Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12

Paul Kyzivat <pkyzivat@alum.mit.edu> Wed, 28 October 2020 14:36 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCBEE3A09CD; Wed, 28 Oct 2020 07:36:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cy5LJ1TPGsfj; Wed, 28 Oct 2020 07:36:50 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2048.outbound.protection.outlook.com [40.107.93.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACBF23A09CC; Wed, 28 Oct 2020 07:36:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fx1wlBJ5uuQXTDwgGWzZKOSilPmdog7+Bdfy7QUQMDpco4qWZwdJiW8AJ0nG3Z61GR2B0xHBNYdeIK4I5vvi7BcLJlBKysapCw29NQQjB+QO22wls1LBNWyLRspN4KMud4Mc7eK9dNK1cwCIu9XYYYS0oHPQZJvsgkV1p5C1ihPWAygYl3xi7N9NY1TDRXaYQxxpZofL1BW3t2tRU0XiaA1S1IigXx78WUtCfA4Adl+KnecTE5iuLhj9pO13iaR0Qv4tEtgXTc6R+/W4AoMgKomY9tqwv1wdvGyJrC0SwCo4xcn5lgjl0DtKQ+gXIxlvW8DuK+5Mph4ZpGhG6LBYxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mKLd2yW4zi8bgEU7iJrqRZ1+toVoyJlFrf1LzN9CoDU=; b=bu3Ol04F8k1TqZBn01LabndSbPyPVu+WYedXw0Q530w6y+0LPg0AeLOwMoQ2Yx0DioRzDPPDNlIOh23+5qTW/y+Z1TodJVHLZh7nzEOa9I84Bmp6HGlU1cpMCKDeOIXqt7iYchwIHmZXhFmy/ZeSgTq2wUm+UskF0L2zkuRVK00Qo4zhIJTLYoeAOLFqw6NCfM2YnE979hOrprRc080sgJF6WBZKz5ijZNXJ8fq1bPxdCKmbhtR8izwWgKmKFQKzger+83097RqzFt8KNjzWNYRbd/tmOhV+ODQ3VzpSKu5NR/8xOkAiMKZpazC4Dbiidh0zFvsLOdWqD6kAAvhtDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=tzi.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mKLd2yW4zi8bgEU7iJrqRZ1+toVoyJlFrf1LzN9CoDU=; b=RxE3iyTDpgWiEcHfZycwEXbN4fcbXxsoRuI5k5VvbXStZ92cO1sAwDS/SITM0ZdN6s5wQS2XWgVCkmErMZmScQpNKZLvhBFl9aJVTvrnpMlPFMUHyOHah5YdNKtSbeRIcVwlOMVxzwFZiem26JNkJYFMonJXjXfqBfppw7BxnUo=
Received: from SN1PR12CA0105.namprd12.prod.outlook.com (2603:10b6:802:21::40) by MN2PR12MB3375.namprd12.prod.outlook.com (2603:10b6:208:cc::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Wed, 28 Oct 2020 14:36:48 +0000
Received: from SN1NAM02FT020.eop-nam02.prod.protection.outlook.com (2603:10b6:802:21:cafe::f2) by SN1PR12CA0105.outlook.office365.com (2603:10b6:802:21::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.19 via Frontend Transport; Wed, 28 Oct 2020 14:36:48 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT020.mail.protection.outlook.com (10.152.72.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.20 via Frontend Transport; Wed, 28 Oct 2020 14:36:47 +0000
Received: from PaulKyzivatsMBP.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 09SEai13000818 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 28 Oct 2020 10:36:45 -0400
To: Olaf Bergmann <bergmann@tzi.org>, Benjamin Kaduk <kaduk@mit.edu>
Cc: =?UTF-8?Q?G=c3=b6ran_Selander?= <goran.selander@ericsson.com>, "draft-ietf-ace-dtls-authorize.all@ietf.org" <draft-ietf-ace-dtls-authorize.all@ietf.org>, General Area Review Team <gen-art@ietf.org>
References: <8c2725a3-f89f-7ea1-dda9-681edd463a32@alum.mit.edu> <87y2muo6ix.fsf@wangari> <87v9gomsf4.fsf@wangari> <b0e2088b-ab24-3d35-c98a-161955d3fc7a@alum.mit.edu> <87v9gcg6za.fsf@wangari> <b8a6b44d-ff4d-448c-6ca0-779cb98187c5@alum.mit.edu> <BBE7312D-0581-47A6-BA0D-BC7E5093F67C@ericsson.com> <17035DB6-91C6-4934-9291-CD21EC0B33D4@ericsson.com> <20201026202158.GS39170@kduck.mit.edu> <9b5d9366-fe35-b722-233d-c1c9f10f5c80@alum.mit.edu> <87blgm22n5.fsf@wangari>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <3d2f27c0-e3cf-d400-3b41-5da16f021bf5@alum.mit.edu>
Date: Wed, 28 Oct 2020 10:36:44 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.4.0
MIME-Version: 1.0
In-Reply-To: <87blgm22n5.fsf@wangari>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3c4d4acc-e90e-4270-fdae-08d87b4ee67f
X-MS-TrafficTypeDiagnostic: MN2PR12MB3375:
X-Microsoft-Antispam-PRVS: <MN2PR12MB3375B9A71498BEEDDFCE7382F9170@MN2PR12MB3375.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6790;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: lN5B4Wu6kNWrd2QXQUHjkQruIjGrazXBYUraWfPVlgkI3OFXFEc3Y0HTFipOk9ZHckuLTxIeGFJv/0pUdtiD3UzY4bOJSpS67siWyTiSwL7hp8c6abQlfceM8eK2dsOuFhKxtp5oyLNup+EJvPMncxGcURtTqzlTkFnh4+gGeMvLj94edVd039wIk+EcE8kB5RXGiLJSFAmXcw+j7yv+fX8+818HhHdhjSeR4cSUEyr84/0Ps0iVY08a79Uvg6TmBRtMWsSQy3/VoRv5eimgl6+V8LtN+ewoRJ7kSyo8W1tSBg7p4v0ooKTr6wmTvbAtZS5Q82ryn0mH6Ho4XucJkYWSVXx8Z+5Zgo1fG9aCkkdfROK5WZ5E3Gj2J+2AXm70jApMck6s/Rsv1eZWbgriaD5/T4UIxBh9pYAByU+8PNVXz3s5T68UadJzTZnZBOKDGxIUFBbs/MsyjrQhlKtiDftNSJ9YlDsll8O0/D9HmXdzBekdUTtO7WIyqodN2GVa
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(346002)(136003)(39860400002)(376002)(396003)(46966005)(966005)(70586007)(2616005)(336012)(70206006)(110136005)(4326008)(956004)(82310400003)(54906003)(86362001)(5660300002)(31696002)(186003)(786003)(83380400001)(47076004)(36906005)(66574015)(75432002)(2906002)(478600001)(31686004)(82740400003)(7596003)(53546011)(8676002)(356005)(8936002)(26005)(316002)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2020 14:36:47.5009 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c4d4acc-e90e-4270-fdae-08d87b4ee67f
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: SN1NAM02FT020.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3375
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/uh_gby8XjpVpe9w0ZrlkapgvM6o>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2020 14:36:52 -0000

On 10/28/20 4:09 AM, Olaf Bergmann wrote:
> Hi Paul, Ben and Göran,
> 
> Thanks for sorting this out. I have reverted #28 as Ben had suggested.
> 
> Paul, if you are happy with the other change [1] (a SHOULD for access
> token uniqueness per client in alignment with the framework document), I
> can submit version -14

Sure. Go for it.

	Thanks,
	Paul

> [1] https://github.com/ace-wg/ace-dtls-profile/commit/86008b3327f32e8ac2da0aa1b0110db64e3a467f
> 
> Grüße
> Olaf
> 
> Paul Kyzivat <pkyzivat@alum.mit.edu> writes:
> 
>> On 10/26/20 4:21 PM, Benjamin Kaduk wrote:
>>> Hi Göran, Paul, Olaf,
>>>
>>> Sorry for the slow reply.
>>>
>>> I agree with Göran's original assessment that the language referring to
>>> 7049bis does provide enough information to have a deterministic encoding
>>> for the HKDF inputs.
>>>
>>> As such, I don't think pull #28 is needed, and would prefer that it was
>>> reverted (the specific wording doesn't do a great job indicating
>>> that the
>>> whole list of requirements is "normative", to the extent that any
>>> example
>>> can be normative).
>>
>> Ben, having raised the point, and knowing that you understood it, I am
>> satisfied with whatever changes you do or don't decide to make to
>> address it.