IETF Logo Mail Archive

Re: [COSE] [Ace] FW: New Version Notification for draft-selander-ace-object-security-05.txt

Francesca Palombini <francesca.palombini@ericsson.com> Tue, 12 July 2016 08:15 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C8F12B013; Tue, 12 Jul 2016 01:15:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CMaZQo8SEJyS; Tue, 12 Jul 2016 01:15:01 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DEF512B00C; Tue, 12 Jul 2016 01:15:00 -0700 (PDT)
X-AuditID: c1b4fb2d-f79936d0000030e4-68-5784a702c8d3
Received: from ESESSHC007.ericsson.se (Unknown_Domain [153.88.183.39]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 02.55.12516.207A4875; Tue, 12 Jul 2016 10:14:58 +0200 (CEST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.39) with Microsoft SMTP Server (TLS) id 14.3.294.0; Tue, 12 Jul 2016 10:14:57 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uLQEgfqFVM+1kaTEGx3cpqqwhsNihCfnxA7qfhzq7xQ=; b=h8Cc7w8lzMtLvCCnFpU62+bqOt3KOu1AhHl6HXsDcu8sYpq2bPrVaS/yZaHrCBaKwcWraz/srPPUrqE3c11bpwQZelzzjwZUVTwAVo67f9wav7x5woBJDiy5k87+iFF4TBj0hfHCuDXplovCfEl10VmZlqkis0A016yTT53aW4g=
Received: from AMXPR07MB070.eurprd07.prod.outlook.com (10.242.70.148) by AMXPR07MB069.eurprd07.prod.outlook.com (10.242.70.147) with Microsoft SMTP Server (TLS) id 15.1.528.16; Tue, 12 Jul 2016 08:14:56 +0000
Received: from AMXPR07MB070.eurprd07.prod.outlook.com ([169.254.14.218]) by AMXPR07MB070.eurprd07.prod.outlook.com ([169.254.14.218]) with mapi id 15.01.0528.026; Tue, 12 Jul 2016 08:14:56 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Marco Tiloca <marco@sics.se>
Thread-Topic: [Ace] FW: New Version Notification for draft-selander-ace-object-security-05.txt
Thread-Index: AQHR2G3dJR4k7DwmmE2nHZmL8yaTPqAOF8bQgAUzcwCAAS6UIA==
Date: Tue, 12 Jul 2016 08:14:56 +0000
Message-ID: <AMXPR07MB070FAF73F930DEF19972C8698300@AMXPR07MB070.eurprd07.prod.outlook.com>
References: <20160707163729.23634.20152.idtracker@ietfa.amsl.com> <AMXPR07MB0709A19CD21050F2B2DC7F4983C0@AMXPR07MB070.eurprd07.prod.outlook.com> <CABFpCtCnaMvLiAN=gJJPJSgxV5+=KWG8LGj5WK0kvvrUpSHyMA@mail.gmail.com>
In-Reply-To: <CABFpCtCnaMvLiAN=gJJPJSgxV5+=KWG8LGj5WK0kvvrUpSHyMA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=francesca.palombini@ericsson.com;
x-originating-ip: [80.216.62.213]
x-ms-office365-filtering-correlation-id: 6926452e-107a-488c-ccb2-08d3aa2c9c0d
x-microsoft-exchange-diagnostics: 1; AMXPR07MB069; 6:vf49FYy5sKAjPfik19NZjIP14nnHI9id7WwpvGWbmu1l1lSdGQPEB8HWI92PDb+/5LfgWNUYYaAluO1bON9qfg9+SB+VpcFI1LzsHnirCqwyn+BbnJ7Zj67coFlhrxHsq3uutOysPn88yPowQxw7c+Hw0Xp5crXOmrP8/oulxRFbbtKDj5CiS2sy40FLaNKSzcWrbLTzvk+No7RsLPkFmccBFxhBJ4amM7bG8SD4pGuMyJ+tk5NHUplcZp71Sh8svUw0DF1C0L5ka1lCxTl/VQ6z/FQJVsUScQR5/XRmN4g=; 5:LBGSTOK/lOl39o8QEALmWZswwSxXTvMCbb7nQ86DzLl+cmqcnwSs8A2ss6lPycyaVgbYBXjnu0roH9Ch0ebwidR5uOk/7T5GhqN/jbLpALPgrmSU/BwgDt+916buEcIYcZKiBI6VE3wBt70zK2YE7w==; 24:RBnX7sscbbWoFwzUkQSzR0o/OeXwFFuPyZWqqB7QxsmWhgR0RbQUwbwYlYIqzzQsZOzHXry3DGNsRR1x5wdcuZ800/3k6LA+yCYKMV+aSfE=; 7:X5b+iyb1+Bi205ubX0e20o+yNTcrD9Av/2ZXsW81XQnmAKcgqsxmVgJfhYEMY8nvHPdmcFOwLj5nzQOZL9jfQZf0fhGO/nVjhXd4ONJCkue9rIuYfUd8TfBI1CYBmYYRA6E4RZ0nxisT8J9tdlG8p9nYo/c/D85uSYH42Oi11XqxKazUEplXUW+otOw+VgIZxKR4UDZoY8qWTbNFRuA50fyUfrlMnHnTr283ePKSESyrKetUuRnuvIv3AnZ30LXR
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AMXPR07MB069;
x-microsoft-antispam-prvs: <AMXPR07MB0694724EB7701F15B46E59798300@AMXPR07MB069.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(37575265505322)(158342451672863)(120809045254105)(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001); SRVR:AMXPR07MB069; BCL:0; PCL:0; RULEID:; SRVR:AMXPR07MB069;
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(13464003)(189002)(377454003)(199003)(377424004)(24454002)(101416001)(2906002)(106356001)(54356999)(50986999)(19617315012)(105586002)(106116001)(76176999)(16601075003)(19580395003)(7696003)(3660700001)(7736002)(5003600100003)(2420400007)(19580405001)(19609705001)(68736007)(7846002)(9326002)(230783001)(81166006)(7906003)(3280700002)(81156014)(19625215002)(74316002)(8676002)(8936002)(15650500001)(19300405004)(33656002)(92566002)(4326007)(110136002)(14971765001)(122556002)(189998001)(86362001)(87936001)(790700001)(6116002)(16236675004)(10400500002)(102836003)(3846002)(10710500007)(97736004)(7110500001)(11100500001)(15975445007)(2900100001)(2950100001)(66066001)(9686002)(586003)(76576001)(5002640100001); DIR:OUT; SFP:1101; SCL:1; SRVR:AMXPR07MB069; H:AMXPR07MB070.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AMXPR07MB070FAF73F930DEF19972C8698300AMXPR07MB070eurprd_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2016 08:14:56.1234 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMXPR07MB069
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTYRjG+XbOzo7Dwee8vVqQrrySl24wUKIsSYLugeYf6tCTjuYmO8tS KCwdiGa4vNTmLKnl8pYtpmlk0igzobIUyxmCNMOREmmmJUjbzgL/+73P+/B87wMfTYit/FBa rtQwaqVMIaGEpD7jSVQcz1yRntg9tFW68vsaIX2+0E1IG3sa+FJj1wC1j0wzmf7w0mqG1qjj vExhch6jkBcz6oS9OcKCtnUHWTQxgi5Wv75JlqEHr1AV8qEB7wbTwzEvB8HodDdVhYS0GL9E UNk65x2GEYxXTgjcA4lrCKiq/om4zTgC+/pbr20IQZnFQLnDKJwMozM/+G4OwGFg0VcSbiYw A7PNHzy6P86GyV6rgPPkwKLjNsVxCrRPTfHcTOII0K0sePwinAmfVls8fjGeRPDIkOVmH3wC 9E2dnnzkKrEy0snj3goGu+MOjyuHwfTsPcFxIDi/rvM5fy6MT10XcHo4LF8ZoDg+Am1Xv/Hc xQAvUKDtNHuDUqGh7LOLaRfLYXDxJCdfAqf2BsX5uxBU3R3whm6G3vkxb5BWAJZZG8E1YMDc pUW1KNaw4ViDK5fAKmh1pho8nf3gjd5BcnIMdD9N4NzhUF89I+A4GrTGZsFGvQUJ2lEgy7Bs Yf7OXfGMWp7LsiplvJLRPEauv/TCuhbXhzq+77chTCOJr6hlujxdzJcVsyWFNgQ0IQkQfTRV pItFebKSUkatylafVzCsDW2iSUmw6JgzPF2M82Ua5hzDFDHq/1se7RNahqJF/V3L7+Yyt99v 1gz2px3Nujdh81tpL65bMpaGhITqHL4juUv2uoAtYRAgz+uJ6LB8McZF/k1pklfPH5i11tfE WOwV/kGrbbUNzSbdED7bqNJJY4+dOr0t49dksq7cbJ1J0uYccl6OOWhXJHf27YmM6h9OvHD4 VtOZpJCI8BIJyRbIdsQSalb2D0VcQ9hHAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/JnTo02uDvo0-PXndmG5x-4eF-_g>
Cc: "Ace@ietf.org" <Ace@ietf.org>, "core@ietf.org" <core@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Subject: Re: [COSE] [Ace] FW: New Version Notification for draft-selander-ace-object-security-05.txt
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 08:15:05 -0000

Hi Marco,

Thank you so much for an extended review! I agree with all your comments and I think they will improve the readability of the draft.
I just have a question for 1):

We introduce the use of COSE objects already in Section 1. Introduction, in the last paragraph of page 3 (“OSCOAP builds on CBOR Object Signing and Encryption (COSE) …”). Was there a reason why you wanted it mentioned in the Object Security option section, specifically?

Best,
Francesca


From: Marco Tiloca [mailto:marco@sics.se]
Sent: den 11 juli 2016 16:11
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: core@ietf.org; cose@ietf.org; Ace@ietf.org
Subject: Re: [Ace] FW: New Version Notification for draft-selander-ace-object-security-05.txt

Hello Francesca and all,

I have reviewed this last version and I believe it is in a very good shape!

Please, find below some suggestions for minor changes/updates.

Best regards,
/Marco

----------------------------

1) In Section 2, I would refer the usage of a COSE object as soon as possible, rather than at the end of page 5 where you describe how to prepare the protected CoAP message. For instance, the very first sentence in Section 2 can be followed by something like: "This is achieved by means of a COSE object included in the protected CoAP message, as detailed below".

2) In Section 2 (page 5), I would move the sentence "An endpoint receiving [...] treat it as malformed and reject it." at the end of the first element of the bullet list below, since it concerns CoAP messages with payload.

3) Following the same reasoning of point 2), I would extend the second element in the dotted list at the end of page 5 with: "An endpoint receiving a CoAP message without payload, that also contains an empty Object-Security option SHALL treat it as malformed and reject it".

4) Section 3.1, page 6, "The endpoint verifies the message received" --> "The endpoint verifies the messages received".

5) Section 5, page 13, add "(see Section 5.1)" after "is computed from the Plaintext", and "(see Section 5.2)" after "and the Additional Authenticated Data (AAD)".

6) Section 6.2, page 16, step 1. In the last sentences about renewing the security context on the client, it would be good to mention also that this involves informing the server, so that it can update its own Receiver-* parameters on its own context.

7) Section 6.2, page 16, step 2. "Store the MAC of each fragment" --> "Store the MAC of each last-sent fragment".

8) Section 6.3, page 17, step 2. "Store the MAC of each fragment" --> "Store the MAC of each last-received fragment".

9) Section 6.4, page 18, step 1. In the last sentences about renewing the security context on the server, it would be good to mention also that this involves informing the client, so that it can update its own Receiver-* parameters on its own context.

10) Section 6.4, page 18, step 2. "Store the MAC of each fragment" --> "Store the MAC of each last-sent fragment".

11) Section 6.5, page 19, step 2. "Store the MAC of each fragment" --> "Store the MAC of each last-received fragment".

12) Section 6.5, page 20, first paragraph. After the last sentence "DTLS and OSCOAP can be combined", I would restate what said in Section 1 (page 4), that is "thereby enabling end-to-end ..."

13) Section 6.5, page 20, third paragraph. "The use of COSE to protected CoAP messages" --> "The use of COSE to protect CoAP messages"

On Fri, Jul 8, 2016 at 9:03 AM, Francesca Palombini <francesca.palombini@ericsson.com<mailto:francesca.palombini@ericsson.com>> wrote:
Dear CoRE, COSE and ACE members,

We have submitted an update to the OSCOAP draft:
https://tools.ietf.org/html/draft-selander-ace-object-security-05

For those who don’t know, OSCOAP is an application layer security protocol for CoAP, based on wrapping request and response messages in COSE objects which are sent in a CoAP message exchange.

With this version, we aimed for improved readability and we added the blockwise functionality, as discussed during last f2f meeting.

We are now looking for reviews. Any comment or feedback would be greatly appreciated!

Best regards,
Francesca

-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>]
Sent: den 7 juli 2016 18:37
To: Göran Selander <goran.selander@ericsson.com<mailto:goran.selander@ericsson.com>>; Ludwig Seitz <ludwig@sics.se<mailto:ludwig@sics.se>>; John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>>; Göran Selander <goran.selander@ericsson.com<mailto:goran.selander@ericsson.com>>; Francesca Palombini <francesca.palombini@ericsson.com<mailto:francesca.palombini@ericsson.com>>
Subject: New Version Notification for draft-selander-ace-object-security-05.txt


A new version of I-D, draft-selander-ace-object-security-05.txt
has been successfully submitted by Francesca Palombini and posted to the IETF repository.

Name:           draft-selander-ace-object-security
Revision:       05
Title:          Object Security of CoAP (OSCOAP)
Document date:  2016-07-07
Group:          Individual Submission
Pages:          36
URL:            https://www.ietf.org/internet-drafts/draft-selander-ace-object-security-05.txt
Status:         https://datatracker.ietf.org/doc/draft-selander-ace-object-security/
Htmlized:       https://tools.ietf.org/html/draft-selander-ace-object-security-05
Diff:           https://www.ietf.org/rfcdiff?url2=draft-selander-ace-object-security-05

Abstract:
   This memo defines Object Security of CoAP (OSCOAP), a method for
   application layer protection of message exchanges with the
   Constrained Application Protocol (CoAP), using the CBOR Object
   Signing and Encryption (COSE) format.  OSCOAP provides end-to-end
   encryption, integrity and replay protection to CoAP payload, options,
   and header fields, as well as a secure binding between CoAP request
   and response messages.  The use of OSCOAP is signaled with the CoAP
   option Object-Security, also defined in this memo.




Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

The IETF Secretariat

_______________________________________________
Ace mailing list
Ace@ietf.org<mailto:Ace@ietf.org>
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email