Re: [COSE] questions for the WG from 8152bis AUTH48
Marco Tiloca <marco.tiloca@ri.se> Fri, 18 February 2022 18:50 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 632763A12E8
for <cose@ietfa.amsl.com>; Fri, 18 Feb 2022 10:50:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.813
X-Spam-Level:
X-Spam-Status: No, score=-2.813 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.714,
RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jRabeYi7SNCf for <cose@ietfa.amsl.com>;
Fri, 18 Feb 2022 10:50:42 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com
(mail-am5eur03on0614.outbound.protection.outlook.com
[IPv6:2a01:111:f400:fe08::614])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 84A3A3A12CF
for <cose@ietf.org>; Fri, 18 Feb 2022 10:50:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ktWvBKCrmkdPu+5UpkHhzG/Nw9r6LOs94oCPBqRSzZxHpgxHNuhpO1B1yneS71kN2CgJDz87StJBkCp1+CG4JwF6zuYGkYX9/xTlUk0eUVHwwfWJIkdssoUOM/oJLg3F5Gl9UZqpUnHMkO9ogXlKkXAg7l9M/Br7L4hzSbzGTA8EwWgrE0NCPuqnW8y2h3R3ORp/GZ+WR7UrfBkXuNLIobVm8eNqItYcxp9FFnn0evTlN7FdaASuh6+C2UxZz8+JbR1BphqWO4qF7dF2PFlLy7WNiXEo3+kwzfgpQFwqKzJ10DVKk/t3o2MpgCjoDBm5/z6eDnZurCCRmtSf3Zxi/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=nFT0uMe3HeyPbCsyfcvUpPlUjof83cokRBgqBtZrTOY=;
b=GZReVTY0jz8j29lY1tWBw6rJBA5zS+RCuO6v1J5w78yvm84TKpZ5CjdjZYgQnZX0m0CLS0Vb1u94FZe/HQyIveBp3W2lqInyfN4eaMr3lFGo9wyoAid46KmCPGtQb70VPX/sSP8JFDfwmB+GhDpOxUJZ2EAj6/lPBfoo5XVlO3QKY50dOj0MJUEQOmV+Ze07gCTRG24BpoFowcR2zDVobeMzDtTw3mFcOEq6svIEC078MX2e0h6TtNf9ItIW65be+tQZCqRPigOAjGKU82wELwhiXzu/i1INwS+gG+4xya/qTDORjLRn8+dXfceRoJYQ74D4gTpCmgQkliwEAGxWuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass
header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=nFT0uMe3HeyPbCsyfcvUpPlUjof83cokRBgqBtZrTOY=;
b=HvATaiqN3HKVcSzgSlCBkhEFGtWVt/82+bKW9MC5Ax+XI0ZcW0xZD99Uckm6ZKN0tbRFM6HWYxDpmhDh6Hy27b6S9txw2ZzadrnJAJjCb9vlQ4uiGlnkrbl5LRvnkl7Dzj29EowPYGMEPUeqOp2C2YZEKPPr6UA0xTV2cq9F8gQ=
Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
by AM5P18901MB0019.EURP189.PROD.OUTLOOK.COM (2603:10a6:203:74::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.16; Fri, 18 Feb
2022 18:50:38 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
([fe80::8548:6918:4d2d:e57a]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
([fe80::8548:6918:4d2d:e57a%4]) with mapi id 15.20.4995.024; Fri, 18 Feb 2022
18:50:38 +0000
Message-ID: <3e424235-bd82-e12d-218f-0c7028dc2641@ri.se>
Date: Fri, 18 Feb 2022 19:50:35 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.5.0
Content-Language: en-US
To: Benjamin Kaduk <kaduk@mit.edu>, cose@ietf.org
References: <20220218045949.GN12881@kduck.mit.edu>
From: Marco Tiloca <marco.tiloca@ri.se>
In-Reply-To: <20220218045949.GN12881@kduck.mit.edu>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------kwnaU7WoUOmCRCxKi2l2QuKX"
X-ClientProxiedBy: GV3P280CA0104.SWEP280.PROD.OUTLOOK.COM
(2603:10a6:150:8::24) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
(2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b07d2ca9-4887-4ef7-004b-08d9f30f8d40
X-MS-TrafficTypeDiagnostic: AM5P18901MB0019:EE_
X-Microsoft-Antispam-PRVS: <AM5P18901MB001989F023B75AB9315B309B99379@AM5P18901MB0019.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jfZ/Lo1wXhikBOcqixOt/fKTxzmRxA606xi5LPtghxI0jkYl1TSvAqQuv7zPdAkAvn7ieCmUFJgj1i1+ioUO+mGz2fv9ecwYmOOjWmlinpv22eI9UUt/SgafUw8TnzQBAmAhFFh+OEG59wHmY4wQ4WvdMXj5CiNhws6xYioxPG42AJobNHxYKHcG6VQXD+CeT7mDgwNsOZ6vmwjqnxgYIRNuZukfrfixsr80hDyAbBRHBTUV0UTuHPs9K0V6eBh+xt+opuZGAjJ4Dr5lQNv8px7yK+9V5+mTewGS1wErOSouFy4Dp1OY8lpCe/HSqfQCbTwUsW3cx4J9paBzZMdkILP0P/G5H4FJoBB5SGA/1IhBIcDzrILIVV+JOTr65d77jt2q1Pd6muYs2nIQ3QQTVEFlJO3mFLgbyCuW8PM+NOsoKaFuYhuyAFj4tULF5y/1VnlCCs1+atmJn62cJRnpQ91Dnwo2rTdYxwzwMAYO3VTysjQ0jifjik9NsPAK6tQoTtqNBI+PebdmtM35lwjB2POY4DTSaf+O2Q5aB4OTMro7SiGO5hwmwHWWxz85iQjxD7dK/UVaOL4wEcfX6lu+AbpqEwGGfpTc1UJ6p+N+QP7+Zv209UMJyikRNWMjIfxnaOptmT3BvhJ9KeRTT9kCRaAg3bQo8lgX1DtNA1Lbavgb0haEWbPUBy/84b6RXdyPDyCLb3GP47QkPeKyXTwzDj8/KaSFMu2RBwfIaWUHENf1WVaQu3iMpUEx4PCZ9meofEN6NFl8g+JXdk14etlwmAt/c/ciLY0rsX3asX2SBAyJ42e7J++cWlIg9IRKCSYj
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
SFS:(13230001)(4636009)(366004)(66946007)(45080400002)(8676002)(66556008)(66574015)(66476007)(31686004)(36756003)(316002)(86362001)(31696002)(44832011)(2906002)(8936002)(5660300002)(235185007)(6506007)(33964004)(53546011)(6666004)(6512007)(38100700002)(508600001)(2616005)(966005)(26005)(6486002)(186003)(21480400003)(83380400001)(43740500002)(45980500001);
DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?eFlLcU9ySWUwWkc0eEdpcnEzVytsdlM1aUFLb1JoQUk2L04waXp1Ky82STZN?=
=?utf-8?B?eTBZcVhlUjVRKzR6WnpDRXlHK1FKMDAxWndKNEFHd2RqMGEzRFJpOXlLUmtM?=
=?utf-8?B?SFNnMGRScU9ZOE9lelQ2T1dITnVJeDU2bXZ2clJ6RU5DMTdlZmE5K3ZmR2RB?=
=?utf-8?B?ZjNWSHgzWFlTakM1V0drNUwxTklaY1VrWmk2ZmZSLzdpKzJhTWtGaFp4TXYy?=
=?utf-8?B?NTVLSCt2cnIxcWd3Uk9qb0hOV2F1THVWSlAzcXlpNWsxWjZRYzRDb2lPQU5V?=
=?utf-8?B?RDFJUDR1d2NjZHRhdjhsZzRwMTNnejRCNUJOVHV6TTlsbkhHK1U4d2RueVRr?=
=?utf-8?B?T1kvTm14SHRlV082TFVqZExEdW5WTFRtb2hJcDhJOHZEd0pOQ0Y4dDM3dlFP?=
=?utf-8?B?dTZHNWNWeXVlcG42Mmh4d1F6ZUc5dW9mSmNJenRycW9scHlZeWFHdUNvMThr?=
=?utf-8?B?MXg2OUEvVFVLeDFNbVNyaU1WWFV4dmtXQVBEOHMzZGFtTkV1Vm1Ec1JZS01o?=
=?utf-8?B?ck5pM2p0RGg0TW1IUDVKNUpKMVJveVA3QkFpOWVidWYzMWVoSFo1WDVsS2xB?=
=?utf-8?B?U1hQd2Vxb1YyeENvK2Z6dmlJbDMvcUpMUUcvWEhLL3dsQWVUTHV4WDVLVkJF?=
=?utf-8?B?Z0ZGblA2WW9UWU5DU3cwSnYvalFOTExyei9kaGh6bGtNRnAyY3p4S1FSZUZt?=
=?utf-8?B?YVlvTFZQSGVWUnhNRUgrVnY2blhYSTF0UFhoRmxIZU55Y08vdjkzWDdZS0s0?=
=?utf-8?B?b3crVUkvQWVMOFd4dGlzOGhNNG1LMnJDQzI2bnZmSG5VMll3dEExMk5jSDkw?=
=?utf-8?B?bk1nSmtlUUFjcSt4UGR5clROdWkyV1lpVlV3MlhLZVc5cHo1TllMWmlwQW1J?=
=?utf-8?B?Y3hZT0NJVzRIc3dVRmFObUlHWXhFbjBjaVNTMEVwTEZVZ1A3RkFEUk54U3k3?=
=?utf-8?B?Vk0yVU1xQ0thT1l4Y0ZrV2lybXhhaHlWVnVPY2JCOXFMZnBzMDFTR1J6YlNm?=
=?utf-8?B?YlhCa2gyVjkrZ1NBc2VGRHpFTXpXZTB1SkRkY2RKVVVSS0VPWk5qeTFOb1dh?=
=?utf-8?B?NGhwSE9TQlZFRHd6OXJTTVlNMGh4ZjBKb1YrZkRrR0lseSs5M0tIYkkvV2JJ?=
=?utf-8?B?VHhOTTJ5SmFxWDRCSDhvZE5HNlM2aitGWWs5VStiRzFSams3WU91enRZbk83?=
=?utf-8?B?cXF1NzJlZVN4UDhmQ2lrRUIyd3JiM2JEVG5ZeXBsOUlFbzQwT20yck1obEI4?=
=?utf-8?B?RFpmbThMMi82VW1lMGEraXJFaVpMYW50YUtIN2pGVnNyNFhtUUZnb1FCdjk5?=
=?utf-8?B?cE1RRjVVdGd0RlNDbU1EZC9aT1ZiZHY0MTdzMWpkdmJQSzgxYlVJYVk5MWUw?=
=?utf-8?B?VWRLcnFOcWp1QXVaYmVyS0QvakRxRmxHL2tRSDIvOUVDM2VMWkNVZi9lZUtU?=
=?utf-8?B?bjBGK2dObGNCcGpsekdITVMxUmkzS0dSWHU5OXgvSU1MS2p4RlJpSjdLckVJ?=
=?utf-8?B?ZktVVXBXcCtUQ3VjK3ZXUlVGUlRrcFNxSU1FL2xjQUNmVUQydk5Jd1kxMVdT?=
=?utf-8?B?TUNLcGRXVENkaTZRbGRLV3pWVVVEbUVudFVZV3hpQlVvZXphRWtiVkUvZFB6?=
=?utf-8?B?V3ExQWVEY2FxS1Nkei8yeWJoc3B3dkdEUnJHYWtVZkIvWmZSN1BhRUQ4aVhk?=
=?utf-8?B?SUhwVk9EZjZZRG8xZkpWWnUyS3RGMFJqYTUrMTFOWTR4dlcvT281eWM2NFNN?=
=?utf-8?B?alI5dWF2M1hsVDZST2ZGMUxGaS9DTndqenhnMXcrQTF1V1lpRkVZWko5U2pY?=
=?utf-8?B?SlhZWjd6bGVqejZ0RDljeWlwc2pRdjl0TGxJNndWdlBjSWk1K09KcGVveGFa?=
=?utf-8?B?eGRtZTJoL01MQno0ZnlHRTlDMGlXUlVLVE91YWZKTWpKT29yK1Y1Sk1Qa1ZQ?=
=?utf-8?B?VHVCMFFyaGZ3aVZCMkRYMjVOQzkrcFBWSGFic2F4V1hBcU5CR2UwZjVWUGlu?=
=?utf-8?B?UHA5ZEs3enYxNC9hdFExc2VIeFQzdlJVOWFmNVhCUTU1ck9uM0lyampOYXpq?=
=?utf-8?B?MFFvbTkyVjZnY0lYbFBPQ1ZEQm8yUGZ4eWprN1lQbjN1STRtOXhoRjZpdmF0?=
=?utf-8?B?Y1BuVDRnSm1iSzk2ZzV2L09WcmJzb0FGTkswUFFmVms3TzNXQVY4MXFxcC93?=
=?utf-8?Q?U+zkJvMCfu/hoiU69zI6MO4=3D?=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: b07d2ca9-4887-4ef7-004b-08d9f30f8d40
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2022 18:50:38.1353 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: zlIuyDbD5lk2jPbh8G+rtY+zk5SSNLZ+SpPqy7LhPxlj2xVO8PFxR4xoUvAAl/mmrsbl0Y0YiIkwMIxnlaUTrg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P18901MB0019
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/5Xq3b92FlIL2hRgFbBv2l2IEHoU>
Subject: Re: [COSE] questions for the WG from 8152bis AUTH48
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>,
<mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>,
<mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Feb 2022 18:50:48 -0000
Hi Ben and all, On 2022-02-18 05:59, Benjamin Kaduk wrote: > Hi all, > > The chairs and I are continuing to work through the AUTH48 process for the > 8152bis drafts, and a couple topics have come up that would benefit from > some broader input. > > The other question is in -algs; in > https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-cose-rfc8152bis-algs%23section-8&data=04%7C01%7Cmarco.tiloca%40ri.se%7C634eeebfc73d4bda82d108d9f29b9b26%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637807572981435893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=A1x%2BuzSMoO%2FwsjO%2BjpLGCj%2BCRhK2BRRLCdqLrKFTw88%3D&reserved=0 > we start off with a rather awkward sentence "There are some situations that > have been identified where identification of capabilities of an algorithm > or a key type need to be specified." In particular (at least to me), the > "identification ... needs to be specified" seems like the verb tenses don't > even match up properly, or something of that nature, but I can't properly > describe exactly what seems off. The current proposal from the RFC Editor > is to dramatically replace this sentence with the bland "The capabilities of > an algorithm or key type need to be specified in some situations". Does > anyone object to that change? ==>MT On -algs, I agree with the proposed simplification for the first sentence, and I have now also had a deeper look into the following sentence, i.e.: "One example of this is in [I-D.ietf-core-oscore-groupcomm] where the capabilities of the counter signature algorithm are mixed into the traffic key derivation process." Note that the COSE -algs document is referring to version -09 of -core-oscore-groupcomm. That version was indeed still using COSE capabilities, but not as part of a key derivation process. Rather, they were used to build the OSCORE external_aad to bind requests and responses, see [1]. After a few revisions, we removed the explicit use of COSE capabilities altogether from -core-oscore-groupcomm. In fact, it was agreed to rather have the external_aad including full-fledged authentication credentials, i.e., the public key together with metadata related to the signature algorithm. This is the case in the latest version -13, see [2]. Practically, it is probably better to remove the following two sentences from the COSE -algs document: * In Section 8, the second sentence of the first paragraph, also quoted above, i.e., "One example of this ... key derivation process." * In Section 8.3, the second sentence of the first paragraph, i.e., "This is the approach that is being used by the group communication KDF in [I-D.ietf-core-oscore-groupcomm]." For what is worth, the COSE capabilities are used with a descriptive purpose in the ACE documents [3] and [4] about key provisioning for group communication. That is, the Key Distribution Center responsible for a group can leverage COSE capabilities to provide a description of how the group works, in terms of signature algorithm parameters and signature key parameters. I am not suggesting to add these examples to the COSE -algs document :-) Best, /Marco [1] https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-groupcomm-09#section-4.3.1 [2] https://datatracker.ietf.org/doc/html/draft-ietf-core-oscore-groupcomm-13#section-4.3 [3] https://datatracker.ietf.org/doc/html/draft-ietf-ace-key-groupcomm [4] https://datatracker.ietf.org/doc/html/draft-ietf-ace-key-groupcomm-oscore <== > Thanks, > > Ben > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcose&data=04%7C01%7Cmarco.tiloca%40ri.se%7C634eeebfc73d4bda82d108d9f29b9b26%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637807572981435893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=j%2FhYXB2SOOMyUp8wKYztlpuOLJXSYtuOOkFxSXPcMik%3D&reserved=0 -- Marco Tiloca Ph.D., Senior Researcher Division: Digital System Department: Computer Science Unit: Cybersecurity RISE Research Institutes of Sweden https://www.ri.se Phone: +46 (0)70 60 46 501 Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden)
- [COSE] questions for the WG from 8152bis AUTH48 Benjamin Kaduk
- Re: [COSE] questions for the WG from 8152bis AUTH… Michael Richardson
- Re: [COSE] questions for the WG from 8152bis AUTH… Ilari Liusvaara
- Re: [COSE] questions for the WG from 8152bis AUTH… Marco Tiloca
- Re: [COSE] questions for the WG from 8152bis AUTH… Göran Selander