IETF Logo Mail Archive

Re: [core] I-D Action: draft-ietf-core-stateless-02.txt

Thomas Fossati <Thomas.Fossati@arm.com> Tue, 22 October 2019 10:33 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89C92120111 for <core@ietfa.amsl.com>; Tue, 22 Oct 2019 03:33:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=t64B18Iw; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=O3ZFANH9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uzr_-ZY3Hqxn for <core@ietfa.amsl.com>; Tue, 22 Oct 2019 03:33:37 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150042.outbound.protection.outlook.com [40.107.15.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64500120143 for <core@ietf.org>; Tue, 22 Oct 2019 03:33:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=deb/jj1CdiHzdRt5PJe0WDAwMbJp6pMGIUv98OOhQXQ=; b=t64B18IwSUaN2Fbr6eh6nWa0YEQ2zEcr0UQIrAqY4Y4CkxQFsW7AO3xtAl9Np70Dm8h7tqb8dmGeruYl9zfmyTxC+pwVUdriAmAOwjAnn5KZcZvqK2KGQ74jf9ZL5z6lFH/gxc6p3IlVlpGqmSxg7ajU4f4eK33dfko9by3Em5I=
Received: from VI1PR08CA0105.eurprd08.prod.outlook.com (2603:10a6:800:d3::31) by DB8PR08MB5417.eurprd08.prod.outlook.com (2603:10a6:10:117::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.26; Tue, 22 Oct 2019 10:33:33 +0000
Received: from AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::206) by VI1PR08CA0105.outlook.office365.com (2603:10a6:800:d3::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.21 via Frontend Transport; Tue, 22 Oct 2019 10:33:32 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT064.mail.protection.outlook.com (10.152.17.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.23 via Frontend Transport; Tue, 22 Oct 2019 10:33:31 +0000
Received: ("Tessian outbound 851a1162fca7:v33"); Tue, 22 Oct 2019 10:33:29 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 49b0e35f73d8545e
X-CR-MTA-TID: 64aa7808
Received: from 869dfd280d15.2 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.4.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 8A5FC992-3FE8-4D25-8CF2-F4F9EE9FDE9E.1; Tue, 22 Oct 2019 10:33:24 +0000
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2050.outbound.protection.outlook.com [104.47.4.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 869dfd280d15.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 22 Oct 2019 10:33:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YgZK2xF0QU4qcsbqjEDQd5hIfwgVjT+IxiLXeQGuXPt2/JZUuEXnbubKromL8FI7k63urxkUA9jPXpD7TvDLcHuYEzO/wpMcBgIWg+98fsG2L4Z0f3aOG025BWwqGShNvxHVhsIMcrcsc2wnfTdpNJspjGKnqLezwiMx2YOAJCRQUFSnv06PcdfjlfTLCVenGj10JSS84XC51njneIGZsnBjbqVIdZ1RPkmfq4Ing/pzxDuCf04fSdY8oq4nCdUWpON/e72KgWKap40NIvTQ6m00nstwK1BCIb+FkHMuEhRpoVHG0ZOTFh7Y2d7HWUimxr0woCFGoIsQ7voKACGkXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lKe2Lo7SXUKaTZ81ShGxFqzCyE2dMgnPnM3Kx5ih0wA=; b=Pav2qTWqqm/oPvJ4Od8JjyZaNmdlHcmJOiGlz88GFTFInENFXWXjLsAnNwSSyhNgugIUXGYa7wYNCmYYQiRa94p2ozy9JmgnJCSIDxfTdxR6+sCOH4so0Vm5DHum9YEZY0LQqz4HtOxXpjuG+lrKt2IbCeU6B6awGNXBPd3A5NaIHgRj21JPLjuA8LkpTCG1S1vbsDjMcZVaYVHlCFELjNdgkPHN92tMm+fiXyQ4k6O6o0tCgKGdiLKYtCHu937Qbw4esL6s21U+lyVcdNcTBigGjjMYh1haRUFhlD/2e67DYMxY2OL33BagG9L9jEnSLXV+6PKNBWOuhKRvzfEVRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lKe2Lo7SXUKaTZ81ShGxFqzCyE2dMgnPnM3Kx5ih0wA=; b=O3ZFANH9LRPSPMJ0xLV6gf8Ho7sNrxOHoyUNzPEeELdQrc8EFN1cok7XJA8MLHnN6NxDFe2n4LEWsnBAK5ylSz6k55Omc0xEUEaNCFD53LlvSDrIGRtlQ62E//K6UkAO7yQfNR4RFQevt4re+50X/8+Snd8P/lczVeZ146jW4GE=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB2950.eurprd08.prod.outlook.com (52.135.163.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.21; Tue, 22 Oct 2019 10:33:23 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::8855:3670:214e:4791]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::8855:3670:214e:4791%6]) with mapi id 15.20.2367.022; Tue, 22 Oct 2019 10:33:23 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Klaus Hartke <hartke@projectcool.de>
CC: "core@ietf.org WG" <core@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [core] I-D Action: draft-ietf-core-stateless-02.txt
Thread-Index: AQHViDTVJLShyaOWOk2o+GoePQIliqdlWkIAgAEWowCAAABggIAAF1YA
Date: Tue, 22 Oct 2019 10:33:22 +0000
Message-ID: <38629887-0795-4F7F-B6AB-E446B63489CF@arm.com>
References: <157167881320.31820.15335648329568633649@ietfa.amsl.com> <CAAzbHvZB4ZUEhgVujwHOE3fum0JLQUu8vYyiBVhGDH5KfsEuxA@mail.gmail.com> <32E81F88-6171-4EBB-AA6E-886CF5F59548@arm.com> <CAAzbHva-v_EWGSbYWnio=7oNn=sAvQADRj4zTV5E7sYYMxdU0g@mail.gmail.com>
In-Reply-To: <CAAzbHva-v_EWGSbYWnio=7oNn=sAvQADRj4zTV5E7sYYMxdU0g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [217.140.106.53]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 581275c2-0711-448f-7d21-08d756db48b2
X-MS-TrafficTypeDiagnostic: AM6PR08MB2950:|AM6PR08MB2950:|DB8PR08MB5417:
X-MS-Exchange-PUrlCount: 1
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB8PR08MB5417680AA2DB1AD050A3A0529C680@DB8PR08MB5417.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 01986AE76B
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(136003)(366004)(39860400002)(396003)(199004)(189003)(52314003)(51914003)(476003)(2616005)(86362001)(102836004)(186003)(11346002)(446003)(316002)(58126008)(54906003)(71200400001)(2906002)(36756003)(99286004)(26005)(76176011)(71190400001)(256004)(6506007)(14444005)(486006)(53546011)(5660300002)(6306002)(6116002)(33656002)(6486002)(6436002)(6246003)(7736002)(25786009)(305945005)(6512007)(229853002)(3846002)(4326008)(64756008)(66446008)(91956017)(76116006)(66556008)(66476007)(66946007)(6916009)(966005)(478600001)(8676002)(81156014)(81166006)(8936002)(14454004)(66066001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB2950; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: hfMGEsQ2hRkODHZ0J/+cAVIjZZIQfwWGjmC4FQq+aPUOwqsy5JkKR8U1fuqP/AXTg58owbuNhFzCCRJO/p4VY0sF5+SeSi7y65op2nyLYWzGuEBazPN3V2PdNw3kZQgG68rvkpL+v+HFQm7HSZQlO4GvNAlYFJcSOTwb3F71HbGG8SwlkyYm86UrR7MGTdC2rzbCROrTRYHrrD/Ia+/Dm9mpm7TJtx8BOdN8Y7E3qCZ6xglZGM5kIvk5cK3StJg6xkdbGT0y6+I+aMQqod0nB3eiIoVF64nmcAQjJULCh6bI5aEOKXdc8ZkBydxSrYxsJDWpzDvXK5uJQiVbXtNer53M3ndFSUtYkASMdDui0Lzdm/xMPOOkx95kQKEEOuNemidDM2WF4ECb50/8q0g9RUM37RN3lOcOfL7kp/HWZSeIa68wgkUrxUiLXoX5Puw1TFBSdO64EPLuj2vWulcFgQlCRoBGrgzXOnDDdmR5GLM=
Content-Type: text/plain; charset="utf-8"
Content-ID: <CBC9C41F38589F479596957072095E7B@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB2950
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(396003)(40434004)(52314003)(51914003)(199004)(189003)(5024004)(11346002)(81156014)(478600001)(305945005)(33656002)(7736002)(66066001)(50466002)(47776003)(36906005)(316002)(2906002)(26826003)(4326008)(26005)(53546011)(25786009)(81166006)(5660300002)(356004)(6506007)(14444005)(2616005)(76130400001)(486006)(63350400001)(8936002)(2486003)(23676004)(446003)(36756003)(22756006)(14454004)(476003)(58126008)(126002)(6306002)(70586007)(6862004)(54906003)(70206006)(76176011)(3846002)(6116002)(6512007)(86362001)(6486002)(8676002)(99286004)(436003)(336012)(966005)(6246003)(229853002)(186003)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB8PR08MB5417; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 3e21c6ed-a09c-4aa9-202f-08d756db43ba
X-Forefront-PRVS: 01986AE76B
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HS2XJsYpAoWwRKDrQRfkp80HZnlVXDMSzu6NSz0Lkm5rGEYzqba3qAZ1eYvXuVX6/bAY4WriXOjluCSpCaTS+5CSIkVhkx22S27zKRD1OB9+UaShwttN4LyB+1eDI7INnGd9kzxH9yftt+TSWyNw8T76vdEjcdJFMh0QGkTHpExrmBYm6XVUEiKBo/nYKema0wPIVKtpC4MObxDTt81b7KrXoExyK9byzEc4wz8I5mLXflZmAv6REcX3oGnVEDnxICNvxx/9fruWrKrCr3FUpIk6iBB2Zag/be93enB/Rj35JBf8pkVobgfV3iJnJBOv2Zl6ixDDK125Q+wQqlZbsQw/WxAQo4EoWfJ6+dmLyWzuF26H3WVEfuwBVEVC8UE80F/q2AChacazJorwgupix86Ob7LcVqDQV9SDuvLntHyIXjdw62JYrlI++Yjja6A2f2rR4KvQFiKqatVJPUyQFg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2019 10:33:31.2847 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 581275c2-0711-448f-7d21-08d756db48b2
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5417
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/us-b3obt1peDSGash0lKEw00EmA>
Subject: Re: [core] I-D Action: draft-ietf-core-stateless-02.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2019 10:33:41 -0000

Hi Klaus,

On 22/10/2019, 11:10, "Klaus Hartke" <hartke@projectcool.de> wrote:
> >   When an option value outside this range is received, the value MUST be
> >   clamped to be within this range.
> >
> > I find this sentence slightly difficult to action: it doesn't say which
> > value should the receiver pick in case of {over,under}flow -- is it one
> > of RANGE_MAX / RANGE_MIN (whatever the closest) or some arbitrary value
> > within [RANGE_MIN, RANGE_MAX] ?  A bit more clarity would help.
>
> The intention was to say: If the value is less than 8, then it shall
> be set to 8. If it's greater than 65804, then it shall be set to
> 65804. I though that's what clamping means, no?

Sure, it's not "clamp" but the following "to be *within* this range"
that creates the ambiguity.

> > Tangentially, I don't see a good reason why the receiver should silently
> > accept out-of-range values from the peer?  I appreciate that the
> > effective TKL is constrained anyway, but my preference would be to fail
> > with an explicit signal.
>
> The rationale is different for the two cases:
>
> If the server indicates it can handle tokens up to 5 MiB, then the
> client cannot send a 5 MiB token, because the maximum length supported
> by the message format is 65804. But if a server can handle tokens up
> to 5 MiB, then it clearly also can handle tokens up to 65804 bytes,
> right? So there's not really an error if a server indicates a value
> greater than what can actually be sent.
>
> If the server can only handle tokens of some length that is less than
> 8 bytes, then it's clearly not implementing RFCs 7252 and 8323
> correctly. This will never happen, so I think a client implementation
> shouldn't bother spending any more cycles than on a comparison and a
> conditional move.

OK, thanks for the rationale.  I can surely live with that.

> >   to indicate the maximum length of a token in bytes that it accepts in
> >   requests.
> >
> > Maybe: "to indicate the maximum acceptable length of the token (in bytes)"
>
> Maybe this?
>
>     A server can use the elective Extended-Token-Length Capability
>     Option to indicate the maximum token length it can accept in
>     requests.

LGTM

> >   support by a server does not oblige a client to actually make use of
> >   token lengths greater than 8.
> >
> > s/oblige/force/
>
> This wording is copied from https://tools.ietf.org/html/rfc8323#section-5.3.2

OK, it sounded slightly unfamiliar to me, but a) I'm not a native speaker,
b) if the RFC Editor is happy with that construction who am I to argue? :-)

> >   AES-CCM with a 64 bit tag is recommended
> >
> > CCM (and the tag choice) looks fine given that a) we need to buffer the
> > whole header anyway, and b) we want to limit the amount of tag bits as
> > much as possible while keeping the whole auth-enc machinery secure.
> > Maybe we should stick the usual note about nonce reuse / misuse
> > (especially for clients with low-quality entropy sources) and key
> > rotation strategies (since proxies potentially need to route a
> > considerable amount of messages).
>
> Would you like to propose some text?

Sure, will do on Github.

> >    If a server supports extended token lengths but receives a request
> >    with a token of a length it is unwilling or unable to handle, it MUST
> >    NOT reject the message.  Instead, it SHOULD return a 5.03 (Service
> >    Unavailable) response.  (Returning this response requires that the
> >    server implementation is able to return a token of any length, even
> >    if it otherwise cannot handle tokens of that length.)
> >
> > This para is a tad dense.  In particular, the use of "unable" seems to
> > contradict the MUST NOT: if I'm unable to handle this how can I not
> > reject it, what should I do?
>
> Handling a request usually goes through multiple steps from receiving
> the message to handing it over to application logic. The intention
> here was to say that a server implementing the document at least needs
> to support large tokens in the first few steps (enough to return an
> error response rather than a Reset message -- which is how we
> distinguish between "server does not support extended tokens" and
> "server temporarily does not have enough memory for this extended
> token").

Thanks.  This is exactly what I meant by "dense": it looks like there is
an interesting amount of relevant information that is left implicit.  I
think articulating the assumptions as you just did will make it easier
on future readers.

> > I'm probably not up-to-speed with the
> > related discussion, but I don't understand why we moved from 4.xx to
> > 5.xx?
>
> Now that you're mentioning it... It seems this needs a bit more thinking.
>
> There's the case where the server temporarily doesn't have enough
> memory to handle a request with a large token (so nothing that the
> client can do about -> 5.xx). And there's the case where the client
> chose a large token that the server will never be able to handle after
> the initial steps (so not something the client should try again ->
> 4.xx? 5.xx?).

The latter looks like a 4.xx to me.

Cheers, t



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email