IETF Logo Mail Archive

Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt

Orie Steele <orie@transmute.industries> Mon, 08 April 2024 14:01 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A722C14F6A1 for <sat@ietfa.amsl.com>; Mon, 8 Apr 2024 07:01:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.576
X-Spam-Level:
X-Spam-Status: No, score=-1.576 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, URIBL_BLACK=0.5, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9YQPEC2i421z for <sat@ietfa.amsl.com>; Mon, 8 Apr 2024 07:01:53 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9584CC14CF01 for <sat@ietf.org>; Mon, 8 Apr 2024 07:01:53 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id 98e67ed59e1d1-29ddfada0d0so3174086a91.3 for <sat@ietf.org>; Mon, 08 Apr 2024 07:01:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1712584913; x=1713189713; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=n4iVCnVumO8swIOXt+Tnzj/AuKjLpGqnXz+61KDXhf4=; b=KIJwYv5rW4r10o5TSfEDNSk0X94LqcNiE1ZA7Hw77Xo6DZ6iw5Lxo0q7UdrSTigp69 nhqyB21jXukLauCU/tcJaoG4euFGXtVLyOc73HnOgpkvoh7GSJ44DxGooTk+qFHlAEz1 Kp/qqdAydJgg5FYNagswXx0GXG7MnGxn6YFORRsuMlhhF3xNaH55PBcN1OnYK4mUOCQc 8kTL2ml85s2wKjiYgWcO01DgXIuwJVyw+kuBnlQyq4flVJ+XVfs/nXy+e7qxwcHTCrAW xu1rxzCOVDpVOuf1WDPuKyFzlQ/zntTqNrtfnJdXWqVsqZh8plHXqAgaUb5BF4CtjRsQ NFew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712584913; x=1713189713; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n4iVCnVumO8swIOXt+Tnzj/AuKjLpGqnXz+61KDXhf4=; b=KpbauvjnjpYyBLLZg+kBNiQb52CIrvCUB7OxIIvINpJypEvcJ4ZmLkh2/BfuwZ0X+1 xQSNo6eSUY+1uQHIPxM+kmYNKEr4xSVcpGV1qp+XpHAyGsJkKMqon7L4ELOWVEtnljsO riWMnEHlR4Q8zNjdXZCzOiyl1AkjGTS+OPrGMq5vaosoYrBmSBHnDLr3Jx6zFO8iw2ql Dp5caSo5rCYKvvIx3DNHAUEA+BvAXWDPgIpc4ss4CzazL8LhHS5mEHsWbya3657mzf6j S7wIo92MIXr/e3byJfUIBXvkEqJruMh93pM3B0AMGZS0NqLuDgTEltv2dWYayWr/s5G8 SBww==
X-Forwarded-Encrypted: i=1; AJvYcCW9N1EopuNtHp3G17ef6+GZuNLE9m1XrhLh8EwTfk7+8a7T1hvF6lqRr8LtPi7ynWxXB/k0qA4fdBV3/EA=
X-Gm-Message-State: AOJu0Yws7UOzuFRWqdxu9w7j/5Tu/THlbko4bEviaPVVG43JnDFhVgH8 bucjWDqA5AWFCYZPIn9wdIFRg1minWJdkZXSOJxkeY4NES/DSyka6eGiBmXvc6b1k34dPhW91GQ yZnBMQRR0C8OXot3upvESYr9tlvLVM9oV+7f5UhS8kDV+NXB/UiZmpw==
X-Google-Smtp-Source: AGHT+IF+H1leYTDxXqn3Y0Cni6TG6dssWQ4o6jUYGaM9SARoBOyQFePoAHtXS7d9+OwtrWOikQ8MeZrq25y0ouFUung=
X-Received: by 2002:a17:90b:118e:b0:29b:b6eb:3c0d with SMTP id gk14-20020a17090b118e00b0029bb6eb3c0dmr7157482pjb.36.1712584912887; Mon, 08 Apr 2024 07:01:52 -0700 (PDT)
MIME-Version: 1.0
References: <171232704897.42279.16762954778818130945@ietfa.amsl.com> <CAOYrHJMc+uz4YEVvPoe7mgicQwLhWc_L50iUa_vJ=A8TUWLdBw@mail.gmail.com> <b1d77dc5d6d430413770bf0526b178b1@tecnico.ulisboa.pt> <DB9D66FB-34C3-4621-B63E-C728CE09A8D7@compell.io>
In-Reply-To: <DB9D66FB-34C3-4621-B63E-C728CE09A8D7@compell.io>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 08 Apr 2024 09:01:41 -0500
Message-ID: <CAN8C-_L=ZDmeoKs63Kmi-VUgk2dQwWuODQ5eCd5JKfPT35uOeQ@mail.gmail.com>
To: Denis Avrilionis <denis=40compell.io@dmarc.ietf.org>
Cc: Rafael Belchior <rafael.belchior=40tecnico.ulisboa.pt@dmarc.ietf.org>, Martin Gfeller <mgf=40acm.org@dmarc.ietf.org>, sat@ietf.org
Content-Type: multipart/alternative; boundary="000000000000617c8e0615963f57"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/X6M8x3ulBFJ3CTPuJV4k_3UUvBk>
Subject: Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 14:01:58 -0000

(as an individual)

If you do end up relaxing this constraint (UUIDv2), please keep in mind
that "any UTF-8 string", might cause additional review challenges related
to i18n.

You might consider:
https://datatracker.ietf.org/doc/html/rfc8264#section-4.2

While I'm pointing out i18n issues:

Section 4.7.7

"""
   This payload is the actual credential of the gateway (token,
   certificate, *string*, etc.).
"""

Section 14.1.4:

"""
   Specifies a resource held on the underlying network.  This field must
   be meaningful to the network in question but is otherwise an
  * arbitrary string*.  The underlying object it points to may be a
   network address, data block, transaction ID, alias, etc. or a future
   object type not yet defined.
"""

You might find the treatment of this topic in
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-sfbis-05#section-3.3.8
 helpful.

Regards,

OS


On Mon, Apr 8, 2024 at 8:45 AM Denis Avrilionis <denis=
40compell.io@dmarc.ietf.org> wrote:

> Dear Rafael, Martin,
>
> See comments inline.
>
>
> On 8 Apr 2024, at 16:37, Rafael Belchior <rafael.belchior=
> 40tecnico.ulisboa.pt@dmarc.ietf.org> wrote:
>
> Dear Martin,
>
> Thank you a lot for your useful and constructive feedback. I will try my
> best to address it. Note that, if you wish, you can directly contribute to
> the draft via a PR in the following repo:
> https://github.com/ietf-satp/draft-ietf-satp-core
>
> I'll address the comments inline. To the ones I do not respond to, I agree:
>
> A 2024-04-07 23:50, Martin Gfeller escreveu:
>
> Dear Martin, Thomas, and Rafael
>
> The following notes refer to the Draft of SATP Core (
> https://datatracker.ietf.org/doc/html/draft-ietf-satp-core-04).
>
> Again, my comments may show my limited understanding or my stumbling over
> certain wordings.
>
> Kind regards, Martin
>
> General
>
>     Is there any reference to the architecture document, which is
> important to the
>     understanding of this document?
>
>
>
> You are right - we should refer to it as the theoretical foundation of the
> SATP core draft. I've added an issue:
> https://github.com/ietf-satp/draft-ietf-satp-core/issues/12
>
>
>
>
>
> 3. Terminology
>
>     Client application: This is the application employed by a user to
> interact with a gateway.
>
>
>         Do we need to say what we want to achieve with the application?
> Simply interacting
>        could mean anything.
>         As the introduction mentions only gateways, this is the first time
> "application" is used.
>
>
>
> We should make it clearer that the client application implements the
> end-user business logic (that requires interoperability) and interacts with
> a gateway via API1.
>
>
>
>
>     Claim: An assertion made by an Entity [JWT].
>
>         By referencing [JWT], do we prescribe that Claims are encoded as
> JWTs?
>         Either state more explicitly "encoded as JWT", or relax it, as
> "for example encoded
>         as JWT".
>
>
> I do not have a strong opinion on this. By enforcing JWTs we are
> facilitating gateway implementations, as they now do not need to check for
> JWT (or other) support on Stage 0, but it is instead the canonical format
> for doing claims.
>
>
>
>
>     Claim Type:
>
>         Stipulates that JWT above is just one option. Perhaps always have
> "X type" before "X";
>          i.e., "claim type" before "claim"
>
>     Network:
>         Might be worthwhile to define network.
>
>
>
> Perhaps we could use ISO WG 307's definition?
>
>
>
>
>
> 4.2 SAT Model
>
>     When do we speak about SAT and when about SATP?
>
>         I think the model is for the protocol, so SATP Model, not SAT
> Model.
>
>     local gateway
>
>         "local" is understandable, but not actually defined. As the
> application is defined
>          to interact with a gateway, a gateway is always "local" from the
> perspective of
>         the application.
>
> 4.7.2 Message Type
>
>     Inconsistent style - drop the  "This is the "
>
> 4.7.3 Digital Asset Identifier
>
>     unique identifier (UUIDv2) that uniquely identifies
>
>         unique, more unique, most unique? :-)
>
>
> :-)
>
>
> I believe UUIDv2 is too restrictive. I would suggest we mention a more
> technology-neutral formulation, e.g. that digital asset identifiers should
> be globally unique and let the implementors decide how the digital asset
> identifiers could be defined
>
>
>
>
>     application of the beneficiary
>
>         This is the first time the application in NW2 is mentioned in an
> active role - in
>         the document above this point, I understood that while the NW2 and
> GW2 are involved,
>         the application of the beneficiary is not actively involved.
>
> 4.7.4 Session ID: (delete the ":")
>
>         Was the Context-Id introduced? Yes, but below. Somewhat circular.
> Same problem
>         noted in Architecture document.
>
>
> Same comment as above.  UUIDv2 should be one possible mechanism for global
> unique identification
>
>
> 4.7.5 Transfer-Context ID
>
>         Is the "Sequence Number" part of the Transfer-Context ID, or a
> possible implementation,
>         or something additional?
>
>
> I believe the sequence number is part of the Transfer-Context ID. Also
> same comment as above -  UUIDv2 should be one possible mechanism for global
> unique identification
>
>
>
>
> 4.7.8.  Payload Hash
>
>         Is the algo to be used intentionally left open?
>
>
>
> I believe that was the rationale. We could support the ones that NIST
> recommends, in a practical implementation.
>
>
>
>
> 4.8  Negotiation of Security Protocols and Parameters
>
>     transfer initiation stage (Stage-0)
>
>         Isn't that Stage-1, according to 4.4?
>
> 7-9: Stages
>
>     Do we need to repeat the use of HTTP GET and POST - until the
> parenthetical remark
>     about the TLS nonce for each Stage?
>
> 10.2
>
>         The purpose The purpose
>
>     Repeated.
>
> 17.2 Informative References
>
>     Wouldn't including references to the SATP Architecture and Use Cases
> documents be good?
>
>
> Cheers,
>
> Rafael
>
>
>
>
>
> On Fri, Apr 5, 2024 at 10:24 AM <internet-drafts@ietf.org> wrote:
>
> Internet-Draft draft-ietf-satp-core-04.txt is now available. It is a work
> item
> of the Secure Asset Transfer Protocol (SATP) WG of the IETF.
>
>    Title:   Secure Asset Transfer Protocol (SATP) Core
>    Authors: Martin Hargreaves
>             Thomas Hardjono
>             Rafael Belchior
>    Name:    draft-ietf-satp-core-04.txt
>    Pages:   39
>    Dates:   2024-04-05
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-satp-core/
>
>
>
>
>
> --
> -- Rafael Belchior
>
> Ph.D. student in Computer Science and Engineering, *Blockchain* - Técnico
> Lisboa
> https://rafaelapb.github.io/
> https://www.linkedin.com/in/rafaelpbelchior/
> --
> sat mailing list
> sat@ietf.org
> https://www.ietf.org/mailman/listinfo/sat
>
>
> --
> sat mailing list
> sat@ietf.org
> https://www.ietf.org/mailman/listinfo/sat
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

v2.23.0 | Report a Bug | By Email