IETF Logo Mail Archive

Re: [core] comments on core-oscore-groupcomm-09

Marco Tiloca <marco.tiloca@ri.se> Fri, 10 July 2020 07:23 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E8083A0E6F for <core@ietfa.amsl.com>; Fri, 10 Jul 2020 00:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovql5fI6-I2y for <core@ietfa.amsl.com>; Fri, 10 Jul 2020 00:23:52 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2085.outbound.protection.outlook.com [40.107.21.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABFEC3A0E6B for <core@ietf.org>; Fri, 10 Jul 2020 00:23:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gGJBOev9uvfWlD27MKXRfaVC8sqMwyDKetelCCE0aS10eAKYwmzW9ZCQDP6k3Zrr3ilJUAo2Pcn6dectnjz+MNLW2o7t/yZoGgh2jxVd1VGZo/2jjXLxJ9O56tFN2lVpOUNk7IOTRrosby3wwujDfIMlzwj/5XGwPmTAgsEheCMSgFHPAdhQpeIRTvO2a0toOqcHaRoRoJ5Y4Kh9eW7wU8kquetUeU9WEF7t/9asmYFVHHyPGJBoAH9ucOQCKedpPJTJoTqyFAi6bmDbWufMaAN0dXw22IZFpFC9P+BxvzRZcT5QqTBo0n7eP0jVD6K8aqX4R/dMeqvcK+Uv8M+U0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AxX/lodLPdiwwBo9c4foIku1QYSObRKtCjHdXhLFxbM=; b=OVcvjjMm3scZTLKMDK/dvTJEM8RImh8XEBCbBPKq11w4u4t9hgrsvv12nA9UWSluB6kVnJF66O/foMqzrmNQ22GMDV3cgcSAcPCmRbFRD2GXjzs4Za4YH2KWxyGA0G+1SfkPC0EeLci6nwSiio0ddGqbMpc7y3802nHOHm3WMWU6rlFsncM1FlZEqVwVsIK1AB5Rzh7gRab0Cvr/7OYhY778TtwE+d1LRMbmq+/Ni89z/3njrRuMK3sg0LXIuzu3coljxSV9bitXoRp6n1TrSauxRcN3CIkDQAWPKI8J5cUFr1SH5A7CmTVijZn/7Z/7GtfyY4I7eJrsw5YOCyKdUg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AxX/lodLPdiwwBo9c4foIku1QYSObRKtCjHdXhLFxbM=; b=g/RsGVIRBrTDYFj/Ln69HuOX2djxVb5x5QlwTiP8HX2S04QscfGSogtHIw3I0ed7ejC8aX8sICTKmZisTcc6wVHoIdK98XxKpKE02/upH+cPMb8hELh5h+NFDOjLWJeBFHuHxae7NJoPVB7xUylZDvakxT9KR8ZMiSMBgboK1vs=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31) by VI1P189MB0335.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.20; Fri, 10 Jul 2020 07:23:47 +0000
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::2124:eed3:60cd:95a2]) by VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::2124:eed3:60cd:95a2%6]) with mapi id 15.20.3174.023; Fri, 10 Jul 2020 07:23:47 +0000
To: consultancy@vanderstok.org, Core <core@ietf.org>
References: <f061fb911f40d4308e796e561f3a03d8@bbhmail.nl>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <0da24c7e-85d1-b227-2136-673465a0f255@ri.se>
Date: Fri, 10 Jul 2020 09:23:40 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <f061fb911f40d4308e796e561f3a03d8@bbhmail.nl>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ZvawhMAga4dDDw5fHeTHpv0LAJEqlDf6o"
X-ClientProxiedBy: HE1PR0901CA0061.eurprd09.prod.outlook.com (2603:10a6:3:45::29) To VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.2.4] (185.176.221.195) by HE1PR0901CA0061.eurprd09.prod.outlook.com (2603:10a6:3:45::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.22 via Frontend Transport; Fri, 10 Jul 2020 07:23:47 +0000
X-Originating-IP: [185.176.221.195]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0f2e1f96-f04c-4447-38f4-08d824a22fa9
X-MS-TrafficTypeDiagnostic: VI1P189MB0335:
X-Microsoft-Antispam-PRVS: <VI1P189MB0335C82C87C290D15E9DB09599650@VI1P189MB0335.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: RPZ/GIxbTZRuCvLAIh39dXXlc8SBq9HwbQ7NmX88w5luyOfTZRxGCwGHwUGmfEt64VKGTLPdRq1KQK7QHlaAEor/mDpX5WD1nyyiwnbB0X8ciDjQwa5ZPC5kJqpRQSffh2T+yFUph8LaYDUH142o/tRwySROV+6y0nd7FKXbqsnRTsA8/cJ/83hGhgOnmXPZNGOEwM92GMF2lfqyMqUhR86l5i9oxa3zBDTxZ0xdC2Q+PmBdGAT6bUwi0XCH9rW/mndG8PMx8oEguZn6llevJuFvW6IZ97XA+JoPQ9Bb/y+z4N1gVeM5L3AxTSNF4Swq6NQfYYR/l1fYQ4lUA8oVt990GoM/aJycVgfhMitBv9ItoitnHS6/bZMskrOf3ZCRGJ/ZyMUPI//xo1+1VHGYfhK3/EojUqPv1QYNg60iqiDxRABE3Eu1c7/ONPsiIpV7X7Mea/xKM6lBxNWxPcrwiw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1P189MB0398.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39850400004)(346002)(396003)(376002)(136003)(366004)(16526019)(2906002)(966005)(956004)(6486002)(26005)(186003)(83380400001)(33964004)(316002)(166002)(36756003)(53546011)(16576012)(52116002)(478600001)(6666004)(66476007)(31686004)(66556008)(2616005)(66946007)(86362001)(8936002)(8676002)(5660300002)(15974865002)(66574015)(31696002)(21480400003)(44832011)(235185007)(6916009)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: iAWn6xhLyqhPyOzpII5n0D/A+ir4c93/oVH8TfIr+f1K5cNOwSyWOdKJsgcXIbo7MjoiwVua3nlTEJnHaXu6cmrNo/a85EXAE5HaTBameBOI5VVb5yml5eOchICcLOvNr+JyipfJ/BT+gtcsvruDrZrIguuP95SPt6TZDWwUpH3cXmnyQBudi5SY7+y0iVqQ7wopNpDAk6HynzR22KZQXbdI67Oa8h6iwnyZcktvfoaYaESFVIa18uvDhfYHZ8hd3VYoxm/FZ2KmZ+71MugbCf3/Drpwqv3KkKhR0ZApbkFMkyLrxxkxv4kz/wpbLv27tyOYtXDIKtJaoZ+07j/ZC4cem2nJAvlXZ10/acipyI742ECPIcF9Xx9ROFgu0fVyuHnv8BAxRWkMHiYpNBBckBtdAnvwnu/ou0f1hqXKNF1Zip3wENa9aq+Euy9pyYR2lclG6KHlRf9FtEsES3fX0sc5H3EysIk3CnypsA+szV+Zg32qjEemA7sUVoZDNJYU
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f2e1f96-f04c-4447-38f4-08d824a22fa9
X-MS-Exchange-CrossTenant-AuthSource: VI1P189MB0398.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2020 07:23:47.8025 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 2CmGHHvnRIGmBU1y5QzY4s+Jg3XeY/Kx2OHR6zvEPj4wCLiqqfSpK42dfdnwoZGA/Hhdbe4XdQCQQXCV6R5MQA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P189MB0335
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/t6P8ZIGVNDJVforAyhLRJ3_18y8>
Subject: Re: [core] comments on core-oscore-groupcomm-09
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2020 07:23:55 -0000

Hello Peter,

On 2020-07-09 14:29, Peter van der Stok wrote:
> Dear authors,
>
> After implementing the changes with respect to the former draft with
> exclusion of the pairwise mode, I have a question.
>
>
> Why do I need in the exteranal_aad and in the context both
> counter signature parameters and counter signature key parameters. One
> looks sufficient to me.

==>MT
Regarding the Context, Jim raised the same point in his latest review
[1]. We may end up keeping only Counter Signature Parameters, in its
current format.

Regarding the external_aad , the intent was to closely reflect the way
COSE Capabilities are registered in the COSE Algorithms and COSE Key
Types registries.

[1] https://mailarchive.ietf.org/arch/msg/core/VMhrAPEt4TE8jahatVd1EoDzdMI/
<==

>
> Secondly, It is not clear to me how pairwise keys solve the problem of
> a blocked group communication. 
> When using block in the multicast request, I assume that using
> unicasts to as many destinations is more straightforward.

==>MT
Multicast usage of blockwise is limited to a first multicast request
including the Block2 Option; then the following requests for blocks have
to be sent necessarily over unicast, individually to the different
servers [2].

Those unicast requests can be protected in group mode or in pairwise
mode. Using the pairwise mode prevents the attack described in Section
10.7, which can otherwise be performed by leveraging unicast requests
protected in group mode.

Would it help if the third paragraph of Section 9 includes a pointer to
Section 10.7 ?

Best,
/Marco

[2]
https://tools.ietf.org/html/draft-ietf-core-groupcomm-bis-00#section-2.3.6
<==

>
>
> Greetings,
>
> peter
> -- 
> Peter van der Stok
> vanderstok consultancy
> mailto: consultancy@vanderstok.org
> <mailto:consultancy@vanderstok.org>, stokcons@bbhmail.nl
> <mailto:stokcons@bbhmail.nl>
> www: www.vanderstok.org <http://www.vanderstok.org>
> tel NL: +31(0)492474673     F: +33(0)966015248
>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core

-- 
Marco Tiloca
Ph.D., Senior Researcher

RISE Research Institutes of Sweden
Division ICT
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

Phone: +46 (0)70 60 46 501
https://www.ri.se

v2.23.0 | Report a Bug | By Email