[Lake] Review of draft-ietf-lake-authz-01
Marco Tiloca <marco.tiloca@ri.se> Wed, 20 March 2024 04:54 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0E9EC151063 for <lake@ietfa.amsl.com>; Tue, 19 Mar 2024 21:54:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCPSnXG7FdI6 for <lake@ietfa.amsl.com>; Tue, 19 Mar 2024 21:54:35 -0700 (PDT)
Received: from GV3P280CU006.outbound.protection.outlook.com (mail-swedencentralazon11020003.outbound.protection.outlook.com [52.101.75.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDE3FC151536 for <lake@ietf.org>; Tue, 19 Mar 2024 21:54:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F3H/+/87ViDlr0II3oRVELwFvvwZI1zxw0khRYpjR6/XJRG6eRDladMTeK6cWMccg7GmJdlz2PZtMHrv3TINZdDHZqARw11nodHRscY6zzMS0ezC3eooNJ8AOFutH6HpkF+Qq1KxWgtXjJX1n+9V3ZIKXSzWH1k3EZLm690QVlhNZlQrOXNod2cIHBNm6kbgcYZYb5fWPqgZ/qEsGbGkOSn7CZWa3yZsA9z1AO5fi9Ty1m7T7fWFwXpekzeULa8uKoWWV1uCtjAQgQKiutM0qODbitO31p0a/yeBoSJrgKSG9ZyCU0B7VpixccUlNCCCbLIoYoBzK5k2BStHmYFdlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3I9U1y41DSFsPlfTnMUx8iAkELx2gN5SPfujxCmJCxM=; b=ofxutGZwt29KZtPOCZOqevhMXwA1Q/nb0QfO5l10kmx4XFEuBkmj8kKxeOW/JBPlDAbYS7CVatXHk0HRpw0Lg2I0H+AGNYYPvSISr7yzjeQXjVOyHNYbbagt4eJedhJsjFVL5hhNBq7IcpjI/cSkFdluKMCp97Z2XGBWwrbGIefkwtFySExEc+a36DtJ4GjHh6SJRVawLbtGMTc8E+YXAyGyfqTo+fmDrrdhdDAGr2EUn5RafVIlZIXLr784S5NuJT1aZCM2YdhZlKfVzfhSBn3aWaYpM8gTrRqCpLUD01bBdkZovJMszEzbweijSin9UfbUiBvaVo23cwJahCcb5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3I9U1y41DSFsPlfTnMUx8iAkELx2gN5SPfujxCmJCxM=; b=KPzDdsI+skd5XA0KakqViL5Z2hgFhDjYq99qzzVolf+GCTX8m4NRxf2kLQ9l3R+RnBRNBDP0El1QYcepGRMBoy13Fo18wNvG03e77BoG2Tk4VvK1dL/ccvvydszgfsP4O2/eCmUci8kkgbPfYTchdTkshgULl5otUJUEmHIj0Zc=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by GVZP280MB0090.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:41::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.31; Wed, 20 Mar 2024 04:54:29 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::ac07:ed64:c098:f1f9]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::ac07:ed64:c098:f1f9%4]) with mapi id 15.20.7386.025; Wed, 20 Mar 2024 04:54:28 +0000
Message-ID: <255e0ab1-b26b-4fbe-b507-4532c71fdcb1@ri.se>
Date: Wed, 20 Mar 2024 05:54:27 +0100
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "lake@ietf.org" <lake@ietf.org>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; keydata= xsBNBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAHNNk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPsLAdwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzzsBNBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAHCwF8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------y91yBpYeZU5d0ZXSDhXvhycL"
X-ClientProxiedBy: MM0P280CA0006.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:a::12) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|GVZP280MB0090:EE_
X-MS-Office365-Filtering-Correlation-Id: 0ee40462-8641-47e7-5515-08dc4899d304
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: l4kRgikXbE+meZvtlKVI88SuLaVEDXwxGwYQqKTwodGZLwpGZ6kzeRqSU5mWyvu96r29C3Ztm8dNt+Ahpm1iUcsbTG6CzXgrPM1afahxMOoBeV/fAaz588+Ovx5unmx698fnSlqCiOzIz1qPHB1neU1xpG+U4BH2TxasN4H+mdhuJBsKu7z94LlAwgwbFkBchrgYEI9Fz6lXCNb5MGfioMp6CreX4Vk/Th0K7jnrhaFPUBPtCzmoI1NmhnUZXD29UYcHk+Q2BWj/1Tp72SgZERO1ELU0qAsY93oARR/JFZrM48wg9+wuIjYLf/z+gcZXkRBSbEOQAhjM3hJiWk8v9Dum2wMMY39U0t+ifFyLb0iYqC1YmLVMIb+BDeJ9KKaFPKdIc0gWH8ob0A+xeiscczLnhQCsKDDpvVuTsNHdMWRgf3hdTiNuq9q1tDqEu5w9IsDi1h2j5TVlsNw6rAo1xVNZAC5tBmv7P16itUBiLTqcRJSg/SMI4zPCBNKhZyJNl8j33V8jnAGIuuEA+O3seFcjkWfpVVfgcPbok9sgUyGjxK/2Fu5Rl4e7ke/7mJfz0wNfbXAkAT3+aoQzXsT3MrcewQ4f1M656oe3vWMpreo=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Kxmjhb3GxMtQVyi0QEWIK8ESQ95F5H0Y9BHAoFHgZSFuqLKEtOXi1vSfiiZ3aqGH0srRg38sh5VHq8RqmQ83o/H/AVdfX20CG7vuPnUqK8nAG7Yf4p2rK7PioCs68vk86vAoro+IVcX8DVSCzIcwB++v8gPUeaLzJy6fH9eKNa39xmhyMXLx9ndP0uvH+l0MvgfZp3Cr10d9w0iwZgDTIHDz2WiomFAkEQVAn3PN/oV3/4JGENCIob1YA3M891QlyUUG0Ww+I4nH5wr97Mskq9FFRIa1j3BeUqI4z88SclLggXdTBRcF1R9mLq9A8/ZEViNQouzIDdy+BnEDAMs+0AVOJd9+/fb/PywbkP0x1+Sxbp4xc6aBsAgQF0Wq6klE2r7cA3HG5y4tkmo5I/kbgafqDXAazQhM/kRJ773XWhRsP6zrGeieH9ijJGOL+tRI7EmmE2u3jNX82YuM0CGjM0PemgCcG5twrZy7VI54yWVJITIuq/pnMBbzybQ1PMDee+HfmXX+tyv6GcLaZJzE7h1FBIPlu0HCuGJnSEgr08QU0584kJ7G+e5xlzyliGz8wifEWWDkcBOQA5yJsvhqo9ASJDjlZ4Oiu0fkj1Oa6aemMrMqmk+OkJQfkBv5bOYGA4SFN/kXZ25d00N36zYrhZQ84STtCGfSscXB2odPL9HuIHz6kL4+u3/hNm4yP8nOun7fjDqkgbeRhLyg+RFBmIxy8iZnan+gKpPcN3fZyYewh6Y3kmr3howbexJcxgxoqdgi5NIcOlW0tgWVATAt4Ms/mudxVozTpVg+l5sNkVg0nUy7j543+ZHKpqpxX/evQWhZxmWGh0Y2sUKUdcXlY1foIyTlqg05s+6rTMWNTBvAVe4ICYqHltsTKOdilaFcVUpQVVU9ZSjeH04LaJgRE3699N2j8M6xtFOE1lLzneI2I+IGTsd/jsjH4KaVRfrN6FlsaznsbYTE32fjXo6FVU2I8jaYYdp5zULvUzumN2HlUh+40C7q4ZAthFbbGeXwBA9Y9Ea4JXx2eojSFzQ/UtaUx/2kYzUVU2s/aUg1QrnY9BYYhAh8sUdOXlHSuMjG/mpdRDTdGDa1vh0exuNpEqv8dyJJXud0UF9pQbmH6AuoMheKVkubzEch9yx9cQQLEKo3pizNxuxxCs6jp3JxbYQoj56AZHm/AmJ2rWYOomlwNSAxmiboVyrI1v8q8Wznl7HBxNrddHgJ5ZH1mEvPe7wiX0Eibpb93nWrLLLizAredJA53Bb6HzQn5nCzZAayZdzmvaXviRNEL4QKnuvMEUqiIvEnFS3/W6SiL+hYSYd/x/ac/TLysZTO8pMeD8agnJwSf1eqMC53eRrhi3Jt8b6Vqf1wyVxxVUN9lq63KRDWgq53P5dfOtXZRyhzPGxIb/jfmmClPE9wRmXR/0hAbc5M2XnfRVAA7eXpe/JYG6+lGK2ydQXAY18uGOmgw/3Y1kOL9Mw4CaTLlM0AbHYapd+rSLDGW0JVJKeuEX0nbMb5BLx0y0eMtoRSIJRH/pfld4LC0QqiFiQ7fxb1hkzKLzFj6Qv1UulHJeylS0EwwPvx6+EYBRDmayuAQIXYOgeZ
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ee40462-8641-47e7-5515-08dc4899d304
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 04:54:28.8375 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 0VMGKTc7nuHiMlL2XcTjgs8NyqErwhBj1uqj2BoXN5XeVCiSakPY1gg8PG6NG9YmdT2z1Wl/iwJWiQYPvDLnvQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVZP280MB0090
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/ScUM1MfnWe7imi1IfWybrRZlzMw>
Subject: [Lake] Review of draft-ietf-lake-authz-01
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 04:54:39 -0000
Hi all, Please see below my comments on this document. I hope it helps! Best, /Marco [Abstract] * The title and Section 1 say that the document is first of all about authorization, which, as a particular case considered in the document, can be used for device enrollment. Consistently, you can consider the following rephrasing in the abstract: - s/for authorizing enrollment of new devices/for authorizing new devices - s/applicable to zero-touch onboarding of new/applicable to zero-touch enrollment of new (unlike "enrollment", "onboarding" is used only once, in the abstract) [Section 1.1] * In the list of expected understanding of the second paragraph, it's better to add also CDDL (RFC 8610). [Section 2] * Based on the content of this section, the title "Objective" feels more appropriate. [Section 3.1] * "an X.509 certificate" Add a reference to RFC 5280 * "CRED_U may, for example, be carried in ID_CRED_I of EDHOC message_3 or be provisioned to V over a non-constrained network, see bottom of Figure 3." I guess you mean: "CRED_U may, for example, be carried by value in ID_CRED_I of EDHOC message_3 or be provisioned to V over a non-constrained network, leveraging a credential identifier in ID_CRED_I (see bottom of Figure 3)." [Section 3.2] * "To authenticate to U, the domain authenticator (V) runs EDHOC in the role of Responder with an authentication credential CRED_V, which is a CWT Claims Set [RFC8392] containing a public key of V, see Section 4.5.2.1." Why does CRED_V have to be exactly a CWT Claims Set? (the same is consistently said later on in Section 4.4.2 and in Section 4.5.2.1) This would also prevent V and W to use TLS with CRED_V and Client Authentication, which, as mentioned in Section 3.2, would require to use an X.509 certificate as CRED_V. * "W needs access the same credential CRED_V as V used with U" Minor rephrasing: "W needs to access the same credential CRED_V that V uses with U" * "However, note that CRED_V may not be a valid credential to use with TLS 1.3, e.g., when U and V run EDHOC with method 1 or 3, where the public key of CRED_V is a static Diffie-Hellman key." Considering the authentication credential types that are possible to use in EDHOC, isn't this generally an issue if CRED_V is not an X.509 certificate? (or a C509 certificate, pending the registration in Section 9.18 of draft-ietf-cose-cbor-encoded-cert-09) * "V may run EDHOC with W using" This can be: "V may run EDHOC in the role of initiator with W, using" [Section 3.3] * "W MUST verify that CRED_V is bound to the secure connection between W and V" How does this happen in case the secure connection establishment does not use client authentication, or in case the authentication credential that V uses for that is not associated with the same public key of CRED_V that V uses with U in EDHOC? [Section 4.1] * "An outline of EDHOC is given in Section 3 of [I-D.ietf-lake-edhoc]." This has become Section 2. * In Figure 3, in the top part of the diagram between V and W s/w.r.t. CRED/w.r.t. CRED_V [Section 4.2] * s/EDHOC-Extract/EDHOC_Extract * s/EDHOC-Expand/EDHOC_Expand * "The output keying material OKM is derived from PRK using EDHOC-Expand(), which is defined in terms of the EDHOC hash algorithm of the selected cipher suite, see Section 4.2 of [I-D.ietf-lake-edhoc]:" The reference should be to Section 4.1.2. [Section 4.3] * "This state typically contains U's IP address and port number, together" I think this can be more general, and consider IP only as an example. Then it can become: "This state typically contains addressing information of U (e.g., U's IP address and port number), together" * "For example, V may use the existing CBOR and COSE libraries." Why not simply "For example, V may use CBOR and COSE." ? * "in the form of a Voucher Request." Please include a forward reference to Section 4.6.2. [Section 4.4.1] * It kind of follows from Section 4.2, but it's better to state explicitly that the encryption is done by using the EDHOC AEAD algorithm. * s/EDHOC-Expand/EDHOC_Expand (2 instances) * s/length of key of the/length of the key for the * s/length of nonce of the/length of the nonce for the * The plaintext is defined as > plaintext = ( > ID_U: bstr, > ?OPAQUE_INFO: bstr, > ) Thinking of the later definition in Appendix B.2, the value of the CBOR byte string OPAQUE_INFO is the byte serialization of u_hint, right? [Section 4.4.2] * "H(message_1) is the hash of EDHOC message_1, calculated from the associated voucher request, see Section 4.6.1." It's better to clarify here that the hash is computed by using the EDHOC hash algorithm of the selected cipher suite specified in SUITE_I of EDHOC message_1. The same clarification is useful also when referring to the EDHOC AEAD Algorithm in Sections 4.4.1 and 4.4.2. * "CRED_V is the CWT Claims Set" If this is such a hard requirement (see above, does it have to be?), then it might not be possible to use TLS with Client authentication between V and W, as mentioned in Section 3.2. * s/EDHOC-Expand/EDHOC_Expand (2 instances) [Section 4.5.1.1] * "with respect to the Diffie Hellman key agreement algorithm used" Per the EDHOC terminology, this should be "EDHOC key exchange algorithm" [Section 4.5.2.1] * "CRED_V is a CWT Claims Set [RFC8392] containing the public authentication key of V encoded as a COSE_Key in the 'cnf' claim, see Section 3.5.2 of [I-D.ietf-lake-edhoc]." See also other comments above. Why does CRED_V have to be exactly a CWT Claims Set? * "COSE header_map, see Section 9.6" This has become Section 10.6. [Section 4.5.2.2] * "U receives EDHOC message_2 from V and processes it as specified in Section 5.3.2 of [I-D.ietf-lake-edhoc]" That should be Section 5.3.3 [Section 4.5.3.1] * s/OSCORE request/OSCORE-protected application request [Section 4.6] * "It is assumed that V and W have set up a secure connection" When? I suppose that's actually required when V is about to send the Voucher Request to W, but not necessarily before then. * "W has accessed the authentication credential CRED_V to be used in the EDHOC session between V and with U" If the secure connection establishment between V and W happened without Client authentication or by using a V's authentication credential different than CRED_V, then V can still include CRED_V within 'opaque_state' (together with a proof-of-possession of the private key corresponding to CRED_V, if W hasn't already achieved that proof-of-possession). [Section 4.6.1.1] * "message_1 is the EDHOC message_1 as it was received from U." I think this should be "message_1 is a CBOR byte string with value the byte serialization of EDHOC message_1 as it was received from U." [Section 4.6.1.2] * s/the encryption of the device identifier/the result of the encryption of * "If H(message_1) is not unique among session identifiers associated to this device identifier of U, the EDHOC session SHALL be aborted." Which EDHOC session? If the intention is to abort the ongoing EDHOC session between U and V, then W can still simply reply with an error/negative response to V, which would in turn abort the EDHOC session with U. * "W uses ID_U to look up the associated authorization policies for U and enforces them." Enforcing them means understanding whether to issue the Voucher or not, right? * "If H(message_1) is not unique among session identifiers associated with this device identifier of U, the EDHOC session SHALL be aborted." The EDHOC session in question should be that between U and V, but this text describes processing at W. Do you mean that a "Voucher Error" must be returned to V, which in turn aborts the EDHOC session with U? [Section 4.6.2.1] * "message_1 is the EDHOC message_1 as it was received from V." I think this should be "message_1 is a CBOR byte string with value the byte serialization of EDHOC message_1 as it was received from V." [Section 4.6.2.2] * "If that verification fails then EDHOC is aborted." This should be: "If that verification fails, then the EDHOC session with U is aborted." [Section 4.7.2] * "The encryption of REJECT_INFO follows a procedure analogous to the one defined in Section 4.4.2, with the following differences" I think that one detail is missing, i.e., REJECT_INFO is the 'ciphertext' field of a COSE_Encrypt0 object. This can be mentioned in the bullet list after the CDDL definitions (i.e., as another difference from Section 4.4.2, the goal here is to produce 'REJECT_INFO' instead of 'Voucher'). * The plaintext is defined as > plaintext = ( > OPAQUE_INFO: bstr, > ) Thinking of the later definition in Appendix B.1, the value of the CBOR byte string OPAQUE_INFO is the byte serialization of v_hint, right? [Section 5] * You may want to add a new subsection "Schemes "coaps+tcp" and "coaps+ws"". It should be like for Section 5.1 "Scheme "https", with the difference that HTTP is replaced by CoAP. * The title and first sentence of Section 5.3 "Scheme "coap"" can be extended to mention also the schemes "coap+tcp" and "coap+ws". The reference to Appendix A of draft-ietf-lake-edhoc remains relevant only when the "coap" scheme is used. [Section 5.1] - "In case the scheme indicates "https", V MUST perform a TLS handshake with W and use HTTP." Consistent with the text in Sections 5.2 and 5.3, this should say: "In case the scheme indicates "https", V MUST perform a TLS handshake with W and access the resources defined in Section 5.4 using HTTP." [Section 5.1] * "If the authentication credential CRED_V cannot be used in a TLS handshake, e.g. if the public key is a static Diffie-Hellman key, then V SHOULD first perform a TLS handshake with W using available compatible keys. V MUST then perform an EDHOC session over the TLS connection proving to W the possession of the private key corresponding to CRED_V. Performing the EDHOC session is only necessary if V did not authenticate with CRED_V in the TLS handshake with W." This answers to the previous comments on this topic. Maybe it's good to have this explanation earlier in the document and/or to forward-point to this section. Clearly, this option requires W to support EDHOC, which would otherwise not be necessary on that side. An alternative option is for V to provide W with its own authentication credential CRED_V over their secure connection, together with a proof-of-possession of the corresponding private key if W hasn't achieved it before. This information can be part of the Voucher Request. [Section 5.2] * Considering that, at the very least, V has to authenticate W through DTLS, this excludes the possibility of having a CoAP proxy between V and W, right? [Section 5.4.1] * "W MUST issue a 200 OK response" That's in case HTTP is used. If CoAP is used, that's a 2.04 (Changed) response. * Does the successful response have unspecified Content-Format (Content-Type)? [Section 5.4.2] * "W MUST issue 200 OK response" That's in case HTTP is used. If CoAP is used, that's a 2.04 (Changed) response. * Do the request and the successful response have unspecified Content-Format (Content-Type)? [Section 6] * "As noted in Section 8.2 of [I-D.ietf-lake-edhoc] an ephemeral key ..." This is now Section 9.2. * "device with input of public key of W (G_W) and device identifier of U (ID_U), and produce" Proposed rephrasing: "device, so that EDHOC can import the public key of W (G_W) and the device identifier of U (ID_U), and then produce" [Section 7.4.1] * s/Encoding considerations: binary/Encoding considerations: binary (CBOR) * I think that the "Additional information" field and its subfields can be removed. * The value of the field "Person & email address to contact for further information" should be: LAKE WG mailing list (lake@ietf.org) or IETF Applications and Real-Time Area (art@ietf.org) * "Author: See "Authors' Addresses" section." should instead be "Author/Change controller: IETF" then "Change Controller: IESG" can be removed * You need to add the field "Provisional registration: no" [Section 7.5] * IANA has added the media type "application/lake-authz-voucherrequest+cbor" to the "CoAP Content-Formats" registry under the registry group "Constrained RESTful Environments (CoRE) Parameters". This should be IANA has added the following Content-Format number in the "CoAP Content-Formats" registry under the registry group "Constrained RESTful Environments (CoRE) Parameters". * The columns of the registry have changed, see https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#content-formats s/Media Type/Content Type s/Encoding/Content Coding [Appendix A.2.1] * The Uri-Path option is set to ".well-known/edhoc". That target URI path is expressed by two occurrences of the Uri-Path options, i.e., one option for each URI path segment. You can better say either > The Uri-Path options are set to ".well-known" and "edhoc". or (probably clearer) > By means of Uri-Path options, the Uri-Path is set to ".well-known/edhoc". [Appendix A.2.3] * "The Uri-Path option is set to ".well-known/edhoc"." Actually, no. Since the combined EDHOC + OSCORE request is used, the sent request targets the resource at V (the JRC) that would have normally be targeted by a normal OSCORE-protected request, like in the case where an OSCORE request is sent after completing EDHOC without this optimization. * To complement the last paragraph, I guess that the ID Context of the OSCORE Security Context is left unset. [Appendix B.1] * The text says: > It consists of a list of application-defined identifiers of V (e.g. MAC addresses, SSIDs, PAN IDs, etc.), as defined below: > > v_hint = [ 1* bstr ] Do you actually mean a CBOR array, or instead a CBOR sequence? In the latter case, you can use either of the two notations in https://datatracker.ietf.org/doc/html/rfc8742#section-4.1 [Appendix B.2] * The text says: > The hint itself is application dependent, and can contain ... . It is defined as follows: > > u_hint: [ 1* bstr ] Do you actually mean a CBOR array, or instead a CBOR sequence? In the latter case, you can use either of the two notations in https://datatracker.ietf.org/doc/html/rfc8742#section-4.1 [Appendix C.2] * "the plaintext of REJECT_INFO contains" I think you mean: "the plaintext OPAQUE_INFO used to compute the encrypted REJECT_INFO specifies" [Nits] Section 1 - s/significant which/significant, which - s/server which provides/server that provides - s/similiar/similar - s/this document we/this document, we - s/sequence which is/sequence, which is - s/EDHOC leading/EDHOC, leading Section 2 - s/e.g./e.g., - s/device (the voucher)/device (conveyed in the voucher) - s/protocol which is lightweight/protocol that is lightweight - s/constrained link by/constrained link, by - s/authenticator needs/domain authenticator needs - s/Overview of message flow/Overview of the message flow Section 3 - s/relation, this protocol /relation. This protocol - s/depending on type of/depending on the type of Section 3.1 - s/to W, this device identifier is/to W. The device identifier used for this is Section 4.3 - s/state is out of scope/state is out of the scope - s/with echoed/with the echoed Section 4.5 - s/U and V, which include/U and V, which includes Section 4.5.1.1 - s/G_X which is reused/G_X that is reused Section 4.5.1.2 - s/TBD1, triggers/TBD1 triggers Section 4.5.2.2 s/Otherwise U MUST/Otherwise, U MUST Section 4.6 - s/between V and with U/between V and U Section 4.6.1.2 - s/identifiers associated to this/identifiers associated with this Section 4.6.2.1 - s/associated to the secure/associated with the secure - s/constructs the the Voucher/constructs the Voucher Section 5 - s/in LOC_W URI/in the LOC_W URI Section 5.1 - s/e.g. an X.509/e.g., an X.509 - s/e.g. if the public/e.g., if the public Section 5.4.1 - s/issue a request:/issue a request such that: Section 5.4.2 - s/issue a request:/issue a request such that: Section 6 - s/In this specification the ephemeral/In this specification, the ephemeral - s/calculations, one option/calculations. One option Appendix A.1 - s/802.15.4 it is possible/802.15.4, it is possible - s/Join Proxy does not/The Join Proxy does not Appendix A.2.1 - s/constructs the EDHOC message_1/constructs EDHOC message_1 Appendix A.2.3 - s/described in Section 4.5}./described in Section 4.5. Appendix C.1 - s/demonstrates successful/demonstrates a successful Appendix C.2 - s/W verifies that MAC/W determines that MAC -- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
- [Lake] Review of draft-ietf-lake-authz-01 Marco Tiloca
- Re: [Lake] Review of draft-ietf-lake-authz-01 Geovane Fedrecheski