Re: [COSE] AD evaluation of draft-ietf-cose-x509-06
Barry Leiba <barryleiba@computer.org> Tue, 15 September 2020 01:23 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 098743A0C0A; Mon, 14 Sep 2020 18:23:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0TdwHvEPM66; Mon, 14 Sep 2020 18:23:44 -0700 (PDT)
Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 325DE3A0C24; Mon, 14 Sep 2020 18:23:42 -0700 (PDT)
Received: by mail-vs1-f52.google.com with SMTP id y194so996570vsc.4; Mon, 14 Sep 2020 18:23:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+8d64utf51At4+nz2snxu3ra58bx+qMU9/IVRZOWFnk=; b=FVmv9VQGljxz8Uh4jiDkn30W4My0XI4NnSPXup1CMrpKiNGll1JZBQRDE/AAd76XkP H297bVkhcntTCmSkJigJHY5oVZuQOSZi1sD1ogTWVR4wrB2GeerxyGO0Cc9PMxLV0SI2 hJxXG6winVOUMNiHo166Z4qOr00wpNdNca287OePG9ciHIgylizsLP5hzriMEUx5vYSP XR7dfoO45jPFiFt7TlEo8XdCvawVG2++7pRVCxByVe17w/2/3c3EmY3IHErmHES96Yor mXPBgguXfKWu9miy9X/2sh06Ebjqv4Vo6fcDHwpeWFvrMBTf2Iq0Q0mqH677ILAQt8x2 uqkQ==
X-Gm-Message-State: AOAM532UhbcErZb0n5NVX7U1UnB6E/vaIwzgWK88aFnSyYpC/QqoLj/M ZgM1gDIjYpDxSOW7Md0t/aWElPN9Mtv1LcvwOrY6iGWrwGw=
X-Google-Smtp-Source: ABdhPJx3xxFXtyExBwLdf648zFWAlgHf5wHJ0IXr7qroiFQEYoO9sKrKVuIKtRaz00wfuTRqaXkh9G4Hs7tplvAK1Bo=
X-Received: by 2002:a67:2bc5:: with SMTP id r188mr9989901vsr.16.1600133020952; Mon, 14 Sep 2020 18:23:40 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJJ_--idVkDFA_UoO24nPJ8ieaKJkVxtO1Cr5UTF+A8Dzg@mail.gmail.com> <01c901d68afd$d5584860$8008d920$@augustcellars.com>
In-Reply-To: <01c901d68afd$d5584860$8008d920$@augustcellars.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 14 Sep 2020 21:23:30 -0400
Message-ID: <CALaySJLHHY_=KFfV=Mt_K83+k+mhbJF+cZz+dmKG019_wFTgOQ@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: cose@ietf.org, draft-ietf-cose-x509.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004ece9f05af500004"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/CsihRtKcmZ4EcrsUr84f2-6BSo4>
Subject: Re: [COSE] AD evaluation of draft-ietf-cose-x509-06
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 01:23:46 -0000
Thanks for the response, Jim. I’m taking a few days of vacation and will get to a response on Thursday. Please remind me mid-day Thursday, your time, if you don’t hear from me by then. b On Mon, Sep 14, 2020 at 9:16 PM Jim Schaad <ietf@augustcellars.com> wrote: > > > > > -----Original Message----- > > From: Barry Leiba <barryleiba@computer.org> > > Sent: Friday, August 28, 2020 12:33 PM > > To: draft-ietf-cose-x509.all@ietf.org > > Cc: cose@ietf.org > > Subject: AD evaluation of draft-ietf-cose-x509-06 > > > > Hi, all. I'm taking this document over at Ben Kaduk's request, so as to > get it moving more quickly, given Ben's workload. There are two items in > my review below that I think I want to resolve before starting last call: > the MTI comment in Section 2, and the question about Table 2 in Section 3. > > > > — Section 1 — > > > > In the process of writing [RFC8152] discussions were held on the > > question of X.509 certificates [RFC5280] and if there was a needed to > > provide for them. At the time no use cases were presented that > > appeared to have a sufficient need for these attributes. > > > > Typo: “needed” -> “need”. But, really, I would just merge the two > sentences: > > > > NEW > > In the process of writing [RFC8152] the working group discussed X.509 > > certificates [RFC5280] and decided that no use cases were presented that > > showed a need to support certificates. > > END > > [JLS] done > > > > — Section 2 — > > > > It is not necessarily expected that constrained devices themselves > > will evaluate and process of X.509 certificates > > > > Then, this is intended to be used in one direction: constrained devices > might have certs built in, but a constrained device will not > > *receive* a cert from a server, for example… right? The examples in > Section 1 are consistent with that, but it might be good to say it > explicitly. > > > > [JLS] I think change addresses that > > > > It is not necessarily expected that constrained devices themselves will > evaluate and process of X.509 certificates: it is perfectly reasonable for > a constrained device to be provisioned with a certificate which it can then > provide to a relying party - along with a signature or encrypted message - > on the assumption that the relying party is not a constrained device, and > is capable of performing the required certificate evaluation and > processing. It is also reasonable that a constrained device would have the > hash of a certificate associated with a public key and be configured use a > public key for that thumbprint, but without performing the certificate > evaluation or even having the entire certificate. > > > > [/JLS] > > > > For interoperability, applications which use this header parameter > > MUST support the hash algorithm 'SHA-256', but can use other hash > > algorithms. > > > > I appreciate the need for an MTI alg here, but what does it really mean > for me to say that my temperature sensor “supports SHA-256”, but that > everything it sends uses SHA-512? How does that help interoperability? > > > > [JLS] If you have not agreed with others that this is what you are doing, > then it does not help interoperability. However, I am also loathe to say > that you MUST use this algorithm and only this algorithm. My expectation > is that people are more likely to use SHA-256/64 rather than SHA-256 in > this case as the shorter thumbprint means less bytes on the wire. I don't > know what else could be said here. > > > > This will normally be the situation when self-signed certificates > > are used. > > > > I wonder whether some readers will misread this as saying that self-signed > certs will normally be used here. Maybe, “Self-signed certificates are > more likely to appear in this parameter than in the others.” ? > > > > [JLS] No, this is what I really meant "In particular, self-signed > certificates MUST NOT be trusted without an out-of-band confirmation." > > > > * COSE_Signature and COSE_Sign0 objects, in these objects they > > identify the certificate to be used for validation the signature. > > > > * COSE_recipient objects, in this location they identify the > > certificate for the recipient of the message. > > > > Nit: I would use colon or semicolon instead of comma in both of these. > > And the first should say "validating", rather than "validation". > > > > [JLS] Done. > > > > — Section 3 — > > > > There is no definition for the certificate bag as the same > > attribute would be used for both the sender and recipient > > certificates. > > > > Nit: there needs to be a comma after “bag”. > > [JLS] done > > > > One thing I’m not sure about here is why there’s no need to have “x5bag” > in Table 2 in order to register the ECDH algorithms (in Section 4.2). > > [JLS] The reason is that the same x5bag would be used for both purposes. > Since this is just a random collection of certificates it can hold both > certificates containing key agreement public keys as well as signature > public keys. > > > > — Section 4.1 — > > > > IANA is requested to register the new COSE Header parameter in > > > > Nit: “parameters” > > > > — Section 5 — > > > > A new self-signed certificate > > appearing on the client cannot be a trigger to modify the set of > > trust anchors, instead a well defined trust-establishment process is > > required. > > > > Nit: I had a bit of trouble parsing this, and I think it needs different > punctuation, or, better, just a change from “instead” to “because”. > > > > [JLS] I don't have any ideas of what is better. This may now tie better > back to the text above in section 2. > > > > Before using the keys in a certificate, they MUST be checked as > > described in the COSE algorithms document > > [I-D.ietf-cose-rfc8152bis-algs]. > > > > I think the MUST here makes rfc8152bis-algs normative. I see that the > document shepherd also thought that, but I don’t really follow the argument > about why not. > > > > [JLS] I think that what I am trying to say just does not match what people > are reading here. I have changed this to read: > > > > Before using the key in a certificate, the key MUST be checked > against the algorithm to be used and any algorithm specific checks need to > be made. > > > > > > Jim > > > > > > > > -- > > Barry > > > >
- [COSE] AD evaluation of draft-ietf-cose-x509-06 Barry Leiba
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Jim Schaad
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Barry Leiba
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Barry Leiba
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Jim Schaad