IETF Logo Mail Archive

Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08

Göran Selander <goran.selander@ericsson.com> Fri, 23 February 2018 14:30 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A30F1200FC for <gen-art@ietfa.amsl.com>; Fri, 23 Feb 2018 06:30:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tqZ0Dop8m-KG for <gen-art@ietfa.amsl.com>; Fri, 23 Feb 2018 06:30:46 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94DA8127444 for <gen-art@ietf.org>; Fri, 23 Feb 2018 06:30:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519396243; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=E6dIPhmY0ylVkLern1bOL20GiPtePVPOPTq5FkhD9mE=; b=RT1qYxv/yrb/30PVmnBXUud3oZJhQ8FBlH1ZUGeSVzaxn0A9xk/dVz0s+YZRCIhV cIdgnhzSYlh6uTMecfroXqm90nJiNMz2/qJruOL6g6ZslXXB7Et+lDdu85vAVIey TsIZdvL3GeDVNUYQouPG3+8iXaE2cAOYBs5u5QbbQP0=;
X-AuditID: c1b4fb3a-728f89c0000067b4-bf-5a90259274cd
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 2A.C3.26548.295209A5; Fri, 23 Feb 2018 15:30:43 +0100 (CET)
Received: from ESESSMB107.ericsson.se ([169.254.7.129]) by ESESSHC006.ericsson.se ([153.88.183.36]) with mapi id 14.03.0352.000; Fri, 23 Feb 2018 15:30:41 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, "gen-art@ietf.org" <gen-art@ietf.org>
CC: "draft-ietf-core-object-security.all@ietf.org" <draft-ietf-core-object-security.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-core-object-security-08
Thread-Index: AQHTq5B10khO9+K1o0aQQatbu7YyQ6Oxyk4AgAAq4wCAABlwgA==
Date: Fri, 23 Feb 2018 14:30:40 +0000
Message-ID: <D6B5E2B8.A01B3%goran.selander@ericsson.com>
References: <151927150372.21177.1992679615718735268@ietfa.amsl.com> <D6B5A4CD.A00B9%goran.selander@ericsson.com> <f66dac5d-2bb8-dd17-645c-4ba53399d9cc@joelhalpern.com>
In-Reply-To: <f66dac5d-2bb8-dd17-645c-4ba53399d9cc@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.3.170325
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="utf-8"
Content-ID: <AF335FEB855A714DB2596E72DFBC96A9@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRmVeSWpSXmKPExsUyM2K7iu5k1QlRBneWcFvse7ue2eJbzzxW i6uvPrNYPNs4n8Xi46k3TA6sHkuW/GTyODflO2MAUxSXTUpqTmZZapG+XQJXxvYPSQWP5Cvu /7/G3MD4Q66LkZNDQsBE4urqtaxdjFwcQgKHGSX2z1nKBuEsYZQ4tHsXM0gVm4CLxIOGR0wg tohAiMSBh6vAipgFljNKnGj8DpYQFvCSOLPnFitEkbfE1rXXGSFsJ4meOU1ANgcHi4CqxMlf HCBhXgELifUtGxghlq1mlDhwbgM7SIJTwFmi/e8WNhCbUUBM4vupNWDzmQXEJW49mc8EcbaA xJI955khbFGJl4//ge0VFdCT2NvTzgayS0JAUWJ5vxyIySygKbF+lz7EFGuJpcfbGCFsRYkp 3Q/ZIc4RlDg58wnLBEbxWUiWzULonoWkexaS7llIuhcwsq5iFC1OLS7OTTcy0kstykwuLs7P 08tLLdnECIzEg1t+W+1gPPjc8RCjAAejEg/vKuEJUUKsiWXFlbmHGCU4mJVEeMue90cJ8aYk VlalFuXHF5XmpBYfYpTmYFES53VKs4gSEkhPLEnNTk0tSC2CyTJxcEo1MCbtFNt8RUpC5W5B c6n6Sov4u2E+RU8neyacy717+FuH5K7QqER/Tlmmcwe5Lv3ekXv87OppIenhG4/kOtTFVQg4 T3L40Jna9JYj/9iv4/+/3W/+26bw/vbWkE1Hnpfc3DB5lt5xvSPpV+8oxZVcWbn+sZdw4HX+ Cxysctu6I9dxPo17bjGpa7ESS3FGoqEWc1FxIgBLUTDfwAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/zxyz2eZGFfQI37SEA5a_A9g9HT4>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-core-object-security-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2018 14:30:48 -0000

Hi Joel,

Thanks for quick feedback, inline.

On 2018-02-23 14:59, "Joel M. Halpern" <jmh@joelhalpern.com> wrote:

>In terms of my concerns, if Step 7 said "Verify and Decrypt the COSE
>object using the Recipient Key as per RFC 5116 Section 2.2" that would
>fill in the confusion for this reader.

Since the AEAD is used throughout the draft, in particular in other parts
of this section I’m thinking that maybe we should add RFC 5116 to the list
of specifications following "Readers are expected to be familiar with” in
Section 1.1. Would that address your comment?

Thanks
Göran



>
>Yours,
>Joel
>
>On 2/23/18 5:26 AM, Göran Selander wrote:
>> Hi Joel,
>> 
>> Thanks for your review. Comments inline.
>> 
>> 
>> On 2018-02-22 04:51, "Joel Halpern" <jmh@joelhalpern.com> wrote:
>> 
>>> Reviewer: Joel Halpern
>>> Review result: Ready with Nits
>>>
>>> I am the assigned Gen-ART reviewer for this draft. The General Area
>>> Review Team (Gen-ART) reviews all IETF documents being processed
>>> by the IESG for the IETF Chair.  Please treat these comments just
>>> like any other last call comments.
>>>
>>> For more information, please see the FAQ at
>>>
>>> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
>>>
>>> Document: draft-ietf-core-object-security-08
>>> Reviewer: Joel Halpern
>>> Review Date: 2018-02-21
>>> IETF LC End Date: 2018-03-02
>>> IESG Telechat date: 2018-03-08
>>>
>>> Summary: This document is ready for publication as a Proposed Standard
>>>RFC
>>>
>>> Major issues: N/A
>>>
>>> Minor issues:
>>>     In section 8.2 on verifying the request, step 5 says to "compose"
>>>the
>>>     Additional Authentication Data.  I would have expected it to be
>>> "verify"
>>>     the Additional Authentication Data.  I could imagine that the
>>> verification
>>>     consists of composing what it should be, and then comparing with
>>>what
>>> is
>>>     received.  But I do not see the comparison step.  is it implicit in
>>> some
>>>     other step?  This occurs again in 8.4, so I presume I am simply
>>> missing
>>>     something.  This may suggest some clarification could be useful.
>> 
>> The AAD is indeed “composed" both on encrypting and decrypting side from
>> data which needs to be known to the endpoint at the time when the AEAD
>> operation is performed. The authenticated decryption process is
>>described
>> in:
>> 
>> https://tools.ietf.org/html/rfc5116#section-2.2
>> 
>> So the verification consists of feeding the input, including the AAD, to
>> the authenticated decryption which calculates the plain text or FAIL,
>>and
>> a failure may be - but is not necessarily - caused by wrong AAD.
>> 
>> The AD review also indicated that we should move the reference to RFC
>>5116
>> to an early section in the draft and that change is already included in
>> the latest version on the CoRE WG Github.
>> 
>> 
>> Best regards
>> Göran
>>

v2.23.0 | Report a Bug | By Email