the right term here. Changed in 3 places.
    
    * Section 2.2 - I think that you need to make some arguments about what
    happens if an Echo option value is provided to multiple entities either
    because the server will just re-use it's current value for some period of
    time after creation (valid for time m and used for time m/3) or because a
    proxy provides the same answer to two different clients.   Note that this
    seems to be not recommended in item 2 of section 2.3
    
GS:  Added clarification: "The server MAY include the same Echo option value in several different responses and to different clients."
Also added example of this, now sub-bullet of item 1 of section 2.3.


    * Section 2.3 - Item 4 - I don't understand what is going on here.  I am not
    sure what the device is joining as (a responder?)  Is the sync done by two
    unicast messages or a unicast followed by a multicast?  

GS: Restructured section 2.3. A sub-bullet of item 2 now describes a new device joining a group and synchronizing state or time with a client, allowing synchronization either with multicast or unicast. I hope that is more clear.
    
    * Section 2.3 - Item 5 - I am not sure that this is a reasonable answer for
    having a proxy sitting there.  I could easily be wrong and should probably
    spend some time thinking about how this does/does not work.

GS: This is now item 3. There is no intention to use a proxy here, so I don't understand the question. Please elaborate.
  
---
  
    * Section 5 - I have not seen a justification for this anyplace.
    
GS: Included reference to section 1.3. (Also reference to section 1.1 in section 2, and to section 1.2 in section 3)

    * Section 7 - para 1 - What is the problem w/ using an encrypted wall clock
    time for a timestamp?  These text appears to say that this is a bad idea but
    the issues seem to be with using unencrypted items not with the wall clock.
    The next sentence makes more sense about why not to use one.  
    
GS: With encrypted wall clock we typically need to store or transport the IV, 
in which case the random value method is not worse in message size and server state.

    * Appendix A - I would think that if you send a 32-bit timestamp in the
    clear w/ an integrity value that one can start making guesses about some of
    the same privacy problems as the use of a wall clock.  Knowing when a server
    was last reset could tell you the same things.

GS: Added reference to the new privacy considerations section.


Any further comments are much welcome.

Göran




On 2018-10-17, 16:18, "Christian M. Amsüss" <christian@amsuess.com> wrote:

    Hello Jim,
    
    thanks for your review; we're working it into an updated document for
    WGLC.
    
    Responding to the comments related to Request-Tag:
    
    On Thu, Oct 11, 2018 at 03:17:12PM -0700, Jim Schaad wrote:
    > * Section 3.1 - The note to the RFC editor has me confused.  Firstly, I am
    > not sure why it should be moved rather than just staying here.  
    
    Updated. I hope that the process of submission will be clear enough
    beforehand that we can remove the paragraph or move the text ourselves
    -- if (as I expect) OSCORE enters AUTH48 before we submit ERT to the RFC
    editor, that text will be gone by then.
    
    > * Section 3.1 - I think that the value of Request-Tag is potentially going
    > to be different depending on if it is in the inside rather than the outside.
    > You may be doing two different block transfers and each needs its own value.
    
    Updated to explicitly state that those values are independent because
    they relate to an inner or outer blockwise transfer.
    
    > * Section 3.2 - the first paragraph does not scan.  I am not sure what it
    > says as it seems to be contradictory.
    
    That paragraph assumed a very particular implementation method for
    servers (that unknown options are processed in bulk before known
    options); does this re-wording read better to you?:
    
      The Request-Tag option does not require any particular processing on
      the server side outside of the processing already necessary for any
      unknown elective proxy-safe cache-key option: The option varies the
      properties that distinguish blockwise operations (which includes all
      options except elective NoCacheKey and except Block1/2), and thus the
      server can not treat messages with a different list of Request-Tag
      options as belonging to the same operation.
    
    > * Section 3.2 - para 2 - The example sentence looks odd.  Do you mean it can
    > have a cached response not a free response?
    
    That was worded confusingly and is now changed.
    
    > * Section 3.2 - para "especially" - I find the first sentence very hard to
    > understand.
    
    That paragraph has become obsolete with the presence of core-stateless
    anyway and was replaced with a reference there later in the proxy
    application.
    
    > * Section 3.3 - last para - how do you recycle something that is absent?  I
    > think the last clause needs examining.
    
    Added a sentence on absent Request-Tag options being a value of its
    own, explaining why that can be recycled just as well.
    
    > * Section 3.4.1 - Item 2 - how is a client supposed to be able to know this
    > if the proxy in the middle just passes it through w/o changing it?  Two
    > different clients could end up with the same Request-Tag.  One would hope
    > that they would have different tokens because of the proxy however.
    
    The whole 3.4.1 is, as per item 1, only applicable to blockwise
    operations split into end-to-end protected individual exchanges.
    
    (Ie. DTLS w/o proxies, or inner blockwise in OSCORE).
    
    If that does not answer the question, I don't fully understand it,
    please help me find where we diverge.
    
    > * Section 3.4.1 - This seems backwards.  I thought that OSCORE was tightly
    > bound to the end point, but this paragraph says it is not.
    
    That was my idea of OSCORE inner-blockwise being allowed to jump
    transports (which it could easily do but is not specified that way);
    I've replaced the paragraph with a weaker and more hypothetical one.
    
    (By "bound to the end point" I meant that whereas a running DTLS session
    will only stay alive while IP/port/interface quintuple stays the same,
    an OSCORE context can be used even after those endpoint identifiers have
    changed.)
    
    > * Section 3.4.3 - You have a "Section TBA" here
    >
    > * Section 3.4.3 - Please keep the section for justification of Request-Tag
    > being repeatable.
    
    Given that we now do groundwork for Stateless which is more directly
    applicable, that document is now referenced instead, and left in.
    
    
    Thanks again
    Christian
    
    -- 
    To use raw power is to make yourself infinitely vulnerable to greater powers.
      -- Bene Gesserit axiom