Re: [Emu] AD Review: draft-ietf-emu-noob-03
Roman Danyliw <rdd@cert.org> Tue, 30 March 2021 18:26 UTC
Return-Path: <rdd@cert.org>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DC7E3A1DBE for <emu@ietfa.amsl.com>; Tue, 30 Mar 2021 11:26:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SXgGFXJAt_Af for <emu@ietfa.amsl.com>; Tue, 30 Mar 2021 11:26:30 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B94E3A1DBB for <emu@ietf.org>; Tue, 30 Mar 2021 11:26:29 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 12UIQJZK012620; Tue, 30 Mar 2021 14:26:19 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 12UIQJZK012620
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1617128779; bh=43H8WOUaM170hSa/JBDeQhcQ/qWfgTp9uW/DE7TWfC8=; h=From:To:Subject:Date:References:In-Reply-To:From; b=PLy0ujd9u2GSGVMI/+DAkSZyAflUyRNZENEviXD+rJ40Mit4YoFab7F+R0j4/EtE5 LmV7iZ0WuxigrSM7xegBaHvWEKHQFxeCdWtmoPjDSu8WrJe6HGcKmKk1o+bp3N7xvr 0uwcSLtk6H/VrlT4QFDfVF3rhrz1aFcLKdtn1gpo=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 12UIQENG045275; Tue, 30 Mar 2021 14:26:15 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 30 Mar 2021 14:26:14 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.013; Tue, 30 Mar 2021 14:26:14 -0400
From: Roman Danyliw <rdd@cert.org>
To: Aura Tuomas <tuomas.aura@aalto.fi>, "emu@ietf.org" <emu@ietf.org>
Thread-Topic: AD Review: draft-ietf-emu-noob-03
Thread-Index: AdcTVP35kzvSUqBlSuKU7OhsSx5pGQHEEZiAAssrrJA=
Date: Tue, 30 Mar 2021 18:26:13 +0000
Message-ID: <34785478bc8b44499729b02f05fc5642@cert.org>
References: <30859_1615124062_6044D65D_30859_143_1_077bd5c39491422cb6585c248b23ea78@cert.org> <a6f3028ffb6c40a6a11611997048ae23@aalto.fi>
In-Reply-To: <a6f3028ffb6c40a6a11611997048ae23@aalto.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.203.41]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/khwl-QmQhWjzCc0zRcGXkAq6XW8>
Subject: Re: [Emu] AD Review: draft-ietf-emu-noob-03
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 18:26:35 -0000
Hi Tuomas! Thanks for the inline explanation below and the new text in -04. This new content addresses my feedback so I advanced the document to IETF LC. Regards, Roman > -----Original Message----- > From: Aura Tuomas <tuomas.aura@aalto.fi> > Sent: Tuesday, March 16, 2021 9:17 AM > To: Roman Danyliw <rdd@cert.org>; emu@ietf.org > Subject: RE: AD Review: draft-ietf-emu-noob-03 > > Hi Roman, > > Thank you for your review. We have made the necessary changes and published > version -04. I have also explained the changes made in-line below. Hopefully, > the draft is now ready for the next steps. > > Regards, > Tuomas > > > -------- Forwarded Message -------- > Subject: [Emu] AD Review: draft-ietf-emu-noob-03 > Date: Sun, 7 Mar 2021 13:33:59 +0000 > From: Roman Danyliw <rdd@cert.org> > > To: emu@ietf.org <emu@ietf.org> > > > > Hi! > > I performed an AD review on draft-ietf-emu-noob-03. Thanks for the work on > this document -- in particular for providing copious examples in the Appendix; > and co-developing this text with the implementations and the proofs. > > ** Section 3.2.3. Per "The OOB receiver MUST compare the received value of > the fingerprint Hoob ...", perhaps overly pedantic, it would be worth > mentioning that this is compared relative to the expected PeerId + Hoob. > > Tuomas: Added "The OOB receiver MUST compare the received value of the > fingerprint Hoob (see Section 3.3.2) with a value that it computes locally for > the PeerID received." > > > ** Section 3.4.2 and Section 6.6. I wanted to talk through the expected > implementation logic around the downgrade protection in the check during the > cryptosuite upgrade. Specifically: > > (a) Section 3.4.2. The server SHOULD NOT offer and the peer MUST NOT accept > protocol versions or cryptosuites that it knows to be weaker than the one > currently in the Cryptosuitep field of the persistent EAP-NOOB association. > > (b) Section 6.6. As long as > the server or peer saves any information about the other endpoint, it MUST > also remember the previously negotiated cryptosuite and MUST NOT accept > renegotiation of any cryptosuite that is known to be weaker than the previous > one, such as a deprecated cryptosuite. > > To make sure I understand that right, let's say I registered cryptosuite = 3 as > "ECDHE curve Curve25519 + SHA-512". If the peer initially used this new > cryptosuite=3 and later tried to negotiate the current cryptosuite=1, this should > fail because SHA-256 is weaker than SHA-512? What about the situation of > hypothetical cryptosuite = 4 as "fancy new PQ-resistant algo + SHA-256"? > No issues with the suggested design, but perhaps we should further caveat > somewhere in the document by adding language that determining the relative > strength of the cryptosuites is out of scope and may be managed through local > policy or configuration. > > Tuomas: Yes, thank you for raising this. We have added: "Determining the > relative strength of the cryptosuites is out of scope and may be managed > through local policy or configuration at the peer and server." > > > ** Section 4. Per "The EAP Method Type number for EAP-NOOB needs to be > assigned", can the explicit registry name for this be explicitly named. > > Tuomas: We now call out the registry name explicitly. We realized that all the > new registries created should also have explicit names. We have made the > necessary changes. > > > ** Section 4.1. Per "public-key format [RFC7517] Section 6.2.1" in both > cryptosuites, RFC5717 doesn't have a Section 6.2.1. > > Tuomas: Good catch. This is a remanent from when the text was pointing to > section 6.2.1 of RFC 7518. Fixed. > > > ** Section 5.4. Editorial. Please add the model URLs as a reference instead of a > bare URL > > Tuomas: The URLs are now informational references. > > > ** Section 5.4, 6.1, 6.2, 6.6, Appendix E. In the spirit of inclusive language, > please consider: s/man-in-the-middle/on-path/ > > ** Section 6.5. In the spirit of inclusive language, please consider: s/blacklist > misbehaving peer devices/add misbehaving peer devices to a deny list/ > > Tuomas: We have now made the appropriate terminology changes. > > > ** Appendix C. Per "Table 11 lists some suggested data fields for ServerInfo. > Further specifications may specify application- specific ServerInfo and PeerInfo > contents.": > > -- I would recommend tuning the guidance to make it clear that if these fields > names are used in any OOB-enabled application their semantics will be as > defined here (I stumbled over calling these "suggested data fields"). > > NEW: > Table 11 defines commonly used data fields for ServerInfo. Further > specifications may define additional application-specific ... > > -- Is there an EAP reference to describe handle unknown fields? > > Tuomas: Error types 5002 and 5004 handle the cases where ServerInfo and > PeerInfo have unknown fields. > > > -- Did the WG discuss/consider defining an IANA registry to manage the > Peer/ServerInfo fields to ensure there are clear pointers to their semantics? > > Tuomas: This is was something briefly eluded to by the IoT directorate review > of Dave Thaler. Based on Dave's recommendation, we had added a type tag. > We consulted RFC 8216 again and like your recommendation of making the > PeerInfo and ServerInfo semantics clearer with an IANA registry. We were > initially hesitant but 'specification required' is flexible enough to not prevent > new applications of EAP-NOOB from defining new data fields. PeerInfo and > ServerInfo are now IANA registries. > > > ** Appendix F and Section 3.3.2. The existing examples in this Appendix are > very helpful. One additional place where I was looking for an illustrative > example was the JSON input that would get hashed into the Hoob, MACs. Just > one of them would have been useful. > > Tuomas: The example inputs of Hoob, MACs, MACp, etc. have now been added. > > > Regards, > Roman
- [Emu] AD Review: draft-ietf-emu-noob-03 Roman Danyliw
- Re: [Emu] AD Review: draft-ietf-emu-noob-03 Aura Tuomas
- Re: [Emu] AD Review: draft-ietf-emu-noob-03 Roman Danyliw