IETF Logo Mail Archive

Re: [Lake] đź”” WG last call for draft-ietf-lake-traces-04

John Mattsson <john.mattsson@ericsson.com> Mon, 12 June 2023 09:31 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CE4EC152574 for <lake@ietfa.amsl.com>; Mon, 12 Jun 2023 02:31:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.997
X-Spam-Level:
X-Spam-Status: No, score=-6.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3JRxu89usML for <lake@ietfa.amsl.com>; Mon, 12 Jun 2023 02:31:05 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::61c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B093C151B30 for <lake@ietf.org>; Mon, 12 Jun 2023 02:31:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cAzG84KE8SYm/EiEA6l+7RN2v/a9Qbuhm7zRz/Ka8vsL6X9EXTNWCOozSb5LSA7MJck0JS4LYKKhG0AzL6p1soILGvdZQWRQ9agWFfqaaDaR2YE0RJBCnUNmBjKW+EqQTMWMDNqN0DsqvoLHDBOZ2+jgf7bwipcfk5x1/78kQ1jy5DRK689s0unRitqAk+HewryKacZkRa7n7TKDzgaDsb0T3V7nlImeUCUP1tiYOXi8AJu2iKhdvAfyCww05w/gQKwH4wFSaj5QdIClqa3+ssNItwCK4iJwvi+dd48ze4zgofliCMQQwGu+6jKCDRoK9/4963PdJF2c+oxV6TZBZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TUB/i6z7aGhiRQemNY2KgXK1E0YJMZO3WlpZz/7ldzk=; b=hvlaxS6/AI3xfK8JTqOLP1cnRGtBkYb56ymczHTDVL3zjD8r0B5ubhTeFgDdImy9L+qlIiytkIMSZjIq3a5ACIcEFWTJjPvo/LkkthI1kn64FuDem0NiK7RKeiE3E1sVkOUNjiY/HVjL8XMiQMuvUNvCVB0CCtmH6uF+ISY2ahER4ADkdP4i/l+emVfFMfCGw0nrYKIQUpB694HTNiRYwTC9SyzTfLZfsIsMsIEDJqG2O/ozMBAH5qGYRK2hE7/4zA2fcTJkDJ3ERwtgXsMZaJDYN2/EBMv1gCmzHMqTwX7A1MI0idELIf1eOJ4GR57CEEdBgqaWRHqErngrPCUZUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TUB/i6z7aGhiRQemNY2KgXK1E0YJMZO3WlpZz/7ldzk=; b=lczjlKF6S7lYghMJbQwB8+59KxZ/7fh/LTcTpndEWT40kkcj247td/SmAsSsJiKLi+FzkkZu0R+m9K2hdqduUZgFcn1Rt56SDVeHlwI3sON43qzzZw6cFdk98vRjXF04Z9HkuAnx7GVqmwLEJDkbekDFAuImAJ9Kd0zdpK0qyWM=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AM7PR07MB6310.eurprd07.prod.outlook.com (2603:10a6:20b:133::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.46; Mon, 12 Jun 2023 09:31:00 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957%7]) with mapi id 15.20.6477.028; Mon, 12 Jun 2023 09:31:00 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "lake@ietf.org" <lake@ietf.org>
Thread-Topic: [Lake] đź”” WG last call for draft-ietf-lake-traces-04
Thread-Index: AQHZedUP6ZhpNCYTXUevcofi9A4ow69AxV4AgAAEXYCAAAZMAIAAjYiAgEXHBKuAAAiQPg==
Date: Mon, 12 Jun 2023 09:31:00 +0000
Message-ID: <GVXPR07MB9678D85B612F79B07BF98BEC8954A@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <7D008A58-7B82-4089-A70C-74AEA05654A3@inria.fr> <f706e3ff-f316-164e-161a-66fe55576b8b@cs.tcd.ie> <PAXPR07MB8844F85FEDC6C31166EF67F5F46B9@PAXPR07MB8844.eurprd07.prod.outlook.com> <2ada442a-74cb-0013-2b2b-005c64591c64@cs.tcd.ie> <PAXPR07MB88445D79C404B9A6E919DFCDF46B9@PAXPR07MB8844.eurprd07.prod.outlook.com> <5a0d8275-c250-8bce-eef0-1de5205b65eb@cs.tcd.ie> <GVXPR07MB9678C6C2D2571BC4599DB4548954A@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB9678C6C2D2571BC4599DB4548954A@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AM7PR07MB6310:EE_
x-ms-office365-filtering-correlation-id: 4697dfb0-abca-4d67-14f4-08db6b27bbde
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BWUzDTjz7DXigkGk+VngaMb/sYtxu5uaWwSwU5vxTQ1wBjT3de29DjZaiNBWju9+G373bzCFU0oFaj342F2qmHE2LHx2ej3p9+wJdl0hX6pR+uWIM7X2O/FFF66Bkfb5pRm8WrL2cmvSuSIDkHCDNpb/UPXFMNOi3pmz4WGlSumpxSwOKAc8gb+jy/QbhzYlWO6OpJXmI65tuj0gCRte7jms8hEQ1YQ7EdqySi/DtLZZ+9aduGxgpZMCYR55CuGYCYW3umONpZ/ybUEb/FZUjRAEyejEV4QFGZUbqq9zBy/Mw013XUCUuvPEANsAa3OBPYSqpa6TIdSwKJT1QGFb9u2KHEGjvlcH8Exm/PA4E0mONdsMwy4212i8GZpCg8pPhW8N9Gil2eX++lXmTjs4H3ucnuJjgBrTBQeiXfrMsKqHNHnzhMtfNCY/X7uzcMyViqgJxGQpWh4fMQMy0nCUifal4OrZM1YQ2th4czfXvcsnR5O+X4aB/BG+IV15KlVTxxQCrzW1BBujFlIne1rkmZIcBaU4KvBMbbi3xdGp28wdGn0gtisl+MPBHhw5AGQaS6qWRnu8LQAMUTjv293zR6tWIX9fMHaRW4X2JJtn2x81mYJw0V633fJolluhmMLpWQmnetLJjkMacLxnTsHqGw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(39860400002)(366004)(396003)(376002)(346002)(451199021)(966005)(71200400001)(7696005)(478600001)(66574015)(33656002)(2940100002)(26005)(53546011)(9686003)(6506007)(83380400001)(186003)(38070700005)(86362001)(38100700002)(166002)(82960400001)(122000001)(55016003)(66556008)(66446008)(66476007)(76116006)(66946007)(64756008)(316002)(91956017)(8936002)(44832011)(5660300002)(52536014)(41300700001)(2906002)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RSLgBF6UCM5kMqyQHxJV/MA7hZBitfYz/RXGggdUjoSgVeg0OqpkKHSprKfee7q9peWV2HN0k8cnh3AO6xgv1Q+AS7CQGG9hD3Om+8+fR+EJyaBx44k8k6ge0r/ldNMIloJUh4Dn2148OiRvORKfHXLTCTvCHxvS9qXaxqNVYwE9UM3KJ7vdpM5xgPWmAG5jRj79pTGmwGab+fK/fBIp28/GVo9nsi5fH9W4PxKWDojPF6HrT8DeIg2StgZAbu+pDN+u8PPrf8pVJEdSuctEpvCFmD9LUJAHrZ4jR4+8VXhlL9VRd/5mu3n53JSTUYHwkdt2rqAdF7cRsaImT44TGLlyVR8f9SNWCrgsU55IftZ2K8ul2uYAOPEQo6GmiB6/skpotZ95k1QXxC1CTKSM7urlbu9BrBMBilKn/8RkNf6cLr6RO6D2a3Eue/xWCeZ0wqFEY9ULNZaiT+byUeXv/m9YSb4tbQHvX/RUb8nR+Ao+k3jQMzMCPVYjBPtKdkrGF32KgrVvAhzKQm1BWr18SXgmAR8C1q9S0Blga4vqdvL3UTF60Oz5oX+m+CXU2YRtjstoSOqXxMNvTW9+CIVodDpeRJUMuLBRGaBCm2F9Z9amMn2Bbzqfj09ffRXQdNcEQQsi9fYERnUB9Khqc94hHIJH6yUK2LLixpFWiAqSotqF+XQKt3CXxuNe7Zku2jQgEORWjK46N6Fz8nlMy5411Kwc5gEgTbElzCb4WL1ctIU+PA4Gb/wHTBKR45MjrIbOnJlpEm/bk8q4v2cucMT/D/hHXdj5W/CXrMtaxMtHdYW6UQJdsGMJZkGOuw8W9QPAOmTW2eiz5D8LCEZyd6DKUKKQyDV4jv5x/8Oplssh/ouRxye2qq99foHezmJlDey2iRmrKNiGakMKt+ZXKbUzBabWDYutYEpcCDSbw/CeUNouia1aqWaUR7dfC6mqOG0lBKEAgBQnHyKH612jCn+an5s6EiZSJvd6zAL01otQg2EbX+53q/JyKDnpdtp3Ky+VvgwlWN0Kk1ZbGzxLMjOG6S1UTPnIYIpgSVQULdEvvGL912qNMYjVi67zc2e0AEs2kB2+OW3u45mA6htWUrLsejRoWqbozh4fd77CqN1d6glYC10jBJzxWXHOoA9S6WOr+tumrC8rjbtFU6lFWITK1CToxerYV6DengxdyAVLghk85MxWx06UrF5rxR1yI7LjdJbBGkwOi/wAduoD9XO47BGwQwvR7KZ0mujLATsFKJKvlCpmbRmK6Rr4QeZk1y2w3zIIC1tTAxe0wZN1gRcrJxrv8uJIpXTbLbERRoKYOAf2ojhXsZNYFMgM6uneR4R696NpiGgjWoCvDJPgg/bKO5jawpKRUyN/LvOWalOZhdbsqRk3nsIEIXjAhrH4+9SG96R1eIlm3noukvNNBLfSLltYKfC7ji8GyI5T0Lv+58MXsbOp0a75CDnEdeLqeGjBFbSeJJ3DBvmEQ0iWQYR9V3IlQJIdJyWqnDUgFnnn2xdGdpPLA+8HIvesbJjA1BQ2R5r/PwDgx4W1V8n9dHr/W6EKxejwNnLlolXwvOup+2FT2VVtJXSBBhJh1Ns4idj8v/8jOSQpEscQ6ygilxChqg==
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678D85B612F79B07BF98BEC8954AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4697dfb0-abca-4d67-14f4-08db6b27bbde
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jun 2023 09:31:00.2672 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MyE2uQ9h2IVmOO2dgBoKtEzF/lxYtOq3Sx+IoyhojD6p7VJfnkDTs8wst7Dr1qV47AlE+x1McbdkmWpJId1gzpa1sBSMFRcH/kclLPN7Cpc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6310
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/axEpM7275BDPZ-0E7dcQT3TLKIQ>
Subject: Re: [Lake] đź”” WG last call for draft-ietf-lake-traces-04
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2023 09:31:11 -0000

I made another commit.
https://github.com/lake-wg/edhoc/commit/75c067174f22541fc82191d124596ad861d26ece

RFC 5280 also requires that key usage is included in CA certs. I think that all three certificates are compliant with RFC 5280.

Cheers,
John

From: Lake <lake-bounces@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Date: Monday, 12 June 2023 at 11:12
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, lake@ietf.org <lake@ietf.org>
Subject: Re: [Lake] đź”” WG last call for draft-ietf-lake-traces-04
Hi Stephen,

I fixed the problem with the missing notBefore
https://github.com/lake-wg/edhoc/commit/3aece25c3bf201a6ba844ec3acf7500804fb53b2<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-1ea78e9e6bb1937d&q=1&e=7ac4ca6b-e3e8-4456-a2f3-e7cc48f017e8&u=https%3A%2F%2Fgithub.com%2Flake-wg%2Fedhoc%2Fcommit%2F3aece25c3bf201a6ba844ec3acf7500804fb53b2>

Regarding basic constraints, I don’t think this is a big problem for the end-entity certificates, but it is a problem for the “common root certificate”. RFC 5280 states:

   “If the basic constraints extension is not present in a
   version 3 certificate, or the extension is present but the cA boolean
   is not asserted, then the certified public key MUST NOT be used to
   verify certificate signatures.”

This need to be fixed. I will add basic constraints for the “common root certificate”. The traces will not be affected. After that I think traces is ready for IETF last call.

Cheers,
John


From: Lake <lake-bounces@ietf.org> on behalf of Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Saturday, 29 April 2023 at 01:25
To: Göran Selander <goran.selander@ericsson.com>, Mališa Vučinić <malisa.vucinic@inria.fr>, lake@ietf.org <lake@ietf.org>
Subject: Re: [Lake] đź”” WG last call for draft-ietf-lake-traces-04

Hiya,

On 28/04/2023 15:58, Göran Selander wrote:
> Version -05 is out. I also removed an editor’s note and information
> about where to find test vectors which was not up-to-date.
That looks good to me. One nit though, the certificate in
3.8.1 [1] is missing it's notBefore value. I assume fixing
that doesn't require new traces though, so just do that at
your leisure.

I also see that the sample certificates don't contain any
extensions. It's normal to include basic constraints so if
for some reason you do need to regenerate traces, I wonder
if adding those would an idea. (But don't regenerate the
traces just for that.)

Cheers,
S.

[1]
https://datatracker.ietf.org/doc/html/draft-ietf-lake-traces-05#name-certificates

v2.23.0 | Report a Bug | By Email