IETF Logo Mail Archive

Re: [COSE] [Ace] FW: New Version Notification for draft-selander-ace-object-security-05.txt

Marco Tiloca <marco@sics.se> Mon, 11 July 2016 14:11 UTC

Return-Path: <marco@sics.se>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D208812D1E3 for <cose@ietfa.amsl.com>; Mon, 11 Jul 2016 07:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sics-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0lAIYs1LYfD2 for <cose@ietfa.amsl.com>; Mon, 11 Jul 2016 07:10:58 -0700 (PDT)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6D3212D1D1 for <cose@ietf.org>; Mon, 11 Jul 2016 07:10:57 -0700 (PDT)
Received: by mail-vk0-x234.google.com with SMTP id f7so124819163vkb.3 for <cose@ietf.org>; Mon, 11 Jul 2016 07:10:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sics-se.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QS4EREFz5/WfsO/U1t8+/FgVFED/xp7xq5VoJYxTZk0=; b=mZodHUpom5r8g/+g8r88cel1cpjrZx+zxUz3Xg1OpmFUnlhNW0Qv+E05gkUsd2nieY boUDL7mx4cW5/5ON55wLGIwMUFxP1QPOu09A78sEybxpigBSneFW5ok4hmC2kRc/XW9G X+lyFU9/JBWQDk3De2uJ9wTzZ3wrcmL+atw8DhB1WbfS831h5twa4kmaYf7eVOW55YCk uh5Ug+jULuHf+hOnEB0l+BphhqPc/L6j6ixCWXxG3X0xRqiS5Uc11pJtPQ3UZ+qq0J1j IE0Oo3KofsBBoRNfWQwafR0EI955H7Zu8vETSSprqV23B1i8DONjPs+RnAx/0nD6Qfii liaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QS4EREFz5/WfsO/U1t8+/FgVFED/xp7xq5VoJYxTZk0=; b=b2D7O1o4+h3xpniO/GVhhhcXcxMCn8okftOoEchkyvwFjuI0Xfr39MSv9U/PWLY1KY Qbhz0pfucacEfqL0/3mm1zXnaKOHRLtad+2+tu3zYqYP63mt9B7LrjJ75OmGYqX3b7eS 1k4FNX1nC54+fLhp+Bozc32lLujOg+/LjHNv7DzuQDgkDgauVyPSZEuo9Y5J7azHy6+3 XUXgvv/EE0OaLGu8SYI1rgbme8ip/nQzv2XgIrk5vgjqa5DV6yV2EyuXVQp2utUQ1kxz smSEPX7wQhHE4mOMfWZfjSSeGj9S6bBrprwox1bFCgYVVWTXyXXxtrefyqYAyMmzhz16 7IbQ==
X-Gm-Message-State: ALyK8tLts2xHMSA0G+UkfVadFv7rdeq0eKOJRSRobI2TMXQ4ywRjMabtRsKN1RjhoYOwLAWnn0ngEHa0vzUpWTdq
X-Received: by 10.159.33.5 with SMTP id 5mr707485uab.36.1468246256671; Mon, 11 Jul 2016 07:10:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.87.74 with HTTP; Mon, 11 Jul 2016 07:10:56 -0700 (PDT)
In-Reply-To: <AMXPR07MB0709A19CD21050F2B2DC7F4983C0@AMXPR07MB070.eurprd07.prod.outlook.com>
References: <20160707163729.23634.20152.idtracker@ietfa.amsl.com> <AMXPR07MB0709A19CD21050F2B2DC7F4983C0@AMXPR07MB070.eurprd07.prod.outlook.com>
From: Marco Tiloca <marco@sics.se>
Date: Mon, 11 Jul 2016 16:10:56 +0200
Message-ID: <CABFpCtCnaMvLiAN=gJJPJSgxV5+=KWG8LGj5WK0kvvrUpSHyMA@mail.gmail.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
Content-Type: multipart/alternative; boundary="94eb2c0b60c49284bf05375cb859"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/v8fxtpndXpe828y0ZTPir7CBbaA>
Cc: "Ace@ietf.org" <Ace@ietf.org>, "core@ietf.org" <core@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Subject: Re: [COSE] [Ace] FW: New Version Notification for draft-selander-ace-object-security-05.txt
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2016 14:11:08 -0000

Hello Francesca and all,

I have reviewed this last version and I believe it is in a very good shape!

Please, find below some suggestions for minor changes/updates.

Best regards,
/Marco

----------------------------

1) In Section 2, I would refer the usage of a COSE object as soon as
possible, rather than at the end of page 5 where you describe how to
prepare the protected CoAP message. For instance, the very first sentence
in Section 2 can be followed by something like: "This is achieved by means
of a COSE object included in the protected CoAP message, as detailed below".

2) In Section 2 (page 5), I would move the sentence "An endpoint receiving
[...] treat it as malformed and reject it." at the end of the first element
of the bullet list below, since it concerns CoAP messages with payload.

3) Following the same reasoning of point 2), I would extend the second
element in the dotted list at the end of page 5 with: "An endpoint
receiving a CoAP message without payload, that also contains an empty
Object-Security option SHALL treat it as malformed and reject it".

4) Section 3.1, page 6, "The endpoint verifies the message received" -->
"The endpoint verifies the messages received".

5) Section 5, page 13, add "(see Section 5.1)" after "is computed from the
Plaintext", and "(see Section 5.2)" after "and the Additional Authenticated
Data (AAD)".

6) Section 6.2, page 16, step 1. In the last sentences about renewing the
security context on the client, it would be good to mention also that this
involves informing the server, so that it can update its own Receiver-*
parameters on its own context.

7) Section 6.2, page 16, step 2. "Store the MAC of each fragment" -->
"Store the MAC of each last-sent fragment".

8) Section 6.3, page 17, step 2. "Store the MAC of each fragment" -->
"Store the MAC of each last-received fragment".

9) Section 6.4, page 18, step 1. In the last sentences about renewing the
security context on the server, it would be good to mention also that this
involves informing the client, so that it can update its own Receiver-*
parameters on its own context.

10) Section 6.4, page 18, step 2. "Store the MAC of each fragment" -->
"Store the MAC of each last-sent fragment".

11) Section 6.5, page 19, step 2. "Store the MAC of each fragment" -->
"Store the MAC of each last-received fragment".

12) Section 6.5, page 20, first paragraph. After the last sentence "DTLS
and OSCOAP can be combined", I would restate what said in Section 1 (page
4), that is "thereby enabling end-to-end ..."

13) Section 6.5, page 20, third paragraph. "The use of COSE to protected
CoAP messages" --> "The use of COSE to protect CoAP messages"

On Fri, Jul 8, 2016 at 9:03 AM, Francesca Palombini <
francesca.palombini@ericsson.com> wrote:

> Dear CoRE, COSE and ACE members,
>
> We have submitted an update to the OSCOAP draft:
> https://tools.ietf.org/html/draft-selander-ace-object-security-05
>
> For those who don’t know, OSCOAP is an application layer security protocol
> for CoAP, based on wrapping request and response messages in COSE objects
> which are sent in a CoAP message exchange.
>
> With this version, we aimed for improved readability and we added the
> blockwise functionality, as discussed during last f2f meeting.
>
> We are now looking for reviews. Any comment or feedback would be greatly
> appreciated!
>
> Best regards,
> Francesca
>
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: den 7 juli 2016 18:37
> To: Göran Selander <goran.selander@ericsson.com>; Ludwig Seitz <
> ludwig@sics.se>; John Mattsson <john.mattsson@ericsson.com>; Göran
> Selander <goran.selander@ericsson.com>; Francesca Palombini <
> francesca.palombini@ericsson.com>
> Subject: New Version Notification for
> draft-selander-ace-object-security-05.txt
>
>
> A new version of I-D, draft-selander-ace-object-security-05.txt
> has been successfully submitted by Francesca Palombini and posted to the
> IETF repository.
>
> Name:           draft-selander-ace-object-security
> Revision:       05
> Title:          Object Security of CoAP (OSCOAP)
> Document date:  2016-07-07
> Group:          Individual Submission
> Pages:          36
> URL:
> https://www.ietf.org/internet-drafts/draft-selander-ace-object-security-05.txt
> Status:
> https://datatracker.ietf.org/doc/draft-selander-ace-object-security/
> Htmlized:
> https://tools.ietf.org/html/draft-selander-ace-object-security-05
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-selander-ace-object-security-05
>
> Abstract:
>    This memo defines Object Security of CoAP (OSCOAP), a method for
>    application layer protection of message exchanges with the
>    Constrained Application Protocol (CoAP), using the CBOR Object
>    Signing and Encryption (COSE) format.  OSCOAP provides end-to-end
>    encryption, integrity and replay protection to CoAP payload, options,
>    and header fields, as well as a secure binding between CoAP request
>    and response messages.  The use of OSCOAP is signaled with the CoAP
>    option Object-Security, also defined in this memo.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
>
> The IETF Secretariat
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>

v2.23.0 | Report a Bug | By Email