Re: [Iot-directorate] [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 20 October 2020 10:25 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F324A3A1125; Tue, 20 Oct 2020 03:25:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VcdOFs6y; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=yb3+xVlh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yR62pYYZfPUn; Tue, 20 Oct 2020 03:25:16 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1FCE3A1124; Tue, 20 Oct 2020 03:25:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3584; q=dns/txt; s=iport; t=1603189515; x=1604399115; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=sJEFEn8ciKXrkcxvPtnMxcae5yj13bOUi5vmDLXo94w=; b=VcdOFs6yvGPAQbURffivQMlITOHtmKfbhRw215DV+UpaZgcsDtccf5I9 RBHugbo2wPrM8Ig+eWWi1qlckQTv0noybz/K8AdelV0+Y9DHw/JgDh47y Cwz3tvNE2zPxvIUCb+WyLwDe+usKfbz6Jm0X2l6ShSpLZ/1b+oic9dQP0 g=;
IronPort-PHdr: 9a23:mqylEhNUBB/760b3KUYl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvKw13kPbXMPc8f0Xw+bVsqW1X2sG7N7BtX0Za5VDWlcDjtlehA0vBsOJSCiZZP7nZiA3BoJOAVli+XzoLVpUXsHkaA6arni79zVHHBL5OEJ8Lfj0HYiHicOx2qiy9pTfbh8OiiC6ZOZ5LQ69qkPascxFjA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AtEQCauo5f/4kNJK1gHQI9BQUECRaBUYFQIy4HcFkvLIQ9g0kDjVOYeoFCgREDVQsBAQENAQEYCwoCBAEBhEoCF4FuAiU4EwIDAQELAQEFAQEBAgEGBG2FYQyFcgEBAQEDAQEQEREMAQEsCwELBAIBCA4DAwECAwImAgICJQsUAQgIAgQBDQUigwQBgksDLgEOpDICgTmIaHaBMoMEAQEFgTMBg3QYghADBoEOKgGCcYNwhlYbgUE/gREnHIJNPoJcAQGBIT6DFzOCLJNUhzeceQqCaokEjGeFCQMfoVqTOYp0lUACBAIEBQIOAQEFgWsjgVdwFTsqAYI+UBcCDZIQhRSFQnQ4AgYBCQEBAwl8iwgtgThfAQE
X-IronPort-AV: E=Sophos;i="5.77,396,1596499200"; d="scan'208";a="567280096"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Oct 2020 10:25:14 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 09KAPEGG019089 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 20 Oct 2020 10:25:14 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 20 Oct 2020 05:25:14 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 20 Oct 2020 05:25:13 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 20 Oct 2020 06:25:13 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hF1XhV5uB0TOs+72K5Y0T7EeJ9UjzaJuMDO18ces/a3HR+pf3wwUHOxKIXZcP9c64mv/HMF4ahlcrTc/KFiaK3iBINCReLGxeXi0zh0WUa8fK32mzIeUp50R5kGdlSwNFVE0AEJ5gwmWw39l7HE7FT/Uazbc284g6Lj6RFjlbL8pwd+PFudP/2M4rE1vns3VhTe4WT+1bZgaHXUdWeaXK2lZ3JKCApp8ppL2Y0P8cOFD1Hw5KlPNCpwSZRfnnr1pRbR+fFMRTOnL07JJQ6HKqAYFd1aGaPKr74d4Oz6xwfV54GtUxEZHZflk+MBlzdDIcB4uVqDbtfW/Y5hlF90puw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sJEFEn8ciKXrkcxvPtnMxcae5yj13bOUi5vmDLXo94w=; b=GfjeFU9gB9JlE6SQMGbqP8HeZiWKhAAwt7XherOWnQDhbG9hPtXnj1pda2yqPYqxVtMPj7+6a3Fuyxv9oc83FWGp2llUzLlm8wd7CdZzjT6sRoG89M5TLieR1ptmxJr3IJBQuN13iT3Q5KJSH3Vg46GCibNwlaaLSYsFglpqyC/6xOwKtIfniqiubKuA+hBiJNZ/lZ1lk5pbhFRbxcuiPvNWdFoeEbxad4LdMRZ/ad0OVf7ta9qrb7CtRe3Rcan69ZP8m53DNiTpO4OXsqYcXi45Xd0btPIg90sFN7AvNqir3F6/W0P6g/6wO/V8W1SVA25WW0FoTub7yPFPMSxRyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sJEFEn8ciKXrkcxvPtnMxcae5yj13bOUi5vmDLXo94w=; b=yb3+xVlhzdczd0r4xHfTq6GKITnlFQokkXHaPzVQQeTGeWi3FTSbXXGnaDZYOhBAvSnOBgYtO+NoaW2LHztqI8uDAUXXikOpT/xzf0sHJDBWEqyAt8TjRoycylLlGT5gEnw8p1ychUstX+vB/G3Foacue6T6wmUOhwzMvdbqjrc=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4856.namprd11.prod.outlook.com (2603:10b6:510:32::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Tue, 20 Oct 2020 10:25:12 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d%7]) with mapi id 15.20.3499.018; Tue, 20 Oct 2020 10:25:12 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Carsten Bormann <cabo@tzi.org>, "iot-directorate@ietf.org" <iot-directorate@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-cose-x509.all@ietf.org" <draft-ietf-cose-x509.all@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07
Thread-Index: AQHWpmPphFA5p0Q7Yk6BgsHMwp9XLamga1OA
Date: Tue, 20 Oct 2020 10:25:12 +0000
Message-ID: <2628B079-990B-4B10-A4A2-EE1595D7946E@cisco.com>
References: <160314506078.20558.15385106097623388280@ietfa.amsl.com>
In-Reply-To: <160314506078.20558.15385106097623388280@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:e92e:ce7c:f781:8d9b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0a21ba32-d851-422e-9e02-08d874e26df1
x-ms-traffictypediagnostic: PH0PR11MB4856:
x-microsoft-antispam-prvs: <PH0PR11MB485649EBF50502E2361B5FD1A91F0@PH0PR11MB4856.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XSWCDMr5N1auoAIUbV/lydUbrj8n/oUAJdWtyDQT4C7RgAWIB77c9lEYmXTsvFCmLLirtD8i0jI+6Op3Ra8AWae0l+YEaqI9SkZ+hVpYxyyUlnKy/yYyR1/ZNO1uYKVYVpXeupPbw1WUWBOieYP4KPfw3PNBeMAtQijsGIQ/fGmWv57nmFnA3XwHQ1xFE3TEz1dm2IRV4oRbOCZWNYngFcOWBGc9QnsXf5L56OBaRps+tcFFbVNvuUjXa0hEcFf43K5v+cCtqljbjxY3GKSjSc074IszNwSyekdpjYC40SeKkvsgIheuW4pd3CXxmHB4Xy1MHa18clmlEuxPyTzLSZZ02A6H92BmJDGKKaVF+E/MMFIv1wiInr37W4o0YFBq58FxtuA9fC/bJnzrUVS8zw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(396003)(376002)(346002)(136003)(4326008)(2616005)(33656002)(83380400001)(966005)(71200400001)(478600001)(6486002)(53546011)(6506007)(316002)(110136005)(8936002)(5660300002)(6512007)(36756003)(8676002)(186003)(54906003)(64756008)(66556008)(66476007)(91956017)(86362001)(76116006)(66446008)(66946007)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: iAXN78uleOcJNBzo4/R6aResndq6xhbWvyO9fvczb43AYUVzgUtbYqs4sTBM4XCjqEmXcBmhGvDj8RWGtv7MDyx6uQQJ1LZiKPNX+J7dwvF10DWMsHvHIuF3vpVCR6lhc6tMNx037L1Zb/LdRs13jdd5b+gNHDI5NRT4kpdm/evzIWi9Smvr90k0JXcEO3kdiEhYHWp2yef4vO8DbKKyjYQWkvIBLWBGyyeqDafhaqu3lYnwUNpORl862TDxiaO5HSahNObocr0Y+4NHELl60YD/QvkAquHM/7ibCiBKI8kKWQ5jUvNPvR7PxwmjVrranuHC9A8M4JD+qSv0/W9Nbq6n3Kvgf7F+pmxMt0Ap3FzCQz6c8ZwnhQeEeAGZModcU2e2ncnuD/qEtFSLjLCreV6EveA59jzOjF05zjwPNd89CRLX0JTJRbNZFlG8hIz7/J0iy0WdwQqK/E/SyO0ZaqObNnDEQcBfeDoUYFW02JTv75NmxQemCZb/dsF2kNqEWN7dii32YiXaJ5M6KUcjp6vS7/8EyEBVlTGDFxd6xuohXgCsGknqwC96G0YX/mb1YhC+5irewNoRWbXBwaUIt4DI0lGlIz+cclOZZmvdDLYe5FQgvGiFAfSBONUqSOkw1fwpdxaKnlolX2p6kdz82pqplY5a39RKtoqplDTnzgXHB1leFMWP4o5ik28s1GrSuT+So4InqxrMO1eAtBH/MQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <8CE4F7765481074BB1B612570FACF577@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a21ba32-d851-422e-9e02-08d874e26df1
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2020 10:25:12.6089 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: J3N4u3FODquBSbcXvrbkvgqVsyBdWVjOq7fSDJETzezb6CDug5thnACMD2eguas2+UNItG6RaDbvaJgL3yxcDg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4856
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/Lq-GFyqbgygO0p_o1CFdEz--Q7M>
Subject: Re: [Iot-directorate] [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 10:25:18 -0000
Thank you Carsten for this review of indeed a very special I-D. I have used your IoT directorate review to enter my ballot. Regards -éric -----Original Message----- From: last-call <last-call-bounces@ietf.org> on behalf of Carsten Bormann via Datatracker <noreply@ietf.org> Reply-To: Carsten Bormann <cabo@tzi.org> Date: Tuesday, 20 October 2020 at 00:05 To: "iot-directorate@ietf.org" <iot-directorate@ietf.org> Cc: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-cose-x509.all@ietf.org" <draft-ietf-cose-x509.all@ietf.org>, "cose@ietf.org" <cose@ietf.org> Subject: [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07 Reviewer: Carsten Bormann Review result: Ready with Issues First, I would like to express my gratitude to Jim Schaad for having done this work (and all the work that led up to making this work possible). The draft fills a gap where COSE is being used in conjunction with infrastructure employing X.509-based validation of keys. JOSE defined the necessary parameters right away, while the use case for COSE was less clear initially. One criticism might be that the draft does not speculate on how constrained devices could share tasks that need to be performed in this use case with trusted less-constrained devices -- there are probably infinite ways of doing so, and the ones actually to be used should rather be discussed in the protocols that govern the constrained--less-constrained communication. The draft is ready with issues. ## Major Section 1: The draft points to examples to be found in the github repository https://github.com/cose-wg/Examples -- these are not in there. Either these examples need to be added or this sentence deleted. ## Minor Section 2: I'm not sure what "certificates of a chain length of..." actually means -- the chain length is not an intrinsic property of a certificate, but a function of what the application's roots are. Maybe rephrase: These rules apply when the validation succeeds in a single step as well as when certificate chains need to be built. The draft uses the term "bag" for what is meant to be a set. Maybe stick with the "x5bag" parameter name and the prose "certificate bag", but when saying what it is, say that it is a set. ## Nits https://github.com/cose-wg/X509/pull/28 -- last-call mailing list last-call@ietf.org https://www.ietf.org/mailman/listinfo/last-call
- [Iot-directorate] Iotdir telechat review of draft… Carsten Bormann via Datatracker
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Michael Richardson
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Eric Vyncke (evyncke)
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Carsten Bormann
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Ivaylo Petrov