[COSE] AD evaluation of draft-ietf-cose-x509-06
Barry Leiba <barryleiba@computer.org> Fri, 28 August 2020 19:33 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6160F3A097A; Fri, 28 Aug 2020 12:33:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChFqSo0ijMxs; Fri, 28 Aug 2020 12:33:29 -0700 (PDT)
Received: from mail-il1-f170.google.com (mail-il1-f170.google.com [209.85.166.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5474C3A0978; Fri, 28 Aug 2020 12:33:26 -0700 (PDT)
Received: by mail-il1-f170.google.com with SMTP id o16so1657314ilq.0; Fri, 28 Aug 2020 12:33:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=bbie/HFBRfiqktMRT0qVGX9KHozucaMgPykOLu/X6Is=; b=tccfHrruFtK4okdWnj4lB+xJ8swHvSJ4vMJZO6hauLlDcrYJqyWGy86P2GaOD/thL7 peTi2x9S4cFLf1AhhAEgjRoHuwo8pic3n7wPyFshwcw6EWRjbmJHqbXuB5JAKR9tl3Z9 XKFK3hvc+QCUrYCj+kRBAJS+8XSsjdDuLE1WVG2kJr92eBedad4enU+LEytuaGwF8xWa HAqY6/JIFDAT9VmGWd30Cf+LIuoW86rwbYUkzTuT9QMQNLC+bgR5mLt4MUxAFY95aD7+ +VSl73LWEE3weL8EFTg4Sihyv4h/tUoHPf6njJjBgW8egJL9shFS5OSqPSmM/B22vph4 C+oQ==
X-Gm-Message-State: AOAM53098lzzKiAo11k5utwz1FlelbyQJojSC9kfS/c0Ah14+C/878ZP GgYklunV+fMix02XdwMzGsw0zag81B3AzKUF6lwr2/ziRAtoHw==
X-Google-Smtp-Source: ABdhPJyKlkMjrS78iL7kFrjo1xFWOWlvtqBcSkD9Y61MPYOQNsvmqobKA1eOMa+fIrPOr3CSmiiFiauMCY9B/eK8Aak=
X-Received: by 2002:a05:6e02:140f:: with SMTP id n15mr333546ilo.277.1598643205078; Fri, 28 Aug 2020 12:33:25 -0700 (PDT)
MIME-Version: 1.0
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 28 Aug 2020 15:33:13 -0400
Message-ID: <CALaySJJ_--idVkDFA_UoO24nPJ8ieaKJkVxtO1Cr5UTF+A8Dzg@mail.gmail.com>
To: draft-ietf-cose-x509.all@ietf.org
Cc: cose@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/o1r00WkXusC0Cwo7Y-UCakBojMM>
Subject: [COSE] AD evaluation of draft-ietf-cose-x509-06
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2020 19:33:31 -0000
Hi, all. I'm taking this document over at Ben Kaduk's request, so as
to get it moving more quickly, given Ben's workload. There are two
items in my review below that I think I want to resolve before
starting last call: the MTI comment in Section 2, and the question
about Table 2 in Section 3.
— Section 1 —
In the process of writing [RFC8152] discussions were held on the
question of X.509 certificates [RFC5280] and if there was a needed to
provide for them. At the time no use cases were presented that
appeared to have a sufficient need for these attributes.
Typo: “needed” -> “need”. But, really, I would just merge the two sentences:
NEW
In the process of writing [RFC8152] the working group discussed X.509
certificates [RFC5280] and decided that no use cases were presented that
showed a need to support certificates.
END
— Section 2 —
It is not necessarily expected that constrained devices themselves
will evaluate and process of X.509 certificates
Then, this is intended to be used in one direction: constrained
devices might have certs built in, but a constrained device will not
*receive* a cert from a server, for example… right? The examples in
Section 1 are consistent with that, but it might be good to say it
explicitly.
For interoperability, applications which use this header parameter
MUST support the hash algorithm 'SHA-256', but can use other hash
algorithms.
I appreciate the need for an MTI alg here, but what does it really
mean for me to say that my temperature sensor “supports SHA-256”, but
that everything it sends uses SHA-512? How does that help
interoperability?
This will normally be the situation when self-signed certificates
are used.
I wonder whether some readers will misread this as saying that
self-signed certs will normally be used here. Maybe, “Self-signed
certificates are more likely to appear in this parameter than in the
others.” ?
* COSE_Signature and COSE_Sign0 objects, in these objects they
identify the certificate to be used for validation the signature.
* COSE_recipient objects, in this location they identify the
certificate for the recipient of the message.
Nit: I would use colon or semicolon instead of comma in both of these.
And the first should say "validating", rather than "validation".
— Section 3 —
There is no definition for the certificate bag as the same
attribute would be used for both the sender and recipient
certificates.
Nit: there needs to be a comma after “bag”.
One thing I’m not sure about here is why there’s no need to have
“x5bag” in Table 2 in order to register the ECDH algorithms (in
Section 4.2).
— Section 4.1 —
IANA is requested to register the new COSE Header parameter in
Nit: “parameters”
— Section 5 —
A new self-signed certificate
appearing on the client cannot be a trigger to modify the set of
trust anchors, instead a well defined trust-establishment process is
required.
Nit: I had a bit of trouble parsing this, and I think it needs
different punctuation, or, better, just a change from “instead” to
“because”.
Before using the keys in a certificate, they MUST be checked as
described in the COSE algorithms document
[I-D.ietf-cose-rfc8152bis-algs].
I think the MUST here makes rfc8152bis-algs normative. I see that the
document shepherd also thought that, but I don’t really follow the
argument about why not.
--
Barry
- [COSE] AD evaluation of draft-ietf-cose-x509-06 Barry Leiba
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Jim Schaad
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Barry Leiba
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Barry Leiba
- Re: [COSE] AD evaluation of draft-ietf-cose-x509-… Jim Schaad