Re: [Gen-art] [Ace] Genart last call review of draft-ietf-ace-oauth-params-06

elwynd <elwynd@folly.org.uk> Sun, 22 December 2019 18:39 UTC

Return-Path: <elwynd@folly.org.uk>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AED09120026; Sun, 22 Dec 2019 10:39:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.194
X-Spam-Level:
X-Spam-Status: No, score=-4.194 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iXj7CRKEJY7i; Sun, 22 Dec 2019 10:39:08 -0800 (PST)
Received: from b-painless.mh.aa.net.uk (b-painless.mh.aa.net.uk [81.187.30.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F4180120019; Sun, 22 Dec 2019 10:39:07 -0800 (PST)
Received: from 9.5.8.9.a.5.e.c.2.c.2.d.8.4.5.c.1.0.0.0.f.b.0.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:bf:1:c548:d2c2:ce5a:9859]) by b-painless.mh.aa.net.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <elwynd@folly.org.uk>) id 1ij5wt-0004Yd-1F; Sun, 22 Dec 2019 18:27:27 +0000
SavedFromEmail: elwynd@folly.org.uk
Date: Sun, 22 Dec 2019 18:27:22 +0000
In-Reply-To: <60524620-542b-293d-d954-7c7ecb45bde1@gmx.de>
Importance: normal
From: elwynd <elwynd@folly.org.uk>
To: Ludwig Seitz <ludwig_seitz@gmx.de>, Elwyn Davies <elwynd@dial.pipex.com>, gen-art@ietf.org
Cc: last-call@ietf.org, draft-ietf-ace-oauth-params.all@ietf.org, ace@ietf.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.samsung.android.email_4645990373229240"
Message-ID: <E1ij5wt-0004Yd-1F@b-painless.mh.aa.net.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/U316l2qW31bBD1l9thp0ZI4NmjE>
Subject: Re: [Gen-art] [Ace] Genart last call review of draft-ietf-ace-oauth-params-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Dec 2019 18:39:11 -0000

Hi, Ludwig.Having had another look at section 3.1 of draft-ietf-ace-cwt-proof-of-possession, technically the rules about which keys have to be present are not part of the syntax of the cnf claim.  The point can be covered by changing '"syntax of the 'cnf' claim"to "syntax and semantics of the 'cnf' claim"in each case.However, the second look threw up another point:  Figure 2 in s3.2 gives a Symetric key example  - I think this should use an Encrypted_COSE_Key (or Encrypted_COSE_Key0) as described in section 3.3 of draft-ietf-ace-cwt-proof-of-possession.Otherwise I think we are done.Eventually we will get to Christmas!  Cheers,ElwynSent from Samsung tablet.
-------- Original message --------From: Ludwig Seitz <ludwig_seitz@gmx.de> Date: 22/12/2019  12:36  (GMT+00:00) To: Elwyn Davies <elwynd@dial.pipex.com>om>, gen-art@ietf.org Cc: last-call@ietf.org, draft-ietf-ace-oauth-params.all@ietf.org, ace@ietf.org Subject: Re: [Gen-art] [Ace] Genart last call review of
  draft-ietf-ace-oauth-params-06 Hello Elwyn,I have now submitted -09 to fix the minor issues and nits, which Iforgot in my -08.Comments inline.Regards,LudwigOn 2019-12-14 23:46, Elwyn Davies via Datatracker wrote:<deleted>> s3.1:  The text in s3.2 of draft-ietf-ace-cwt-proof-of-possession-03 contans> the following>>     The COSE_Key MUST contain the required key members for a COSE_Key of that>     key type and MAY contain other COSE_Key members, including the "kid" (Key>     ID) member.>>     The "COSE_Key" member MAY also be used for a COSE_Key representing a>     symmetric key, provided that the CWT is encrypted so that the key is not>     revealed to unintended parties. The means of encrypting a CWT is explained>     in [RFC8392]. If the CWT is not encrypted, the symmetric key MUST be>     encrypted as described in Section 3.3.>> These riders probably apply to all the subsectons of s3 and to s4.1 and could> be included in the currently empty main section text.>Here I disagree. The text explicitly refers todraft-ietf-ace-cwt-proof-of-possession, saying that the contents of the'cnf', 'req_cnf' and 'rs_cnf' parameters use the syntax of the 'cnf'claim from section 3.1 of draft-ietf-ace-cwt-proof-of-possession.The requirements in section 3.2 draft-ietf-ace-cwt-proof-of-possessionfollow from the use of the definitions in 3.1.I don't see the value of reiterating such a long text from that documenthere, when an explicit reference is already given._______________________________________________Gen-art mailing listGen-art@ietf.orghttps://www.ietf.org/mailman/listinfo/gen-art