Re: [Lake] WGLC for draft-ietf-lake-reqs-01
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 21 February 2020 16:26 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 190FC1208B4 for <lake@ietfa.amsl.com>; Fri, 21 Feb 2020 08:26:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAbdyaZ6FH_B for <lake@ietfa.amsl.com>; Fri, 21 Feb 2020 08:26:40 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E2A01208C2 for <lake@ietf.org>; Fri, 21 Feb 2020 08:26:39 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 97F70BE2F for <lake@ietf.org>; Fri, 21 Feb 2020 16:26:36 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YBrr_CLLJCNw for <lake@ietf.org>; Fri, 21 Feb 2020 16:26:36 +0000 (GMT)
Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3EEC7BE20 for <lake@ietf.org>; Fri, 21 Feb 2020 16:26:36 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1582302396; bh=hsqEAHvAAbrOgSFwoYQoF8j6p5ZoBEBh9Tl7olIPYhU=; h=From:To:References:Subject:Date:In-Reply-To:From; b=gisQ18nleSk1Dk87sEEM1ZihhlOSStxlc0RQXzRyrOn89YhlLWThtDc839I+PaQBS HbDsnnP2T8h9NppHC7hCiHnbBAeiX/Lhkibet+TrSQ3PgWrQUvPuRD9NvQjhjs2qy3 hf5EL6tDMdevkZ4WLHhBnweT4tL/DW7oWLSijO6I=
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: "lake@ietf.org" <lake@ietf.org>
References: <b7c084b0-8489-5c05-046d-33aa70c85b94@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <5a7f6cbe-4e5d-043c-d1a8-0b64633b1506@cs.tcd.ie>
Date: Fri, 21 Feb 2020 16:26:34 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <b7c084b0-8489-5c05-046d-33aa70c85b94@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="SrKpovwUjB3wB0ZAGEbsXBrg1Fng6qzjS"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/nDbl4wJxW01J_-ZSzoG18vdVb7s>
Subject: Re: [Lake] WGLC for draft-ietf-lake-reqs-01
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2020 16:26:52 -0000
Hiya, Here are my comments, as a participant, not as a chair. Please handle them alongside any other comments from WG participants. (The purely editorial and nitty comments at the end are probably ok to ignore if you prefer.) If any of my comments contradict earlier discussion, on the list or in the github issue handling: apologies, just say so, and then ignore 'em:-) Cheers, S. #1. Is section 3 intended to be all that an AKE designer needs to cross-check against their design? That doesn't seem to be true at the moment. For example, 2.3 now calls for KCI, but that's not mentioned in section 3. If section 3 is not intended to be that, then what's the benefit in having it? Might be easiest to just delete it since the draft isn't that long. #2. 2.1: The Sender ID as described in RFC8613, section 3.2 has additional uniqueness requirements not (re-)stated here that aim to protect against nonce re-use in the AEAD. Do those requirements apply and/or need to be stated here? (I'm not sure they do, as I just quickly looked at 8613, so this is just a question.) #3. 2.1: says "COSE... shall therefore be used also by the AKE" - is that too strong? Perhaps all we need to say is that it must be possible for an AKE meeting these requirements to use COSE? The statement as-is could be considered a showstopper for a claim that ctls can meet these requirements, which seems like a bad plan. An editing pass to check that we're not stating requirements that can't really be met by ctls may be a good idea I'd say. (The 3rd bullet in section 3 also states this requirement.) #4. 2.1: "It is therefore assumed that the AKE is being transported in a protocol that provides reliable transport, that can preserve packet ordering and handle message duplication, that can perform fragmentation and protect against denial of service attacks..." That seems too strongly-stated. s/assumed/desirable/ would seem better to me. There may also be applications where an unreliable or partially-reliable transport is what's needed, e.g. for a sensor where we can easily survive the loss of occasional cumulative measurements. #5. 2.2: "the AKE must support different schemes for transporting and identifying credentials, including those identified in Section 2 of [I-D.ietf-cose-x509]." I seem to recall there being some (possibly now expired) IPR in that space. It might be worth s/including/such as/ there to give some wriggle room in case one of those methods were still encumbered. #6. 2.5: "all the COSE algorithms" - that could do with a reference and that IANA registry [7] can change and already has quite a few entries - do we really need all of those? HSS-LMS is there for example and no doubt PQC algs will be added soonish. Perhaps what we want to say is that an AKE meeting these requirements has to be able to support negotiation of (some of?) the recommended algorithms from [7] or else from equivalent TLS registries? [1] https://www.iana.org/assignments/cose/cose.xhtml#algorithms #7. 2.6: "In the case of public key identities, the AKE is required to protect the identity of one of the peers against active attackers and the identity of the other peer against passive attackers." That's unclear (to me). I think you more-or-less mean that "server" or "listening peer" identifiers can be probed by active attackers, but that "client" or "initiator" identifiers ought not be visible, even if the other peer contacted in that case is bogus. Is that it? (If so, e.g. that'd mean that a server cert had to be verified before a client cert was sent for client auth.) Could that be worded better? #8. 2.9: I'm unclear if we are or are not calling for some form of DoS mitigation (e.g. a cookie scheme) when under excessive load here. There are also trade-offs in terms of bytes on the wire vs. external references (e.g. to certs, cert-status) where more of the latter can create a DoS vector. I wasn't clear what 2.9 was meant to say TBH. It's probably ok to leave it there, and not try make it perfect but it might equally be ok to just delete the section. editorial: - abstract: Given the charter of the WG calls for not publishing this as an RFC (at least for now, we could revisit that later), it may be useful to include a statement to that effect in the abstract, so readers don't get confused now or later. Perhaps something like: "This draft [is in|has completed] a working group last call (WGLC) in the LAKE working group. Post-WGLC, the requirements [will be|are] considered sufficiently stable for the working group to proceed with its work. It is not currently planned to publish this draft as an RFC." (The square-bracketed text could be made to match the correct state whenever a revised I-D is published.) - intro: there's a mention of OCF without a reference. When I went and checked [2] I didn't find the string "OSCORE", am I looking in the wrong place? ([2] is 195 pages long though, so I may have just missed it;-) [FairHair] now also seems to be part of OCF, and I also didn't find the string "OSCORE" in [3]. I guess that bit of text needs an update or could be deleted? [2] https://openconnectivity.org/specs/OCF_Security_Specification_v2.1.1.pdf [3] https://openconnectivity.org/wp-content/uploads/2019/11/fairhair-specification-version-10_approved_april-2019.pdf - 2.3: KCI and the other threats in that bullet list could benefit from references (to avoid AKE designers disagreeing on what's meant, which'd be good to avoid later). The references below (well, all but one:-), might work for those. [4] https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf [5] https://arxiv.org/pdf/1902.07550.pdf [6] https://eu.azcentral.com/story/news/local/southwest-valley/2019/03/10/90-seconds-terror-wildlife-world-zoo-started-jaguar-selfie-litchfield-park/3125031002/ [7] https://eprint.iacr.org/2019/347 - 2.6: "For certain data we therefore need to make an exemption in order to obtain an efficient protocol." I don't think you actually need to say that, but if there's a desire to say something, maybe better to turn it around, and e.g. say "An AKE that protects identifiers is preferable to one that does not." (The sentence before already makes the point that trade-offs may be needed.) - 2.10: "per power": in my experience the aspect of radio power consumption one would most like to reduce is listening time and not transmitting time. This text doesn't seem to reflect that. very nitty stuff: - intro, 1st para: be good to have a URL for LAKE somewhere in case a reader doesn't know about the WG. - intro: Why the versioning related to other WG charters? E.g. the "(-02)" for 6ticsh. Not objecting but seems unnecessary. - 2.1: COSE should have a reference on 1st use. - 2.2: "IoT deployments differ..." is a little ambiguous. You could mean that they differ from non-IoT deployments or that different IoT deployments differ. I guess it's the latter. s/differ/differ from one another/ would fix I guess. - 2.2: "Considering the wide variety of deployments the AKE must support different schemes for transporting and identifying credentials, including those identified in Section 2 of [I-D.ietf-cose-x509]." That's not a sentence. s/deployments/deployments,/ would make it one:-) - 2.6: It might be good to use "identifier" rather than "identity" in a number of places here. - 2.7: Just a comment in passing: [I-D.selander-ace-ake-authz] seems to have a bunch in common with ESNI. - 2.10: (In somewhat self-aggrandising mode:-) a reference to RFC8376 might provide some more useful background here. - refs: the URL for the PDF referenced by [LwM2M] is an http-schemed URL. Better to use https. - refs: [FairHair] - the https URL here generates a cert error (wrong name in some URL shortener or something)
- [Lake] WGLC for draft-ietf-lake-reqs-01 Stephen Farrell
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Stephen Farrell
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Michael Richardson
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Michael Richardson
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Göran Selander
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Göran Selander
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Stephen Farrell
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Christopher Wood
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Michael Richardson
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Richard Barnes
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Eric Rescorla
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Christopher Wood
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Göran Selander
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Göran Selander
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Göran Selander
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Göran Selander
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Michael Richardson
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Eric Rescorla
- Re: [Lake] WGLC for draft-ietf-lake-reqs-01 Michael Richardson