[Lake] Review of draft-serafin-lake-ta-00
Marco Tiloca <marco.tiloca@ri.se> Sat, 02 November 2024 14:13 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90D95C15152B for <lake@ietfa.amsl.com>; Sat, 2 Nov 2024 07:13:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ri.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mRg7feqRZOrG for <lake@ietfa.amsl.com>; Sat, 2 Nov 2024 07:13:22 -0700 (PDT)
Received: from GVYP280CU001.outbound.protection.outlook.com (mail-swedencentralazon11022119.outbound.protection.outlook.com [52.101.82.119]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AA12C151525 for <lake@ietf.org>; Sat, 2 Nov 2024 07:13:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tYmY7sxsQ5/HEozMgANKLDn/FVcGU/Gid5cIhojYBOQCj3Lp8zKgl4fBj7MlorPdOXSoqyJqHINcIrgQINg9SMAwM8KPtn3Ib66jp5mLUiQ0SP8byaEIx4PcLNHyxtSc1a8dwyFFAuZ6qh/Cff5EgH5DGRGy0HRF+l+mxO0yhTIxihAFoKn7e0TpcN9iOq4PsLHxo+CyisxiLJyvx2VqTHPEZBmnacrATrOo8T/IcQOt0uR8bIo0JPdIzJKndTK7Er+S9C97oJmWJmHzP1XsIfvC/3IIFxt3g5AE9HG9bgbD9qVPoNJRYsc9t4V8Kfj5OFSrnLZXsTrIPr+4gt9fzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bjwH95urXHyQX5KHWXP7UT0Xp3Urny2dBnaBNIJKi1w=; b=gBwKlsRkKefNgxwTSDk5ZHK2UpvmyaynA1v8ZYkRWPIHpwSXxZwcxFD0sd2GXunMaddVvzPLeIbwug5OOzzLhvI1R1WnwmxKCN3CVqC1tS7rW7y5F3ByHmUwBfTOVAA8+WMVtX4Jxe5qVCkiVKlHIJR5F254wUtA1xFKcYvSofbHYXAXZtLzOhkFN/qfWrVqqQvvyJZsQzSwufwo1keijsjVLdjAuX+cC1DlmRcnnHujRRtVCdUSN6OeRBe/cjTLXRO4VkZ9nT4YrH8IdWW3nu6wmwEFjvcpC3HRUVT91B1M2E2FgZWac+BGe+Gr2+8WyvmVZlRnzaJsTLKJrwyWig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bjwH95urXHyQX5KHWXP7UT0Xp3Urny2dBnaBNIJKi1w=; b=YkV5y66WYdro2l+/wvH1CnKOdlENOpqqvRQSyg4TJajNWZRbnrlrklWKChi3IoFam8oKO2/urGE3GLZE+F41GDEO8ndfSMrwP03MszQVpkWcUv1Znj2+c6ZShxA2B3wjs51NVrXER2l+C5uS404KWPC/3g0B/qLHWMxv72WU6k/qvDBoHkhb1jPcD23wbM+C5JTl/2/7sLn+nRgC4SOye+Okf7VPaS9ihqezURFGClQLlF4oQAHDcxyL7O0J7y+mvkll83hm1xHrzL2uceCr3buQ0mZeGRZfuSb6SGoksh1yPO1M+629+HOetJ7sbzqapIGootpdQfJmByV0r5VZDA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by GVYP280MB1848.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:24a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8114.29; Sat, 2 Nov 2024 14:13:18 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::b1d3:d63d:ce0b:3f70]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::b1d3:d63d:ce0b:3f70%7]) with mapi id 15.20.8114.028; Sat, 2 Nov 2024 14:13:18 +0000
Message-ID: <ad56276b-b7c9-4f42-982e-cc0e713afb29@ri.se>
Date: Sat, 02 Nov 2024 14:11:49 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "lake@ietf.org" <lake@ietf.org>
From: Marco Tiloca <marco.tiloca@ri.se>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030501050809010502030004"
X-ClientProxiedBy: LO4P123CA0676.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:351::14) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|GVYP280MB1848:EE_
X-MS-Office365-Filtering-Correlation-Id: 744028b2-d5b6-4b94-2c1e-08dcfb488019
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016|8096899003;
X-Microsoft-Antispam-Message-Info: QNN/MkciznnM02HBe2ee9+9HeHqyX9OvkgrNjJzHY6TQqsdQlLGxI3gTVoR5uUAgNc90XS53FkoPLLiVfQyi1ej5o98iPlw/tZqe+ksVVa4CWnd2wDfCrhX49Vg8/tYBi4OFWv5zNBOCIm5Xw/+AevJ8HXqPwhQwFxqprZIU/JegOvb7tRtiXUqkxQkKZR9tLIC6GfZLI+pyjm7FHqQ1AOlAouJVRODHW1HU8v3X5exASw34OL98ayhN1ULN/pgupswTj6kdbFrKYlu9W1u35UYJd5pftZb/vqxMW+UJkPQuG4Mv57aoXEk09eDgyXNc2hElrAwTYZl0C5j8FyW8tfaBTjpj4he5shIg/5WnQjXHwY980QlAEW0rgrypS2aVIL7CU+nNFCBmceQRKcOUbX1feb91osEsp5P/GNMZ37uZE0QfGLMj2VVnQm1Wri5OlyqzgSLIWfTaoP9F7TeXWhaXtBcc+B5YN6I93Z91L7saBDYTCPUFsMyiWwkCT+1l2a8vpP/tqyAfZ4fjHzY756bFEDdUVGZUYexS2r8Wj4bzx7bcLedGtrIDyNy4+8tIhDTs4+xbrHm3pTnk8EW0xySFF1hU2eJRJnRH2rLK70SZ0pqpzQSBozmWzKvfm1Vp0wuQEIkpQHsxoFBgwaiAwvOKffAzNpIlHKiy8dVQBv1BJ2Br/Wa423A5akcJwZDK98yjSsMshriSmvaeAxilGFUCZPqrDL67us6CkSXo2+rGMNz/SJGA23JgePukf/S++YmAQhUQrr42o0+eDr1KDBHFAmiWsd+H2MFdTJn26G4IzbER90Bll46mGcLhcMSkWjlFxhubcpR8OZnSV1aZFtt8G3kkAf6rl6vsN5YJkyLRBk+dX1EjQe6Zkd7Dj7TTFl8Savyo9V1aQC2o+zNZTaC8cMKir5tYKjHhLxXwumHGGaZHPm97uC43S6kuIyufqLFYetTXOhCzmPZhOCsAff/8Es4VNOxhPeH/k9KPgiph7v49YXQbYBG9cZzb4aJQUyBCdxrZQ2zk1/OGS1lDPyDeMZLZyvLqnm+Jz7bosD/0azyrdHWydhfjJdsuHuFIiKSlbs42nti5z9XlGRYujw5p9g6E0b2f2oneAv4qknvpcF9sg9ZL3CVHiLGlyNYbyRunmAh4EIgZcla9zWImsNXXr7QWUsckDgShoDVPrcchD+DDjmxvwd6Ue6ljzDJiX5e1ZVLzO1/RMrGSeaFw8hEqzn6WQqJ2/+aSgtwfHDbwgTZ6UCBXBNMlPlrmN+XyfJJ53/X5aMtpHbaRVQpZi/qF9NObyi3ccxE2BDfRQ2yvRUa/QBSmJfvMrDSz3b7Q
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(8096899003);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: NXwqU3TLl/FGapJNEsiV3chsKKYcyhC5hXvddOjGwH9Z3crH9im9Y9o+LTeuN9UjfHUKG2LxkInSEj9nKcsxJ1PG6yyHeyzFLxFXobuxOtT+YQltU8hnkEP4bvlXWELFi37cqtgasRpRljS+X4neeZfPOv67sqQ9FZEtkJf/n3rYSDmOevnf7+GS0RBc6lKn4WzJzZzU8XxbaqCP9yISBhRKwC3CFfaBlSeFGz95WZ1L4y8gjl25K93Z2z8EfY2kAFCm/8W6IfDbt6Y9nNM9xR6ffT0Q2XpG648vRXhLfF7X6e71DJkyicdzqA0D3wBHEzBrtswy3CoVopC16BDYnwXcMi1JEA5YQjEvNjg7YdveE0yu1tfhNChJqHfKHfR3cvwc3J8TMXl/NtmmNZDl49wUDuTd04eqd1zH653AVG8OU/0qRUutwflaUTSHzmdNvvpRxPdqkrbxY6YRIy7a6KQ90HFG6vXn5pvxgDN+eK2oGuv3aSPfk4RZH3bRTEc7I/V8C4ZEo32N3B3m0apJCKLiWWa7qwhXZHIUXMUKCYLLr7sQpY2XwT2kRO0VWGgrVKvTS3oCN2kfcCv2by9HeyY+0whjBn5ftKGTiP+uVKQkn8vPS6ADEUhQF6mCwzDFfKHf+4hHFkXhQ4rxIZqQ+QovK+nchh57bcKJJgoTrCVoc/PhvJBgsZ8kMvzID9+LCa0YNJ0BkN4PsA4AA0qBNL7ehcVoF6dfQGRW5PsKdJApblW6FMv5KEwGsYGM0YT2wkPMcXrbfv/P/NF8msig1lPvAfFJBX71E+5GHbFonR5NYkA2lJZSnydxubsm7RWv3l8oblFIKXRSAtMCnSXTIKtqgBhv1VMKSbJlI+WS2LC1N3jjBexMEQmi2e31mt/UR/rNQ0CwM7axDtcMhRi7jecmX981t8ncxGaz+xfPmZrOalv0+Y5cLvER0plUnYkA7Bf0WU8n48TLRtGKtqR9sZZrff3i5EnfsjuIpKps2zv8uMP+ufl/zVeyZAcUDRboF2Uv1jdYmhMoCEoijO0pp7JmYdc+gRqRTpKalE7qb9eV2/3apbPPwOU/Yd/FHt9HbgyX+NfE1eqknxxR31lSufRTIDXIl4lP/Z5YJshuhgehhxG1wmu8RTExexzrnvqyd3o8y1ylmZc6+gXpd552D9jKR50fV/VYa+aveH7w3R7ehsjezLkIkFKn5zIryoneORfom34gKeAsoZcM36LiwZU0nVVEUoTc63juCrP+MhwT84Lva3/dHy1sWwsybwxa0w9fOPmPf5kmtJ9VBeMyX54wSyVCBPpAeKl9EPzx4CMfqPSqeTrckQPHkbgqyphn8cxUc2jP/puEa7jceEe988gj8so4hKZssr6iGSwrlRN14J0nNcKrOEyamnqDZA4GRX5Fm7B/zW+qD/sgyHo05oRBT1wUDl/lqtWRGgoc/ZQ6zm0cmYW6w+qVWnCH6Imyk/+PTY/fZdckzeSXgvsB2kJX3ah/VVp3nnpH3JFTkecDgaRRWPpuIu+v3G0Qwq3ZxPads7Q0D/2cRK2tOMD7Jx5Cb0siJ4QYeDMOYwyvin61FRMPI75ILd0350LxmklY
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 744028b2-d5b6-4b94-2c1e-08dcfb488019
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2024 14:13:18.6791 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: bcsVSxn5hsco5ev4YZuqV0c0snjCohANA+0ncFnwmGlzWD3Ba3BZjzROiwmqyoeR486AJktc4iAM21u7dbeF4Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVYP280MB1848
Message-ID-Hash: WN6LRI7A6NT36OBBOTUCD4LURD5EIKKX
X-Message-ID-Hash: WN6LRI7A6NT36OBBOTUCD4LURD5EIKKX
X-MailFrom: marco.tiloca@ri.se
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Review of draft-serafin-lake-ta-00
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/OMBSbgJvU4LMhQyaXx_9Yps-XKw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
Hi all, I have reviewed this document, and I believe it sets a good ground for facilitating peer authentication and other processes combined with an EDHOC session. Please find below some detailed comments. Hope this helps! Best, /Marco [Section 1] * The second paragraph uses the formulations "hints about which TAs" and "hints of TAs", while the abstract says "hints about Trust Anchors of trusted third parties". This becomes clearer in the last paragraph of Section 1, when saying that "the TA includes the public key of the CA". Perhaps it's good to early align the formulations of the second paragraph with that of the abstract, and turn the two sentences above into "hints about which TAs of trusted third parties" and "hints of TAs of trusted third parties". * It says "However, the same scheme can be applied to hints about other trusted third parties, ..." Consistent with previous sentences, I think this should be "However, the same scheme can be applied to hints about TAs of other trusted third parties, ..." * It says "This document defines an EDHOC EAD item containing hints about certain type of TAs, and enables the extension to other kind of hints and TAs through the registration of the appropriate IANA parameters." Consistent with the previous sentences, shouldn't it be as follows instead? "This document defines an EDHOC EAD item containing hints about TAs of certain types of trusted third parties, and enables the extension to other kinds of hints and other kinds of trusted third parties through the registration of the appropriate IANA parameters." * It says "a hash of an X.509 certificate containing the CA root public key (x5t)" I think it would more correct to say "a hash of an X.509 certificate (x5t) containing the CA root public key" [Section 1.1] * Please list the terms and concepts that readers are expected to be familiar with. [Section 2.1] * s/defined in Section 5./defined in Section 5.2. * I guess you also want one entry with label 0 and being reserved. * It says "to use for authentication credentials in EDHOC." I guess it means "to use for verifying authentication credentials in EDHOC." * "The positive of the CBOR label ... sent to the sender." Even though it says "CBOR label", talking of "label in the EAD item" can be confusing. With reference to Figure 1, one might understand that you are referring to ead_label (hence, to TBD1 or -TBD1) within ead_ta_hint. Instead, I guess you don't mean ead_label, but instead the map key within ta_hint_map. If that's correct, it's better to rephrase as: "When the label is used with positive value (+1), the indicated trust anchors are to be used for verifying the authentication credentials from the sender. When the label is used with negative value (-1), the indicated trust anchors are supported by the sender and SHOULD be used in authentication credentials sent to the sender." * It says "are supported by the sender and SHOULD be used in authentication credentials sent to the sender." I think you mean that the sender should send authentication credentials that are possible to verify by means of the specified trust anchors. Is that correct? [Section 2.2] * It says "... is a byte string containing a CBOR map with..." It should say "... is a byte string with value the binary representation of a CBOR map including ..." * Is the EAD label TBD1 always intended to be used as non-critical? I suppose so, as this is all about giving hints. * It should be said that the integer values for the map key of ta_hint_map are taken from the new registry defined in Section 5.2. * It says: "Table 2 provides examples of COSE header_maps used as TA hint types." I think you mean "Table 2 provides examples of TA hint types specified within header_map like the corresponding COSE header parameters." * Also based on the later examples in Section 3, header_map as a single CBOR map might be limiting, due to the required uniqueness of its map keys. As relevant for a ta_hint_map element that has negative map key, a peer cannot use the same hint type (e.g., x5t) for indicating multiple TAs that have the same advertised purpose (e.g., trust anchor of EDHOC authentication credential (-1)). Maybe it's better to generalize header_map to be a CBOR sequence composed of pairs. In each pair, the first element is taken from the COSE Header Parameter registry, while the second element is the intended hint consistent with the type indicated in the first element. * Table 2 does not include COSE header parameters that identify credentials by value (e.g., 5chain). It would be good to motivate why this is not needed and instead all hints are provided by reference. * Even though application policies can play a large role, it would be good to explain more in detail what actions are triggered by the EAD item on the message recipient, when the map key is a negative integer. This includes what the following EDHOC message specifies in the ID_CRED_X field. [Section 3.2] * It says: "An EDHOC peer may include hints about its supported TAs for authentication by including a ta_hint_map with label -1 in an appropriate EAD field: EAD_1 related to the AUTH_CRED_R and EAD_2 for AUTH_CRED_I. This informs the other peer about what TAs to use in its credentials in the next EDHOC message." This is a high-level explanation and can be moved to Section 3.0. [Section 5.2] * It says: "The value to be used to identify this type of authority. ... for the same type of authority but ..." Based on the terminology used in Section 2.1, doesn't the label identify a "purpose"? The word "authority" appears here for the first time. -- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
- [Lake] Review of draft-serafin-lake-ta-00 Marco Tiloca