Re: [core] Genart last call review of draft-ietf-core-stateless-05

Klaus Hartke <> Wed, 01 April 2020 10:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2D9923A046A; Wed, 1 Apr 2020 03:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YgVrrX3-PirQ; Wed, 1 Apr 2020 03:27:54 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:7d00::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5085B3A045E; Wed, 1 Apr 2020 03:27:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=E1gYs0SNZqhghA1SKvfzDKojVaSTSnqm2mORI31j5e9xxgpDHaVGT5AP1G/OVRhSeTEHgAFbAzn4QxhfLHhNnIzRJ0CLMM7MqdcVeAK2hKvPuN6lvWw8WgtoPLq+QveO+EcnNnt0mIVxpit3ReJJeiva0jHqxCTyVRS/Pa/l7RpUXDg2DnlZzeY9p4iVw8rCccSKqENQkP17bEfV1ExolefVTWEJsj1vGGblF44cV4cMmCCWwxrbVGgHTW69//JS3jEfVtvRA/W2TFVijGwMkB9JUUXPWZMqJDE7vQ27jagHGSJXo5LrhpC0X/Y/nNDv2UjWi14maJYxDOoY8ZyoXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=irPgiowTZuM3JZ9zvoUUkvlfAbuZdbkjtZWCJcfBouI=; b=JK6dHSm9+skUXLGwe3ywcrm2IMUcgOx25Yvi6BBRIjyz6W0SjBIgdengtOvZTHrsf1lbei0ur/+abtEP2xEVNUC4yvw8H2HlZZa8HMbXq4CWiWbtR2HJbw4y6qzT0ozEFVAwF9W9DiUqz34A0CYh7bEeJuZMjlmBnRw63/NHFwroEn3A0NklIKFTo2oQsGk9LOeDgGDMkuvVd5nWuZHbWl0gb7XTHs8rEGeRpFsiV7EXTLayzUxVKdX7r37ayWRNH7nFmNl329/yHRC3ECoNmMl3qruyk1DI4UiDjJX78yj3g4pgOX+u8FLtgK3VDIwvFf1QpvNr115PJspM9W+0MA==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=irPgiowTZuM3JZ9zvoUUkvlfAbuZdbkjtZWCJcfBouI=; b=fNbZBcY2/fiwHZGN4/3g71hjJYsXn4z7nA/znExB6nMOOuvgSEeuQ3xxHm2h2IgXV3pGAHRgyxbojQseQ800YQIZrVHvC7zP/8eyxZfnpfM5NBPdZ4bp6lMOzp9IYau82Q6x6wg9lso7Ezp6LEFQ6c8ljrXCqAkraiKtNw0O7dc=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.13; Wed, 1 Apr 2020 10:27:51 +0000
Received: from ([fe80::e15f:e9fc:6df3:addb]) by ([fe80::e15f:e9fc:6df3:addb%4]) with mapi id 15.20.2878.014; Wed, 1 Apr 2020 10:27:51 +0000
From: Klaus Hartke <>
To: Dan Romascanu <>, "" <>
CC: "" <>, "" <>, "" <>
Thread-Topic: Genart last call review of draft-ietf-core-stateless-05
Thread-Index: AQHWCAKD8N/HP8w1VEasHYVJq2mkJ6hj94eQ
Date: Wed, 01 Apr 2020 10:27:51 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 31d281f2-7318-42b9-62fc-08d7d6275525
x-ms-traffictypediagnostic: HE1PR07MB4345:
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03607C04F0
x-forefront-antispam-report: CIP:; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM;; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(376002)(366004)(316002)(64756008)(5660300002)(52536014)(110136005)(44832011)(55016002)(2906002)(66946007)(66446008)(76116006)(66476007)(66556008)(186003)(26005)(33656002)(8936002)(54906003)(81166006)(9686003)(478600001)(6506007)(86362001)(81156014)(8676002)(7696005)(71200400001)(4326008); DIR:OUT; SFP:1101;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FFLGP1opJpBOVZbPebYfdj/cSy/Hjee+GgaLZ4SwRPhbNGsVd/rSey7WaHXsWtFzwFyhMTPJwhGc7GZAm6Lbn6dD41es1GhiI+ruywP1Jha0BkgZBzB4FIYfgiwA9UxXaq+dDUF1W78tA0s6Xj33McY/biCTDyB3W0I5Dp5QCllwHKYEMnmM4alEi0Nn976YNz9h6o2hDQTpJktidoIijHJF0c7e2r0o6dCYLMIncNytmuTa+nSxFYMoLD8xAQK9imiPmbhiGlCxYHkVa+MrvIa4TZ1gx2/SZ+3dKbQneUIbnP8d+X7RZGX/RV03geqjQbyuTLyVCq78alyOwr8LiVwOdaUvQvLQxOr1chH+p4VNwVo12aNYDKnJvSNwjR8MsjluLYsGjm5m9zoNavKnJhDIx2tyWIGYAX2dUp/wiYRHpEnycpoqgI73QSkLCrRg
x-ms-exchange-antispam-messagedata: dAvLWXkmlzPzxERRj10IQtxNlnyEiKq7DOg9Yuu6PMzihZceK7Mi9E1mtrgmu0VF+pXPIDQt9G0B/er/3vRiwxPQTtW02nYUY21zjVV8DhGg8IRr3pr1uaMHnr9rNTnSltJypegW/0EehgQyuGweVw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 31d281f2-7318-42b9-62fc-08d7d6275525
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2020 10:27:51.5207 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7OSQMLlEtovTImMkxXzD8Wce3WcDlnXCaVVDHGa7JKxzCTNWq8Jw3jrj+COWMCtCZNFit+Yo3qEvDvD5Qb92Y8fDY2aIG2JmodxDh3Kks6Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4345
Archived-At: <>
Subject: Re: [core] Genart last call review of draft-ietf-core-stateless-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Apr 2020 10:27:56 -0000

Dan Romascanu wrote:
> This is a very clear and well-written document. I have a few minor issues that
> I suggest to clarify before approval and publication.

Many thanks for your review!

> 1. It would be useful to include some considerations whether the authors
> consider useful / possible / allowed that the mechanism (extended token
> lengths) presented in this document can be used for other purposed than
> the by-design the use case (avoiding per-request state).

The last paragraph in Section 1 says:

   While the use case (avoiding per-request state) and the mechanism
   (extended token lengths) presented in this document are closely
   related, both can be used independently of each other: Some
   implementations may be able to fit their state in just 8 bytes; some
   implementations may have other use cases for extended token lengths.

Does that solve your issue?

> 2. In Section 2.2:
> >  The idea is that a server implementing
>       this document should at least support large tokens in its first
>       few processing steps, enough to return an error response rather
>       than a Reset message.
> Why is not this 'should' capitalized? What happens if the server does not
> support large tokens in the first processing steps?

If the server does not support large tokens in the first processing steps, it will likely incorrectly indicate that extended token lengths are not supported at all. This is what the 'MUST NOT' in the preceding paragraph prevents:

   If a server supports extended token lengths but receives a request
   with a token of a length it is unwilling or unable to handle, it MUST
   NOT reject the message, as that would imply that extended token
   lengths are not supported at all.

The design note provides just additional commentary on this 'MUST NOT'; it doesn't add any new requirements.

> 3. In Section 5.2:
> > The use of encryption, integrity protection, and replay protection of
>    serialized state is recommended in general, unless a careful analysis
>    of any potential attacks to security and privacy is performed.  AES-
>    CCM with a 64 bit tag is recommended, combined with a sequence number
>    and a replay window.  Where encryption is not needed, HMAC-SHA-256,
>    combined with a sequence number and a replay window, may be used.
> A few issues with this paragraph. Why are not 'recommended' and 'may'
> capitalized? The formulation 'is recommended in general' seems odd, and
> the rest of the sentence does not clarify. What does 'a careful analysis of any
> potential attacks' mean? Who is supposed to perform this analysis and who
> can ensure it is 'careful enough' at any given point in time for any potential
> attacks?

AFAIK, the Security Considerations section is supposed to discuss security-related issues that users need to be aware of, but not make normative statements. So all the normative requirements are in Section 3.1. (Where 'users' in this case are implementations and specifications that decide to make use of this implementation strategy in clients.)

Overall, it's a bit difficult to make normative requirements here, because these are usually about the interoperability e.g. of a client and a server. But in this case, the client only needs to interoperate with itself (it needs to accept a token that it created itself) and the only real requirement is that "client implementations MUST NOT be vulnerable to maliciously crafted tokens". The meaning of "vulnerable" and "malicious" here depends a lot on the application/deployment-specific context; the document can really just highlight some potential issues that users should take into consideration.

I'm open to concrete suggestions for text improvements, though.

> 1. I do not believe there is a need to mention in the Abstract that 'This
> document updates RFCs 7252 and 8323.'. This is shown in the header of the
> text on the front page, and also is part of the metadata.

Without, idnits reports:

  -- The draft header indicates that this document updates RFC7252, but the
     abstract doesn't seem to mention this, which it should.

  -- The draft header indicates that this document updates RFC8323, but the
     abstract doesn't seem to mention this, which it should.

> 2. Are the message formats defined in Appendix A for different transports
> considered normative or examples? It would be useful to specify.

Section 2.1 normatively defines the new message formats as a "delta" to RFCs 7252 and 8323. The appendix shows the result of applying that "delta". So, both are just different ways to present the same normative information. I'll add a sentence clarifying that.

Best regards,