Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12

Olaf Bergmann <bergmann@tzi.org> Thu, 17 September 2020 08:09 UTC

Return-Path: <bergmann@tzi.org>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 482203A07F2; Thu, 17 Sep 2020 01:09:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Na8buqfXCWZ2; Thu, 17 Sep 2020 01:09:16 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B0423A07BD; Thu, 17 Sep 2020 01:09:15 -0700 (PDT)
Received: from wangari.tzi.org (p508a4e5d.dip0.t-ipconnect.de [80.138.78.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BsV3t3DCcz10HJ; Thu, 17 Sep 2020 10:09:14 +0200 (CEST)
From: Olaf Bergmann <bergmann@tzi.org>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Cc: draft-ietf-ace-dtls-authorize.all@ietf.org, General Area Review Team <gen-art@ietf.org>
References: <8c2725a3-f89f-7ea1-dda9-681edd463a32@alum.mit.edu> <87y2muo6ix.fsf@wangari> <87v9gomsf4.fsf@wangari> <b0e2088b-ab24-3d35-c98a-161955d3fc7a@alum.mit.edu>
Date: Thu, 17 Sep 2020 10:09:13 +0200
In-Reply-To: <b0e2088b-ab24-3d35-c98a-161955d3fc7a@alum.mit.edu> (Paul Kyzivat's message of "Fri, 11 Sep 2020 16:49:01 -0400")
Message-ID: <87v9gcg6za.fsf@wangari>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/rztJgFoock7-9OWeOifZ_MurkeE>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 08:09:19 -0000

Hi Paul,

Responding to you remaining comments please see inline.

Paul Kyzivat <pkyzivat@alum.mit.edu> writes:

>>>> * Also in section 3.3:
>>>>
>>>>     All CBOR data types are encoded in CBOR using preferred serialization
>>>>     and deterministic encoding as specified in Section 4 of
>>>>     [I-D.ietf-cbor-7049bis].  This implies in particular that the "type"
>>>>     and "L" components use the minimum length encoding.  The content of
>>>>     the "access_token" field is treated as opaque data for the purpose of
>>>>     key derivation.
>>>>
>>>> IIUC the type of serialization and encoding is a requirement. Will
>>>> need some rewording to make it so.
>>>
>>> I take it that you and Ben have agreed that the example description does
>>> not necessarily need normative language as the description of this key
>>> derivation procedure is meant as an example how the authorization server
>>> and the resource server can securely agree on a shared secret to be used
>>> between the client and the resource server.
>
> This still confuses me. IIUC preferred serialization and deterministic
> encoding are *optional* in CBOR. The text hear seems to require it,
> but doesn't use normative language to do so.
>
> If these are required for things to work then you make a normative
> statement about it. E.g., "The "type" and "L" components MUST use the
> minimum length encoding."
>
> Or do you intend that some other (non-minimum-length) MAY be used? (In
> which case both sides would need a side agreement on what encoding is
> used.)

The text here just gives an example how key derivation may be used by
the authorization server and the resource server to agree on a shared
secret (that is used to encrypt the traffic between the resource server
and the to-be-authorized client).

To that regard, the text is not really normative. The only normative
language we need here would be to avoid security issues. Commenting on
the data representation here is to be understood as a suggestion to use,
e.g., preferred CBOR serialization according to 7049bis.

[...]

>>> OLD:
>>>
>>>    New access tokens issued by the authorization server are supposed to
>>>    replace previously issued access tokens for the respective client.
>>>
>>> NEW:
>>>
>>>    New access tokens issued by the authorization server replace
>>>    previously issued access tokens for the respective client.
>
> The above is still non-normative. Perhaps:
>
>       New access tokens issued by the authorization server MUST replace
>       previously issued access tokens for the respective client.

Following Section 5.8.1 of the framework document, this should be a
SHOULD (the text there reads as: "This specification RECOMMENDS that an
RS stores only one token per proof-of-possession key, meaning that an
additional token linked to the same key will overwrite any existing
token at the RS."

The text then would read as follows (changes are the new SHOULD and
"needs a common understanding" instead of "must have":

OLD:

   According to
   Section 5.8.1 of [I-D.ietf-ace-oauth-authz], there should be only one
   access token for each client.  New access tokens issued by the
   authorization server replace previously issued access tokens for the
   respective client.  The resource server therefore must have a common
   understanding with the authorization server how access tokens are
   ordered.  The authorization server may, e.g., specify a "cti" claim
   for the access token (see Section 5.8.3 of
   [I-D.ietf-ace-oauth-authz]) to employ a strict order.

NEW:

   According to
   Section 5.8.1 of [I-D.ietf-ace-oauth-authz], there should be only one
   access token for each client.  New access tokens issued by the
   authorization server SHOULD replace previously issued access tokens for the
   respective client.  The resource server therefore needs a common
   understanding with the authorization server how access tokens are
   ordered.  The authorization server may, e.g., specify a "cti" claim
   for the access token (see Section 5.8.3 of
   [I-D.ietf-ace-oauth-authz]) to employ a strict order.


Grüße
Olaf