IETF Logo Mail Archive

Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08

Alissa Cooper <alissa@cooperw.in> Thu, 08 March 2018 13:33 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90851126CE8; Thu, 8 Mar 2018 05:33:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=GiVihpOP; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=f0ElIKcK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGxN9goDDWI3; Thu, 8 Mar 2018 05:33:45 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72E0B126CD6; Thu, 8 Mar 2018 05:33:45 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 9461420EA6; Thu, 8 Mar 2018 08:33:44 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Thu, 08 Mar 2018 08:33:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=7SVgAdg6THFhL2AD1nC+JG9qUIUCd PfEd3ehO9xc3c4=; b=GiVihpOPpG0yk34cdo/fgkdsJhgi5KXNzQPXDzceJCkVb KYZaNjYCntjpXs4fo3f7/keZarUf2RXbbLtKmIDwfkIgpVyjE4Thg82RxeNfm7fc 6LbagILk/yM+f3BZ8Aw+VJhbD6GNMhoH7KgTYZbgspy6Ap5ZJwVVFlh+03thLq01 AYl+SOI7K3ZJf4yHm7MLQD/IIK5ZIszFYhgyocVWJR/C0imG53CWP9HmqcNWg/ur FQ7SDNq0PaT1Wzq2qGOdEyYZo7Baih+hsd5K48BZHNkcNknEBhiAHSQtLPhlMMiB vY+4MgQ5dWHSbcp0rFBTaakt2nqUB+TRNUY9Blz0A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=7SVgAd g6THFhL2AD1nC+JG9qUIUCdPfEd3ehO9xc3c4=; b=f0ElIKcKD6v7g4a2Fse1So hCo640MRfbJxekkHbKhVrsMXIhUWgLKJWkgUb/S447F+7u1Cn/A3UqvaNqxcKbfC kRTt0iZCCa2N6EasJZ7EePaJBjQlM16Ng1BRFLcY+fNfwx+to/A0zT8Ze7q7rtjf kQgycrfyj9khfg4HnsEGCe1OXvM5+6T77GykKEKCDXhAHHyAnfVWRod93r23x13k 3oHyNfDJ6tOsF2Qj55UonPAyNUHVOXXVyioep/CkB4M87w97Xw6z54Q+ZTNv5LFm rqjHjAhe2BBFv5WDXR24H+zFW9oIajFpXmTFI0d2CWqv1Yj7zuHNtDaGJtx05/+g ==
X-ME-Sender: <xms:uDuhWtDCew9yslFt_xgtVPZgLSaP9RvF4LZFhzx8PRUImOEIJPnMmA>
Received: from [10.19.234.245] (unknown [128.107.241.170]) by mail.messagingengine.com (Postfix) with ESMTPA id 4DABE7E539; Thu, 8 Mar 2018 08:33:43 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <f93788ab-ec0e-3587-8124-476cddf461d2@joelhalpern.com>
Date: Thu, 08 Mar 2018 08:33:41 -0500
Cc: Göran Selander <goran.selander@ericsson.com>, "gen-art@ietf.org" <gen-art@ietf.org>, "draft-ietf-core-object-security.all@ietf.org" <draft-ietf-core-object-security.all@ietf.org>, "core@ietf.org" <core@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E18F26C6-ACAB-4468-9981-5444DF8B0EF7@cooperw.in>
References: <151927150372.21177.1992679615718735268@ietfa.amsl.com> <D6B5A4CD.A00B9%goran.selander@ericsson.com> <f66dac5d-2bb8-dd17-645c-4ba53399d9cc@joelhalpern.com> <D6B5E2B8.A01B3%goran.selander@ericsson.com> <f913c2e0-2f1a-c1dc-5182-edde22b16956@joelhalpern.com> <D6B5E4F6.A01C4%goran.selander@ericsson.com> <f93788ab-ec0e-3587-8124-476cddf461d2@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/jQPh4uQTGh0yQgqXSi5KrWUL990>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 13:33:47 -0000

Joel, thanks for your review. Göran, thanks for addressing Joel’s comment. Unfortunately I ran out of time to review this document before the telechat.

Alissa

> On Feb 23, 2018, at 9:40 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
> 
> Yes, that is what I was looking for.
> Thank you,
> Joel
> 
> On 2/23/18 9:38 AM, Göran Selander wrote:
>> How about this (see the last and third to last edit):
>> https://github.com/core-wg/oscoap/commit/8f277d83
>> where the reference is made to COSE instead of AEAD?
>> Best
>> Göran
>> On 2018-02-23 15:32, "Joel Halpern Direct" <jmh.direct@joelhalpern.com>
>> wrote:
>>> I guess it is up to you.  Personally, I like the idea of the verify
>>> description including some reference to how one actually does verify.
>>> I will leave it to the authors and WG to decide what degree of clarity
>>> is called for here.
>>> 
>>> Yours,
>>> Joel
>>> 
>>> On 2/23/18 9:30 AM, Göran Selander wrote:
>>>> Hi Joel,
>>>> 
>>>> Thanks for quick feedback, inline.
>>>> 
>>>> On 2018-02-23 14:59, "Joel M. Halpern" <jmh@joelhalpern.com> wrote:
>>>> 
>>>>> In terms of my concerns, if Step 7 said "Verify and Decrypt the COSE
>>>>> object using the Recipient Key as per RFC 5116 Section 2.2" that would
>>>>> fill in the confusion for this reader.
>>>> 
>>>> Since the AEAD is used throughout the draft, in particular in other
>>>> parts
>>>> of this section I’m thinking that maybe we should add RFC 5116 to the
>>>> list
>>>> of specifications following "Readers are expected to be familiar with”
>>>> in
>>>> Section 1.1. Would that address your comment?
>>>> 
>>>> Thanks
>>>> Göran
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Yours,
>>>>> Joel
>>>>> 
>>>>> On 2/23/18 5:26 AM, Göran Selander wrote:
>>>>>> Hi Joel,
>>>>>> 
>>>>>> Thanks for your review. Comments inline.
>>>>>> 
>>>>>> 
>>>>>> On 2018-02-22 04:51, "Joel Halpern" <jmh@joelhalpern.com> wrote:
>>>>>> 
>>>>>>> Reviewer: Joel Halpern
>>>>>>> Review result: Ready with Nits
>>>>>>> 
>>>>>>> I am the assigned Gen-ART reviewer for this draft. The General Area
>>>>>>> Review Team (Gen-ART) reviews all IETF documents being processed
>>>>>>> by the IESG for the IETF Chair.  Please treat these comments just
>>>>>>> like any other last call comments.
>>>>>>> 
>>>>>>> For more information, please see the FAQ at
>>>>>>> 
>>>>>>> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
>>>>>>> 
>>>>>>> Document: draft-ietf-core-object-security-08
>>>>>>> Reviewer: Joel Halpern
>>>>>>> Review Date: 2018-02-21
>>>>>>> IETF LC End Date: 2018-03-02
>>>>>>> IESG Telechat date: 2018-03-08
>>>>>>> 
>>>>>>> Summary: This document is ready for publication as a Proposed
>>>>>>> Standard
>>>>>>> RFC
>>>>>>> 
>>>>>>> Major issues: N/A
>>>>>>> 
>>>>>>> Minor issues:
>>>>>>>      In section 8.2 on verifying the request, step 5 says to
>>>>>>> "compose"
>>>>>>> the
>>>>>>>      Additional Authentication Data.  I would have expected it to be
>>>>>>> "verify"
>>>>>>>      the Additional Authentication Data.  I could imagine that the
>>>>>>> verification
>>>>>>>      consists of composing what it should be, and then comparing with
>>>>>>> what
>>>>>>> is
>>>>>>>      received.  But I do not see the comparison step.  is it
>>>>>>> implicit in
>>>>>>> some
>>>>>>>      other step?  This occurs again in 8.4, so I presume I am simply
>>>>>>> missing
>>>>>>>      something.  This may suggest some clarification could be useful.
>>>>>> 
>>>>>> The AAD is indeed “composed" both on encrypting and decrypting side
>>>>>> from
>>>>>> data which needs to be known to the endpoint at the time when the AEAD
>>>>>> operation is performed. The authenticated decryption process is
>>>>>> described
>>>>>> in:
>>>>>> 
>>>>>> https://tools.ietf.org/html/rfc5116#section-2.2
>>>>>> 
>>>>>> So the verification consists of feeding the input, including the AAD,
>>>>>> to
>>>>>> the authenticated decryption which calculates the plain text or FAIL,
>>>>>> and
>>>>>> a failure may be - but is not necessarily - caused by wrong AAD.
>>>>>> 
>>>>>> The AD review also indicated that we should move the reference to RFC
>>>>>> 5116
>>>>>> to an early section in the draft and that change is already included
>>>>>> in
>>>>>> the latest version on the CoRE WG Github.
>>>>>> 
>>>>>> 
>>>>>> Best regards
>>>>>> Göran
>>>>>> 
>>>> 
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email