Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08
Alissa Cooper <alissa@cooperw.in> Thu, 08 March 2018 13:33 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90851126CE8; Thu, 8 Mar 2018 05:33:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=GiVihpOP; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=f0ElIKcK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGxN9goDDWI3; Thu, 8 Mar 2018 05:33:45 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72E0B126CD6; Thu, 8 Mar 2018 05:33:45 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 9461420EA6; Thu, 8 Mar 2018 08:33:44 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Thu, 08 Mar 2018 08:33:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=7SVgAdg6THFhL2AD1nC+JG9qUIUCd PfEd3ehO9xc3c4=; b=GiVihpOPpG0yk34cdo/fgkdsJhgi5KXNzQPXDzceJCkVb KYZaNjYCntjpXs4fo3f7/keZarUf2RXbbLtKmIDwfkIgpVyjE4Thg82RxeNfm7fc 6LbagILk/yM+f3BZ8Aw+VJhbD6GNMhoH7KgTYZbgspy6Ap5ZJwVVFlh+03thLq01 AYl+SOI7K3ZJf4yHm7MLQD/IIK5ZIszFYhgyocVWJR/C0imG53CWP9HmqcNWg/ur FQ7SDNq0PaT1Wzq2qGOdEyYZo7Baih+hsd5K48BZHNkcNknEBhiAHSQtLPhlMMiB vY+4MgQ5dWHSbcp0rFBTaakt2nqUB+TRNUY9Blz0A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=7SVgAd g6THFhL2AD1nC+JG9qUIUCdPfEd3ehO9xc3c4=; b=f0ElIKcKD6v7g4a2Fse1So hCo640MRfbJxekkHbKhVrsMXIhUWgLKJWkgUb/S447F+7u1Cn/A3UqvaNqxcKbfC kRTt0iZCCa2N6EasJZ7EePaJBjQlM16Ng1BRFLcY+fNfwx+to/A0zT8Ze7q7rtjf kQgycrfyj9khfg4HnsEGCe1OXvM5+6T77GykKEKCDXhAHHyAnfVWRod93r23x13k 3oHyNfDJ6tOsF2Qj55UonPAyNUHVOXXVyioep/CkB4M87w97Xw6z54Q+ZTNv5LFm rqjHjAhe2BBFv5WDXR24H+zFW9oIajFpXmTFI0d2CWqv1Yj7zuHNtDaGJtx05/+g ==
X-ME-Sender: <xms:uDuhWtDCew9yslFt_xgtVPZgLSaP9RvF4LZFhzx8PRUImOEIJPnMmA>
Received: from [10.19.234.245] (unknown [128.107.241.170]) by mail.messagingengine.com (Postfix) with ESMTPA id 4DABE7E539; Thu, 8 Mar 2018 08:33:43 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <f93788ab-ec0e-3587-8124-476cddf461d2@joelhalpern.com>
Date: Thu, 08 Mar 2018 08:33:41 -0500
Cc: Göran Selander <goran.selander@ericsson.com>, "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-core-object-security.all@ietf.org" <draft-ietf-core-object-security.all@ietf.org>, "core@ietf.org" <core@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E18F26C6-ACAB-4468-9981-5444DF8B0EF7@cooperw.in>
References: <151927150372.21177.1992679615718735268@ietfa.amsl.com> <D6B5A4CD.A00B9%goran.selander@ericsson.com> <f66dac5d-2bb8-dd17-645c-4ba53399d9cc@joelhalpern.com> <D6B5E2B8.A01B3%goran.selander@ericsson.com> <f913c2e0-2f1a-c1dc-5182-edde22b16956@joelhalpern.com> <D6B5E4F6.A01C4%goran.selander@ericsson.com> <f93788ab-ec0e-3587-8124-476cddf461d2@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/jQPh4uQTGh0yQgqXSi5KrWUL990>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 13:33:47 -0000
Joel, thanks for your review. Göran, thanks for addressing Joel’s comment. Unfortunately I ran out of time to review this document before the telechat. Alissa > On Feb 23, 2018, at 9:40 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote: > > Yes, that is what I was looking for. > Thank you, > Joel > > On 2/23/18 9:38 AM, Göran Selander wrote: >> How about this (see the last and third to last edit): >> https://github.com/core-wg/oscoap/commit/8f277d83 >> where the reference is made to COSE instead of AEAD? >> Best >> Göran >> On 2018-02-23 15:32, "Joel Halpern Direct" <jmh.direct@joelhalpern.com> >> wrote: >>> I guess it is up to you. Personally, I like the idea of the verify >>> description including some reference to how one actually does verify. >>> I will leave it to the authors and WG to decide what degree of clarity >>> is called for here. >>> >>> Yours, >>> Joel >>> >>> On 2/23/18 9:30 AM, Göran Selander wrote: >>>> Hi Joel, >>>> >>>> Thanks for quick feedback, inline. >>>> >>>> On 2018-02-23 14:59, "Joel M. Halpern" <jmh@joelhalpern.com> wrote: >>>> >>>>> In terms of my concerns, if Step 7 said "Verify and Decrypt the COSE >>>>> object using the Recipient Key as per RFC 5116 Section 2.2" that would >>>>> fill in the confusion for this reader. >>>> >>>> Since the AEAD is used throughout the draft, in particular in other >>>> parts >>>> of this section I’m thinking that maybe we should add RFC 5116 to the >>>> list >>>> of specifications following "Readers are expected to be familiar with” >>>> in >>>> Section 1.1. Would that address your comment? >>>> >>>> Thanks >>>> Göran >>>> >>>> >>>> >>>>> >>>>> Yours, >>>>> Joel >>>>> >>>>> On 2/23/18 5:26 AM, Göran Selander wrote: >>>>>> Hi Joel, >>>>>> >>>>>> Thanks for your review. Comments inline. >>>>>> >>>>>> >>>>>> On 2018-02-22 04:51, "Joel Halpern" <jmh@joelhalpern.com> wrote: >>>>>> >>>>>>> Reviewer: Joel Halpern >>>>>>> Review result: Ready with Nits >>>>>>> >>>>>>> I am the assigned Gen-ART reviewer for this draft. The General Area >>>>>>> Review Team (Gen-ART) reviews all IETF documents being processed >>>>>>> by the IESG for the IETF Chair. Please treat these comments just >>>>>>> like any other last call comments. >>>>>>> >>>>>>> For more information, please see the FAQ at >>>>>>> >>>>>>> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. >>>>>>> >>>>>>> Document: draft-ietf-core-object-security-08 >>>>>>> Reviewer: Joel Halpern >>>>>>> Review Date: 2018-02-21 >>>>>>> IETF LC End Date: 2018-03-02 >>>>>>> IESG Telechat date: 2018-03-08 >>>>>>> >>>>>>> Summary: This document is ready for publication as a Proposed >>>>>>> Standard >>>>>>> RFC >>>>>>> >>>>>>> Major issues: N/A >>>>>>> >>>>>>> Minor issues: >>>>>>> In section 8.2 on verifying the request, step 5 says to >>>>>>> "compose" >>>>>>> the >>>>>>> Additional Authentication Data. I would have expected it to be >>>>>>> "verify" >>>>>>> the Additional Authentication Data. I could imagine that the >>>>>>> verification >>>>>>> consists of composing what it should be, and then comparing with >>>>>>> what >>>>>>> is >>>>>>> received. But I do not see the comparison step. is it >>>>>>> implicit in >>>>>>> some >>>>>>> other step? This occurs again in 8.4, so I presume I am simply >>>>>>> missing >>>>>>> something. This may suggest some clarification could be useful. >>>>>> >>>>>> The AAD is indeed “composed" both on encrypting and decrypting side >>>>>> from >>>>>> data which needs to be known to the endpoint at the time when the AEAD >>>>>> operation is performed. The authenticated decryption process is >>>>>> described >>>>>> in: >>>>>> >>>>>> https://tools.ietf.org/html/rfc5116#section-2.2 >>>>>> >>>>>> So the verification consists of feeding the input, including the AAD, >>>>>> to >>>>>> the authenticated decryption which calculates the plain text or FAIL, >>>>>> and >>>>>> a failure may be - but is not necessarily - caused by wrong AAD. >>>>>> >>>>>> The AD review also indicated that we should move the reference to RFC >>>>>> 5116 >>>>>> to an early section in the draft and that change is already included >>>>>> in >>>>>> the latest version on the CoRE WG Github. >>>>>> >>>>>> >>>>>> Best regards >>>>>> Göran >>>>>> >>>> > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Genart last call review of draft-ietf-c… Joel Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Göran Selander
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Göran Selander
- Re: [Gen-art] Genart last call review of draft-ie… Joel Halpern Direct
- Re: [Gen-art] Genart last call review of draft-ie… Göran Selander
- Re: [Gen-art] Genart last call review of draft-ie… Joel M. Halpern
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper