Re: [COSE] [Last-Call] Genart last call review of draft-ietf-cose-rfc8152bis-struct-09

Theresa Enghardt <ietf@tenghardt.net> Fri, 29 May 2020 04:24 UTC

Return-Path: <ietf@tenghardt.net>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A423A0AE1; Thu, 28 May 2020 21:24:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tenghardt.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWhAifybKD-e; Thu, 28 May 2020 21:24:02 -0700 (PDT)
Received: from mail.hemio.de (mail.hemio.de [136.243.12.180]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2253F3A0ADE; Thu, 28 May 2020 21:24:01 -0700 (PDT)
Received: from user.client.invalid (localhost [136.243.12.180]) by mail.hemio.de (Postfix) with ESMTPSA id 427DB9B; Fri, 29 May 2020 06:23:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tenghardt.net; s=20170414; t=1590726239; bh=ve9zxLfSrey/gwM4fmtt+tUy5uPFMuG9E7pkIYgpyO4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=EuN1edi4axXZxcLzPf9jGvEB11OS1Owno5hLH5GNiqmtVWzBdn555bwLX2G+RJ9sO QyPfkwJ1Be/Ng5k/oo2Wah6wuP3Pu5YgWHrwwEOECP+AsTNJ5M7hZMjbpGBFLq5nt6 HvaDZIP7LVT0I5+F+Gq7wsd/z61iWNIXJ/NPksQYFEhbDFWIA7OG2j6nerzvLTjKia dnJUOwuxkB/wiuO6cnufyDTVPRAafKeErpB9f2NSLwLxuuA+BsMPxvXjfUXjg5Nd3e bpgVh8ow+ifo2CiwI/7zPUPutNLcvkHIM6wXgbBLxA5nPEqAYYg7Eg3aGjMnO4vzrv Y7BMsLBN7sTKw==
To: Jim Schaad <ietf@augustcellars.com>, gen-art@ietf.org
Cc: draft-ietf-cose-rfc8152bis-struct.all@ietf.org, last-call@ietf.org, cose@ietf.org
References: <159044129232.11103.11777847473965400673@ietfa.amsl.com> <03c001d63496$786d5c20$69481460$@augustcellars.com>
From: Theresa Enghardt <ietf@tenghardt.net>
Message-ID: <a17456da-aa01-f8e4-e38c-ee28914e21f9@tenghardt.net>
Date: Thu, 28 May 2020 21:23:52 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <03c001d63496$786d5c20$69481460$@augustcellars.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/C-aHJCaVEQ5G5GQ2cZtmyUxdVyc>
Subject: Re: [COSE] [Last-Call] Genart last call review of draft-ietf-cose-rfc8152bis-struct-09
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2020 04:24:05 -0000

Hi Jim,

Thank you for the responses and text changes.

Please find replies to some of your points inline, prefixed with "[TE]".

Best,
Theresa

On 27.05.20 19:19, Jim Schaad wrote:
> Major issues:
>
> The intended RFC status is Internet Standard, while RFC 8152 is a Proposed Standard. While this document points to three different implementations, how widespread is their deployment? Were there other lessons learned from implementation and deployment experience? Has complexity been reduced by removing unused features, as RFC 6410 suggests?
>
> [JLS]  This document lists the three most complete implementations of the document that I know about.  I am aware of at least nine different implementations of the specification.  The rest of them implement a subset of the structures in the document and are not as complete.  I am aware of at least two different places where one of my implementations has been adapted to work in a different location.  I have had several different jolts where I have learned that COSE is either being used or is planned to be used in different locations.  So yes, I believe that there are a number of implementations and the usage of parts of COSE are wide spread.  
>
> [JLS] The only complexity reduction in the document that has been made is to remove the algorithm descriptions from the document and thus shortening the structure document from 120 pages to around 80 pages.   The problem with removing any additional items is that some security feature will no longer be available for applications to use.  For that reason no features have been removed.

[TE] I see. I'm excited to hear about IoT security techniques getting
deployed!


> Minor issues:
>
> In the introduction, it would be great to add some more context on how COSE is intended to be used. Is this solely for adding security to objects within CoAP, e.g., by signing and encrypting messages exchanged as CoAP payload? Or can it be used with other protocols or in other contexts? In RFC 7165, which describes JOSE use cases, Section 5.8.2 mentions Object Security for CoAP. Is COSE addressing this use case? If so, please add a link to Section 5.8.2 of RFC 7165. Section 9.5.4 mentions that COSE "is designed for a store and forward environment rather than an online environment". Perhaps it's worth mentioning such design goals and context in the introduction already. When adding one or two paragraphs on how COSE is intended to be used to the introduction, it's also worth stating explicitly that each application is expected to select the COSE objects and processes that it needs, and that Section 11 provides more guidance on how to do this. This will make it easier for application de
>  velopers to understand how to use COSE.
>
> [JLS]  I have added such a paragraph which you can view in the github version of the document.  I did not reference 7165 as you suggested but went directly to the CoRE solutions using COSE instead.

[TE] Thank you for adding this paragraph! I find it very helpful to
better understand the context and use cases of COSE.
Found one typo: "[…] although one can use COSE in and online protocol
[…]" -> "in an online protocol".


> When introducing the CDDL syntaxes:
> Is "* label => values" missing here? It appears to be used in some examples below.
>
> [JLS] I do not believe that this needs to be introduced in the text.  The section discusses only a part of CDDL that is used in the document and points to CDDL so that some additional things can be found.  The syntax "label=>value" is equivalent to "label: value" but either in a yet to be defined sense or for something which is not a string or number as the label.  Given that the text is normative it does not worry me that a complete description of CDDL is not presented here.

[TE] Right, I was just wondering if "* label" is similar to "+ label"
used in other places. As "[+ FOO]" is introduced in Section 1.4, I was
wondering if [* FOO] has to be introduced as well to be consistent. But
maybe I'm misunderstanding and these are substantially different?


> In Section 2:
> "[...] The wrapping allows for the encoding of the
>   protected map to be transported with a greater chance that it will
>   not be altered in transit.  (Badly behaved intermediates could
>   decode and re-encode, but this will result in a failure to verify
>   unless the re-encoded byte string is identical to the decoded byte
>   string.)  This avoids the problem of all parties needing to be
>   able to do a common canonical encoding."
> I'm not sure I understand this scenario. Does this statement just apply to zero-length maps or to all kinds of protected buckets? What does "to be transported with a greater chance" mean here? That intermediates are less likely to block traffic containing such a COSE object? That intermediates are less likely to accidentally (or deliberately) modify it in such a way that it gets accepted by the receiver? Is this an effect of some cryptographic protection, is it related to different encoding techniques being used in different implementations, or both? Why is it a problem if all parties need to be able to do a common canonical encoding? In fact, what kind of encoding does this refer to: Binary encoding vs. base64 encoding? Or specific ways of encoding certain information as binary data?
>
> [JLS] I think that you mean section 3 if that is not right please let me know.  The wrapping applies to all encoding of protected buckets.  For a zero length bucket this is less of an issue as there is only one way to encode it per the rules in section 10.  The issue is that an intermediate entity could decode the message, including the map, and encode it using a slightly different encoding.  This normally has to do with the order of items in the map but could be any number of things as the rules for deterministic encoding would need to be expanded to cover all possible CBOR objects rather than just the few that are given in section 10.  If one decodes all the way to the data model of CBOR then things such as dates become difficult to encode canonically as it could be encoded either as a floating point number or an integer number.  By doing the wrapping all parties doe NOT need to be able to do a common canonical encoding.  Experience with ASN.1 and the XML signature security have sh
>  own that the number of times that at least one party is going to get things wrong is much higher than one would like to see for a security protocol that wants to be simple and small. Would starting a new paragraph at this point make it easier to understand that it is nothing to deal with zero-length maps?

[TE] You're right, I meant Section 3. And yes, I think starting a new
paragraph here would make it easier to understand that this is no longer
about the zero-length map. Also, maybe substituting "The wrapping" with
something more general helps, because otherwise I'm wondering which part
of the previous sentence the "The" refers to.
Further, I'm wondering if it's worth adding "accidentally" (or similar
wording) to the sentence saying that content is transported "with a
greater chance that it will not be altered in transit". As the draft is
about security, when reading this I was thinking about an attacker
altering a message deliberately, but according to your explanation, this
part appears to be more about accidentally altering a message.