Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08
Göran Selander <goran.selander@ericsson.com> Fri, 23 February 2018 10:26 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C75A3127909 for <gen-art@ietfa.amsl.com>; Fri, 23 Feb 2018 02:26:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LteACg3co0UL for <gen-art@ietfa.amsl.com>; Fri, 23 Feb 2018 02:26:13 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C687D124235 for <gen-art@ietf.org>; Fri, 23 Feb 2018 02:26:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519381571; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=LV6GjmMfZ7z/964nwq8eBTXYU+TUcOaJ85lJA9yxFxE=; b=UrV6WOY6kix88kQzWaQmJCWqc41cq5ttQzpLbun2v1p3gdE9H3WfEgNTXT2dNkQm ijpl2eI1kp5ypqxjzbarWbIupoWFN6HpPgFZKu7pgVClgw7XIUhtl8Cct3Fc2UDB QSDYFjMjKzqviCVcd2ANJYHNGk+uKggDv7gylxq8WaA=;
X-AuditID: c1b4fb3a-347ff700000067b4-cd-5a8fec426682
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.183.66]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id A1.72.26548.24CEF8A5; Fri, 23 Feb 2018 11:26:11 +0100 (CET)
Received: from ESESSMB107.ericsson.se ([169.254.7.129]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.03.0352.000; Fri, 23 Feb 2018 11:26:10 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Joel Halpern <jmh@joelhalpern.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-core-object-security.all@ietf.org" <draft-ietf-core-object-security.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-core-object-security-08
Thread-Index: AQHTq5B10khO9+K1o0aQQatbu7YyQ6Oxyk4A
Date: Fri, 23 Feb 2018 10:26:09 +0000
Message-ID: <D6B5A4CD.A00B9%goran.selander@ericsson.com>
References: <151927150372.21177.1992679615718735268@ietfa.amsl.com>
In-Reply-To: <151927150372.21177.1992679615718735268@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.3.170325
x-originating-ip: [83.251.191.108]
Content-Type: text/plain; charset="utf-8"
Content-ID: <FCFCB9A604728843B5B45515F20C401B@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrDIsWRmVeSWpSXmKPExsUyM2K7k67zm/4og+9TOC32vV3PbPGtZx6r xdVXn1ksnm2cz2Lx8dQbJgdWjyVLfjJ5nJvynTGAKYrLJiU1J7MstUjfLoEro2vuLfaCTWIV E84sZ2pgfCHaxcjBISFgIrHsiloXIxeHkMBhRolzq/qYIJwljBIHNzazdzFycrAJuEg8aHjE BGKLCPhKHP+7CayIWWA5o8SJxu9gCWEBL4kze26xQhR5S2xde50RZIOIgJHE1Nl1IGEWAVWJ OQcOsIDYvAIWEv9PfwSbLyTgLDH7whFmEJsTaNei/yfBxjAKiEl8P7UGbDyzgLjErSfzwWwJ AQGJJXvOM0PYohIvH/8DqxcV0JPY29POBvGYkkTPBikQk1lAU2L9Ln2IKdYSFz4sYISwFSWm dD9kh7hGUOLkzCcsExjFZyFZNguhexaS7llIumch6V7AyLqKUbQ4tbg4N93ISC+1KDO5uDg/ Ty8vtWQTIzAOD275bbWD8eBzx0OMAhyMSjy82570RwmxJpYVV+YeYpTgYFYS4S17DhTiTUms rEotyo8vKs1JLT7EKM3BoiTO65RmESUkkJ5YkpqdmlqQWgSTZeLglGpgZPJkf5UY+kfgQ3du svrHAI6EYt7fgRcS1vqFPl50+f6n5pN3SsvUNANWrgz8tO9bZHyybNf6Kb4fWXdm/puk8ltS U/JKo2nf7KiJAi/PPNDumJHOFxXiPs/m55/Plgu+Pv5lUcJVoPBWfrJdE2smj3dw5u2tLzKk VnJVse9N/aH0SZxRMcBMiaU4I9FQi7moOBEA0geO178CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/G6p_MGKV1dvLunFmF9doXX1y5PY>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2018 10:26:15 -0000
Hi Joel, Thanks for your review. Comments inline. On 2018-02-22 04:51, "Joel Halpern" <jmh@joelhalpern.com> wrote: >Reviewer: Joel Halpern >Review result: Ready with Nits > >I am the assigned Gen-ART reviewer for this draft. The General Area >Review Team (Gen-ART) reviews all IETF documents being processed >by the IESG for the IETF Chair. Please treat these comments just >like any other last call comments. > >For more information, please see the FAQ at > ><https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > >Document: draft-ietf-core-object-security-08 >Reviewer: Joel Halpern >Review Date: 2018-02-21 >IETF LC End Date: 2018-03-02 >IESG Telechat date: 2018-03-08 > >Summary: This document is ready for publication as a Proposed Standard RFC > >Major issues: N/A > >Minor issues: > In section 8.2 on verifying the request, step 5 says to "compose" the > Additional Authentication Data. I would have expected it to be >"verify" > the Additional Authentication Data. I could imagine that the >verification > consists of composing what it should be, and then comparing with what >is > received. But I do not see the comparison step. is it implicit in >some > other step? This occurs again in 8.4, so I presume I am simply >missing > something. This may suggest some clarification could be useful. The AAD is indeed “composed" both on encrypting and decrypting side from data which needs to be known to the endpoint at the time when the AEAD operation is performed. The authenticated decryption process is described in: https://tools.ietf.org/html/rfc5116#section-2.2 So the verification consists of feeding the input, including the AAD, to the authenticated decryption which calculates the plain text or FAIL, and a failure may be - but is not necessarily - caused by wrong AAD. The AD review also indicated that we should move the reference to RFC 5116 to an early section in the draft and that change is already included in the latest version on the CoRE WG Github. Best regards Göran
- [Gen-art] Genart last call review of draft-ietf-c… Joel Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Göran Selander
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Göran Selander
- Re: [Gen-art] Genart last call review of draft-ie… Joel Halpern Direct
- Re: [Gen-art] Genart last call review of draft-ie… Göran Selander
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper