[Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
Paul Kyzivat <pkyzivat@alum.mit.edu> Sun, 19 July 2020 20:23 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C04F3A087C; Sun, 19 Jul 2020 13:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g1WTt2aKHQiW; Sun, 19 Jul 2020 13:23:52 -0700 (PDT)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690072.outbound.protection.outlook.com [40.107.69.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50AD43A087F; Sun, 19 Jul 2020 13:23:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ayhpr2Qif2hpRlVDwaAooNz04mrB+7AzdD371X/rijr5KDuEuWe4GkvNVwej7YFB4Il6xvAqaqIj+NQclQTPfV2vD10E37NXYrIG7DNsNmW96AkWExJ5EGMwO3WbxfEjipZS27Vz4KuD/pm/dz1TvMrP2gbW+nBKs2071Fd8Jte/xPfwJ0ziflRcyGRO3Dsr/h3+pVO6/iHUBvx/7bnqzeodkqUTSGHchueNkmkmd0E3IYKPBcsS9UL/w6yimOLri4qUPfb+6oTeEMb2/TjQemfGSDDk88vyiNLRPgCdPo3dlqDgtiHWVi1kAegIfjB0aDUrMwfFtILbmM3BmfAiPA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DBdM55nAnXxJdwPzC4143M3++TblXsPjKYVkMyECRME=; b=khsR0+YJNGZwLtEMTGXHH+xO9WVbYPB0DwKwjBcgPOTGJACYYmhMnbv3o455cQAEyzQEHLGN6mxynAQ1DqJ0Fz3unYh7hYvtjJfv/uitF/n9fRYDvz0q1n8Le9IEkyaliegffP4EutrBbVmRp2rDAqaP8YqkHp5KB+hUnS8gf8qv4/kpJ4K25x/L3WkSgC48Q3nWf0F9MDs2QsRCNEwSfscbeCePomiSG9Xtir07bWPRa1g1BUGLP0Rw5qFoI9tD8n5oN0UlYkMEi8il7PtapsoiPMWzn/XUIWHISybU3Pa8fA0emcucu2zA4O2OmbJDSlo+AmnMNjBZSsCxphzwGQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DBdM55nAnXxJdwPzC4143M3++TblXsPjKYVkMyECRME=; b=XvKK6f8CFJDzi9lq1e6+Ybhyi1TeStBolBOb0thbhQdnFjucwY7qCWWvI27UCJGR8hx+cpCEjxLt9C2SwO3hdMWQp3MLkZPEJF/RWPdqWX95NnFBJ7SSM6KeoEeYrGhhz0/b3bg2wPWkLd8lIaDUOcMDLAJvK8DvxGE3i/qq5ug=
Received: from BL0PR02CA0021.namprd02.prod.outlook.com (2603:10b6:207:3c::34) by CH2PR12MB4166.namprd12.prod.outlook.com (2603:10b6:610:78::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.17; Sun, 19 Jul 2020 20:23:50 +0000
Received: from BL2NAM02FT032.eop-nam02.prod.protection.outlook.com (2603:10b6:207:3c:cafe::ea) by BL0PR02CA0021.outlook.office365.com (2603:10b6:207:3c::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.17 via Frontend Transport; Sun, 19 Jul 2020 20:23:50 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by BL2NAM02FT032.mail.protection.outlook.com (10.152.77.169) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.18 via Frontend Transport; Sun, 19 Jul 2020 20:23:50 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 06JKNlAh000970 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 19 Jul 2020 16:23:49 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
To: draft-ietf-ace-dtls-authorize.all@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>
Message-ID: <8c2725a3-f89f-7ea1-dda9-681edd463a32@alum.mit.edu>
Date: Sun, 19 Jul 2020 16:23:46 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFTY:; SFS:(346002)(136003)(376002)(39860400002)(396003)(46966005)(36906005)(83380400001)(82310400002)(75432002)(8936002)(186003)(31686004)(47076004)(356005)(5660300002)(316002)(7596003)(82740400003)(786003)(6916009)(86362001)(70206006)(336012)(70586007)(26005)(2616005)(6666004)(478600001)(31696002)(4326008)(956004)(2906002)(8676002)(450100002)(43740500002); DIR:OUT; SFP:1101;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 108b30a3-928d-4ca1-2830-08d82c21a5f5
X-MS-TrafficTypeDiagnostic: CH2PR12MB4166:
X-Microsoft-Antispam-PRVS: <CH2PR12MB416649E883ADB48D7CE43556F97A0@CH2PR12MB4166.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +so9HN7sOb+7IIRSLWOPqDG3bG+FQqamw8aRHMlFOw1soah7ezxRratvXVEFttgHcrWi5hfLM8BmgQaqhz+RvhC9HXl2hComZ+MjHtkMT+IBkBp0MS5FIczOJdO/07spl+/27OOTOh6bFbqh8lpZZ+mD9Nc7S+cKHEUb5W7z1EEHztCzPC2EXd+uzZAkeZINzNgE0E4bCcZqGfFjKqh8cazFtzhH6yeZ8EbMowgL8557i/aiFJqqhXgwwzXKQpYKYaczDZp2s23A0jmxXXJHuIE37yLzqibq6F0ULdTZNKN+jjHqNDfX2Qlea6Fw7r4b0KWK/he/XC/Jn5SU7zmcfAxxJkrc2TZfPe51kKUQyjvH20hbu79AKA8s/jvOfgE6pLXCcAMr60hrXQQRIvRwrHPEg0GozZza2wm+4JbZZpSVHHsi3auRcRE1JzLxoxx01J8LEk+ZxtYQFNe6gibcwQUNOait9RI6Ba2zDSBhr8B9CK1rdZIqrjnfHkZlihMk
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2020 20:23:50.2155 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 108b30a3-928d-4ca1-2830-08d82c21a5f5
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: BL2NAM02FT032.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4166
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/vz0vbUP0G3koOYxbtbXHZggkBzM>
Subject: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2020 20:23:54 -0000
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-ace-dtls-authorize-12 Reviewer: Paul Kyzivat Review Date: 2020-07-19 IETF LC End Date: 2020-07-20 IESG Telechat date: ? Summary: This draft is on the right track but has open issues, described in the review. General: TBD Issues: Major: 2 Minor: 1 Nits: 1 1) MAJOR: Management of token storage in RS There seems to be an expectation that when the client uploads an access token that the RS will retain it until the client attempts to establish a DTLS association. This seems to require some sort of management of token lifetime in the RS. The only discussion I can find of this issue is the following in section 7: ... A similar issue exists with the unprotected authorization information endpoint where the resource server needs to keep valid access tokens until their expiry. Adversaries can fill up the constrained resource server's internal storage for a very long time with interjected or otherwise retrieved valid access tokens. This seems to imply a normative requirement to keep tokens until their expiry. But I find no supporting normative requirements about this. And, this section only presents it as a DoS attack, rather than a potential problem with valid usage. ISTM that there is an implied requirement that the RS have the capacity to store one access token for every PoP key of every authorized client. If so, that ought to be stated. If not, then some other way of bounding storage ought to be discussed. 2) MAJOR: Missing normative language I found several places where the text seems to suggest required behavior but fails to do so using normative language: * In section 3.3: ... Instead of providing the keying material in the access token, the authorization server includes the key identifier in the "kid" parameter, see Figure 7. This key identifier enables the resource server to calculate the symmetric key used for the communication with the client using the key derivation key and a KDF to be defined by the application, for example HKDF-SHA-256. The key identifier picked by the authorization server needs to be unique for each access token where a unique symmetric key is required. ... Use of a unique (per resource server) "kid" and the use of a key derivation IKM that is unique per authorization server/resource server pair as specified above will ensure that the derived key is not shared across multiple clients. The uniqueness seems to be a requirement. Perhaps "needs to be unique" should be "MUST be unique". (And something similar for the IKM.) * Also in section 3.3: All CBOR data types are encoded in CBOR using preferred serialization and deterministic encoding as specified in Section 4 of [I-D.ietf-cbor-7049bis]. This implies in particular that the "type" and "L" components use the minimum length encoding. The content of the "access_token" field is treated as opaque data for the purpose of key derivation. IIUC the type of serialization and encoding is a requirement. Will need some rewording to make it so. * In section 3.3.1: ... To be consistent with the recommendations in [RFC7252] a client is expected to offer at least the ciphersuite TLS_PSK_WITH_AES_128_CCM_8 [RFC6655] to the resource server. I think "is expected" should be "MUST". * Also in section 3.3.1: ... This specification assumes that the access token is a PoP token as described in [I-D.ietf-ace-oauth-authz] unless specifically stated otherwise. I think "assumes ... unless" should be "MUST ... unless". * Also in section 3.3.1: ... New access tokens issued by the authorization server are supposed to replace previously issued access tokens for the respective client. Is this normative? Should "are supposed to" be "MUST"? 3) MINOR: Insufficient specification (I'm waffling whether this is minor or major.) There are a couple of places where what seem to be requirements are stated too vaguely to be implemented consistently: * In the previously mentioned paragraph in 3.3.1: ... This specification assumes that the access token is a PoP token as described in [I-D.ietf-ace-oauth-authz] unless specifically stated otherwise. The "unless specifically stated otherwise" is too vague to be normative. How would the alternative be indicated? Is this an escape hatch for future extensions? If so, it needs more work to make that clear and to open a path for that future work. * Also in section 3.3.1: ... The resource server therefore must have a common understanding with the authorization server how access tokens are ordered. The last statement ("must have a common understanding") is mysterious. IIUC section 4 is covering the same topic in a less mysterious way. 4) NIT: Subsection organization Both 3.2 and 3.3 share a common structure: * The section begins with discussion of the interaction between the client and the AS. * it is followed by a subsection discussing the interaction between the client and the RS. It is odd to have a section with a single subsection. And the structure isn't easily discerned from the TOC. I suggest it would be clearer if each of these sections had *two* subsections, one covering the AS interactions and the other the RS interactions. IOW, put the material covering the AS interactions into a new subsection.
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Jim Schaad
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Benjamin Kaduk
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Benjamin Kaduk
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Seitz Ludwig
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Stefanie Gerdes
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Seitz Ludwig
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Benjamin Kaduk
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Olaf Bergmann
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Olaf Bergmann
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Olaf Bergmann
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Göran Selander
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Göran Selander
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Benjamin Kaduk
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Olaf Bergmann
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Paul Kyzivat