[Lake] Re: Adoption call for draft-tiloca-lake-app-profiles - respond by 4 December 2024
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 21 November 2024 05:04 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D285C14F696 for <lake@ietfa.amsl.com>; Wed, 20 Nov 2024 21:04:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGkZPFE9efzy for <lake@ietfa.amsl.com>; Wed, 20 Nov 2024 21:04:08 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66378C1D620C for <lake@ietf.org>; Wed, 20 Nov 2024 21:04:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 9846218035; Wed, 20 Nov 2024 13:21:23 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id IMz1r8QV98oy; Wed, 20 Nov 2024 13:20:45 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1732126845; bh=fsMqp62/cCAyL5bEP6L/nchHG1BSZuAk0HSqbWtRbg0=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=W5Q628tAZYv6qEoTXevGenYheGSzyrTP0L+Gl/oRsneFFxHvgHgYLP12Rc+jLnzrG 6yn+7RfhQgVss5YXcuC9fC9L74kKwPbpffHDRqecN97oNOmcQPLzbg1GmRUAQXf9QG PnlHymwfMTY3tAIK7nzAq54uO//xJM0+tgmQqEXpD+ENzoBceAiv4R4FSvT2qqGuAN gZsp7HEL+eWi6QbknSkDJAxAY3exCVyuetUO1hFRJ0gxldZquoo5vNllSmw7TrZBYK 8M2qiG3prPtPQebBMz7ivyQWV1I3DtcLkvMcQ5isfaE1mp/pjh3NwneK5LU5wNPzd0 DwW6xsUnrDHFQ==
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 34CA91803D; Wed, 20 Nov 2024 13:20:45 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B4D1A7C; Wed, 20 Nov 2024 13:20:36 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
In-Reply-To: <3F21ECCA-5946-4FCC-B87A-9A8A614D2739@inria.fr>
References: <3F21ECCA-5946-4FCC-B87A-9A8A614D2739@inria.fr>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 20 Nov 2024 13:20:36 -0500
Message-ID: <30183.1732126836@obiwan.sandelman.ca>
Message-ID-Hash: NNHMHZO2CX4Y3YARFSJMY2GRPKHWZXUG
X-Message-ID-Hash: NNHMHZO2CX4Y3YARFSJMY2GRPKHWZXUG
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: lake@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] Re: Adoption call for draft-tiloca-lake-app-profiles - respond by 4 December 2024
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/nFfrTex5fcgw58eqgSjZDMNnG1M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
I have read lake-app-profiles: it seems like important work.
I found the presentation in the document a bit out of order, with the how to
specify parts (sections 2,3,4) preceeding the question of what is being
specified. BTW: is it just:
1 => int / array, ; methods
9 => int / array, ; cred_types
18 => int, ; app_prof
I suggest that maybe the Introduction should motivate the work a bit more.
(That's not objection to adoption).
When coming into this document I got the impression that it was "merely" a
convenience (for humans/developers) that the profiles had clear handles, but
I see in section 2.2.1, 3 and 4, that in fact the application profile is
communicated during the AS-to-C part of ACE.
To me, this elevates this work to a higher plane of configuration management.
Do we need the letters "WK" in the profile names, if they are well-known?
What makes them basic vs intermediate? vs advanced? Why not strong?
Security Considerations will need to very clear about when
communications/tampering of the application profile could result in an
attack.
--
Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
- [Lake] Re: Adoption call for draft-tiloca-lake-ap… Christian Amsüss
- [Lake] Adoption call for draft-tiloca-lake-app-pr… Mališa Vučinić
- [Lake] Re: Adoption call for draft-tiloca-lake-ap… Michael Richardson
- [Lake] Re: [EXT] Adoption call for draft-tiloca-l… Sipos, Brian J.
- [Lake] Re: Adoption call for draft-tiloca-lake-ap… Göran Selander
- [Lake] Re: Adoption call for draft-tiloca-lake-ap… Geovane Fedrecheski
- [Lake] Re: Adoption call for draft-tiloca-lake-ap… Mališa Vučinić