IETF Logo Mail Archive

Re: [COSE] AD evaluation of draft-ietf-cose-x509-06

Barry Leiba <barryleiba@computer.org> Tue, 15 September 2020 01:23 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 098743A0C0A; Mon, 14 Sep 2020 18:23:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0TdwHvEPM66; Mon, 14 Sep 2020 18:23:44 -0700 (PDT)
Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 325DE3A0C24; Mon, 14 Sep 2020 18:23:42 -0700 (PDT)
Received: by mail-vs1-f52.google.com with SMTP id y194so996570vsc.4; Mon, 14 Sep 2020 18:23:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+8d64utf51At4+nz2snxu3ra58bx+qMU9/IVRZOWFnk=; b=FVmv9VQGljxz8Uh4jiDkn30W4My0XI4NnSPXup1CMrpKiNGll1JZBQRDE/AAd76XkP H297bVkhcntTCmSkJigJHY5oVZuQOSZi1sD1ogTWVR4wrB2GeerxyGO0Cc9PMxLV0SI2 hJxXG6winVOUMNiHo166Z4qOr00wpNdNca287OePG9ciHIgylizsLP5hzriMEUx5vYSP XR7dfoO45jPFiFt7TlEo8XdCvawVG2++7pRVCxByVe17w/2/3c3EmY3IHErmHES96Yor mXPBgguXfKWu9miy9X/2sh06Ebjqv4Vo6fcDHwpeWFvrMBTf2Iq0Q0mqH677ILAQt8x2 uqkQ==
X-Gm-Message-State: AOAM532UhbcErZb0n5NVX7U1UnB6E/vaIwzgWK88aFnSyYpC/QqoLj/M ZgM1gDIjYpDxSOW7Md0t/aWElPN9Mtv1LcvwOrY6iGWrwGw=
X-Google-Smtp-Source: ABdhPJx3xxFXtyExBwLdf648zFWAlgHf5wHJ0IXr7qroiFQEYoO9sKrKVuIKtRaz00wfuTRqaXkh9G4Hs7tplvAK1Bo=
X-Received: by 2002:a67:2bc5:: with SMTP id r188mr9989901vsr.16.1600133020952; Mon, 14 Sep 2020 18:23:40 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJJ_--idVkDFA_UoO24nPJ8ieaKJkVxtO1Cr5UTF+A8Dzg@mail.gmail.com> <01c901d68afd$d5584860$8008d920$@augustcellars.com>
In-Reply-To: <01c901d68afd$d5584860$8008d920$@augustcellars.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 14 Sep 2020 21:23:30 -0400
Message-ID: <CALaySJLHHY_=KFfV=Mt_K83+k+mhbJF+cZz+dmKG019_wFTgOQ@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: cose@ietf.org, draft-ietf-cose-x509.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004ece9f05af500004"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/CsihRtKcmZ4EcrsUr84f2-6BSo4>
Subject: Re: [COSE] AD evaluation of draft-ietf-cose-x509-06
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 01:23:46 -0000

Thanks for the response, Jim.  I’m taking a few days of vacation and will
get to a response on Thursday.  Please remind me mid-day Thursday, your
time, if you don’t hear from me by then.

b

On Mon, Sep 14, 2020 at 9:16 PM Jim Schaad <ietf@augustcellars.com> wrote:

>
>
>
>
> -----Original Message-----
>
> From: Barry Leiba <barryleiba@computer.org>
>
> Sent: Friday, August 28, 2020 12:33 PM
>
> To: draft-ietf-cose-x509.all@ietf.org
>
> Cc: cose@ietf.org
>
> Subject: AD evaluation of draft-ietf-cose-x509-06
>
>
>
> Hi, all.  I'm taking this document over at Ben Kaduk's request, so as to
> get it moving more quickly, given Ben's workload.  There are two items in
> my review below that I think I want to resolve before starting last call:
> the MTI comment in Section 2, and the question about Table 2 in Section 3.
>
>
>
> — Section 1 —
>
>
>
>    In the process of writing [RFC8152] discussions were held on the
>
>    question of X.509 certificates [RFC5280] and if there was a needed to
>
>    provide for them.  At the time no use cases were presented that
>
>    appeared to have a sufficient need for these attributes.
>
>
>
> Typo: “needed” -> “need”.  But, really, I would just merge the two
> sentences:
>
>
>
> NEW
>
>    In the process of writing [RFC8152] the working group discussed X.509
>
>    certificates [RFC5280] and decided that no use cases were presented that
>
>    showed a need to support certificates.
>
> END
>
> [JLS] done
>
>
>
> — Section 2 —
>
>
>
>    It is not necessarily expected that constrained devices themselves
>
>    will evaluate and process of X.509 certificates
>
>
>
> Then, this is intended to be used in one direction: constrained devices
> might have certs built in, but a constrained device will not
>
> *receive* a cert from a server, for example… right?  The examples in
> Section 1 are consistent with that, but it might be good to say it
> explicitly.
>
>
>
> [JLS]  I think change addresses that
>
>
>
> It is not necessarily expected that constrained devices themselves will
> evaluate and process of X.509 certificates:  it is perfectly reasonable for
> a constrained device to be provisioned with a certificate which it can then
> provide to a relying party - along with a signature or encrypted message -
> on the assumption that the relying party is not a constrained device, and
> is capable of performing the required certificate evaluation and
> processing.  It is also reasonable that a constrained device would have the
> hash of a certificate associated with a public key and be configured use a
> public key for that thumbprint, but without performing the certificate
> evaluation or even having the entire certificate.
>
>
>
> [/JLS]
>
>
>
>       For interoperability, applications which use this header parameter
>
>       MUST support the hash algorithm 'SHA-256', but can use other hash
>
>       algorithms.
>
>
>
> I appreciate the need for an MTI alg here, but what does it really mean
> for me to say that my temperature sensor “supports SHA-256”, but that
> everything it sends uses SHA-512?  How does that help interoperability?
>
>
>
> [JLS]  If you have not agreed with others that this is what you are doing,
> then it does not help interoperability.  However, I am also loathe to say
> that you MUST use this algorithm and only this algorithm.  My expectation
> is that people are more likely to use SHA-256/64 rather than SHA-256 in
> this case as the shorter thumbprint means less bytes on the wire.  I don't
> know what else could be said here.
>
>
>
>       This will normally be the situation when self-signed certificates
>
>       are used.
>
>
>
> I wonder whether some readers will misread this as saying that self-signed
> certs will normally be used here.  Maybe, “Self-signed certificates are
> more likely to appear in this parameter than in the others.” ?
>
>
>
> [JLS] No, this is what I really meant "In particular, self-signed
> certificates MUST NOT be trusted without an out-of-band confirmation."
>
>
>
>    *  COSE_Signature and COSE_Sign0 objects, in these objects they
>
>       identify the certificate to be used for validation the signature.
>
>
>
>    *  COSE_recipient objects, in this location they identify the
>
>       certificate for the recipient of the message.
>
>
>
> Nit: I would use colon or semicolon instead of comma in both of these.
>
> And the first should say "validating", rather than "validation".
>
>
>
> [JLS] Done.
>
>
>
> — Section 3 —
>
>
>
>    There is no definition for the certificate bag as the same
>
>    attribute would be used for both the sender and recipient
>
>    certificates.
>
>
>
> Nit: there needs to be a comma after “bag”.
>
> [JLS] done
>
>
>
> One thing I’m not sure about here is why there’s no need to have “x5bag”
> in Table 2 in order to register the ECDH algorithms (in Section 4.2).
>
> [JLS] The reason is that the same x5bag would be used for both purposes.
> Since this is just a random collection of certificates it can hold both
> certificates containing key agreement public keys as well as signature
> public keys.
>
>
>
> — Section 4.1 —
>
>
>
>    IANA is requested to register the new COSE Header parameter in
>
>
>
> Nit: “parameters”
>
>
>
> — Section 5 —
>
>
>
>    A new self-signed certificate
>
>    appearing on the client cannot be a trigger to modify the set of
>
>    trust anchors, instead a well defined trust-establishment process is
>
>    required.
>
>
>
> Nit: I had a bit of trouble parsing this, and I think it needs different
> punctuation, or, better, just a change from “instead” to “because”.
>
>
>
> [JLS] I don't have any ideas of what is better.  This may now tie better
> back to the text above in section 2.
>
>
>
>    Before using the keys in a certificate, they MUST be checked as
>
>    described in the COSE algorithms document
>
>    [I-D.ietf-cose-rfc8152bis-algs].
>
>
>
> I think the MUST here makes rfc8152bis-algs normative.  I see that the
> document shepherd also thought that, but I don’t really follow the argument
> about why not.
>
>
>
> [JLS] I think that what I am trying to say just does not match what people
> are reading here.  I have changed this to read:
>
>
>
>         Before using the key in a certificate, the key MUST be checked
> against the algorithm to be used and any algorithm specific checks need to
> be made.
>
>
>
>
>
> Jim
>
>
>
>
>
>
>
> --
>
> Barry
>
>
>
>

v2.23.0 | Report a Bug | By Email