Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt
Orie Steele <orie@transmute.industries> Mon, 08 April 2024 14:01 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A722C14F6A1 for <sat@ietfa.amsl.com>; Mon, 8 Apr 2024 07:01:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.576
X-Spam-Level:
X-Spam-Status: No, score=-1.576 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, URIBL_BLACK=0.5, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9YQPEC2i421z for <sat@ietfa.amsl.com>; Mon, 8 Apr 2024 07:01:53 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9584CC14CF01 for <sat@ietf.org>; Mon, 8 Apr 2024 07:01:53 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id 98e67ed59e1d1-29ddfada0d0so3174086a91.3 for <sat@ietf.org>; Mon, 08 Apr 2024 07:01:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1712584913; x=1713189713; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=n4iVCnVumO8swIOXt+Tnzj/AuKjLpGqnXz+61KDXhf4=; b=KIJwYv5rW4r10o5TSfEDNSk0X94LqcNiE1ZA7Hw77Xo6DZ6iw5Lxo0q7UdrSTigp69 nhqyB21jXukLauCU/tcJaoG4euFGXtVLyOc73HnOgpkvoh7GSJ44DxGooTk+qFHlAEz1 Kp/qqdAydJgg5FYNagswXx0GXG7MnGxn6YFORRsuMlhhF3xNaH55PBcN1OnYK4mUOCQc 8kTL2ml85s2wKjiYgWcO01DgXIuwJVyw+kuBnlQyq4flVJ+XVfs/nXy+e7qxwcHTCrAW xu1rxzCOVDpVOuf1WDPuKyFzlQ/zntTqNrtfnJdXWqVsqZh8plHXqAgaUb5BF4CtjRsQ NFew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712584913; x=1713189713; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n4iVCnVumO8swIOXt+Tnzj/AuKjLpGqnXz+61KDXhf4=; b=KpbauvjnjpYyBLLZg+kBNiQb52CIrvCUB7OxIIvINpJypEvcJ4ZmLkh2/BfuwZ0X+1 xQSNo6eSUY+1uQHIPxM+kmYNKEr4xSVcpGV1qp+XpHAyGsJkKMqon7L4ELOWVEtnljsO riWMnEHlR4Q8zNjdXZCzOiyl1AkjGTS+OPrGMq5vaosoYrBmSBHnDLr3Jx6zFO8iw2ql Dp5caSo5rCYKvvIx3DNHAUEA+BvAXWDPgIpc4ss4CzazL8LhHS5mEHsWbya3657mzf6j S7wIo92MIXr/e3byJfUIBXvkEqJruMh93pM3B0AMGZS0NqLuDgTEltv2dWYayWr/s5G8 SBww==
X-Forwarded-Encrypted: i=1; AJvYcCW9N1EopuNtHp3G17ef6+GZuNLE9m1XrhLh8EwTfk7+8a7T1hvF6lqRr8LtPi7ynWxXB/k0qA4fdBV3/EA=
X-Gm-Message-State: AOJu0Yws7UOzuFRWqdxu9w7j/5Tu/THlbko4bEviaPVVG43JnDFhVgH8 bucjWDqA5AWFCYZPIn9wdIFRg1minWJdkZXSOJxkeY4NES/DSyka6eGiBmXvc6b1k34dPhW91GQ yZnBMQRR0C8OXot3upvESYr9tlvLVM9oV+7f5UhS8kDV+NXB/UiZmpw==
X-Google-Smtp-Source: AGHT+IF+H1leYTDxXqn3Y0Cni6TG6dssWQ4o6jUYGaM9SARoBOyQFePoAHtXS7d9+OwtrWOikQ8MeZrq25y0ouFUung=
X-Received: by 2002:a17:90b:118e:b0:29b:b6eb:3c0d with SMTP id gk14-20020a17090b118e00b0029bb6eb3c0dmr7157482pjb.36.1712584912887; Mon, 08 Apr 2024 07:01:52 -0700 (PDT)
MIME-Version: 1.0
References: <171232704897.42279.16762954778818130945@ietfa.amsl.com> <CAOYrHJMc+uz4YEVvPoe7mgicQwLhWc_L50iUa_vJ=A8TUWLdBw@mail.gmail.com> <b1d77dc5d6d430413770bf0526b178b1@tecnico.ulisboa.pt> <DB9D66FB-34C3-4621-B63E-C728CE09A8D7@compell.io>
In-Reply-To: <DB9D66FB-34C3-4621-B63E-C728CE09A8D7@compell.io>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 08 Apr 2024 09:01:41 -0500
Message-ID: <CAN8C-_L=ZDmeoKs63Kmi-VUgk2dQwWuODQ5eCd5JKfPT35uOeQ@mail.gmail.com>
To: Denis Avrilionis <denis=40compell.io@dmarc.ietf.org>
Cc: Rafael Belchior <rafael.belchior=40tecnico.ulisboa.pt@dmarc.ietf.org>, Martin Gfeller <mgf=40acm.org@dmarc.ietf.org>, sat@ietf.org
Content-Type: multipart/alternative; boundary="000000000000617c8e0615963f57"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/X6M8x3ulBFJ3CTPuJV4k_3UUvBk>
Subject: Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 14:01:58 -0000
(as an individual) If you do end up relaxing this constraint (UUIDv2), please keep in mind that "any UTF-8 string", might cause additional review challenges related to i18n. You might consider: https://datatracker.ietf.org/doc/html/rfc8264#section-4.2 While I'm pointing out i18n issues: Section 4.7.7 """ This payload is the actual credential of the gateway (token, certificate, *string*, etc.). """ Section 14.1.4: """ Specifies a resource held on the underlying network. This field must be meaningful to the network in question but is otherwise an * arbitrary string*. The underlying object it points to may be a network address, data block, transaction ID, alias, etc. or a future object type not yet defined. """ You might find the treatment of this topic in https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-sfbis-05#section-3.3.8 helpful. Regards, OS On Mon, Apr 8, 2024 at 8:45 AM Denis Avrilionis <denis= 40compell.io@dmarc.ietf.org> wrote: > Dear Rafael, Martin, > > See comments inline. > > > On 8 Apr 2024, at 16:37, Rafael Belchior <rafael.belchior= > 40tecnico.ulisboa.pt@dmarc.ietf.org> wrote: > > Dear Martin, > > Thank you a lot for your useful and constructive feedback. I will try my > best to address it. Note that, if you wish, you can directly contribute to > the draft via a PR in the following repo: > https://github.com/ietf-satp/draft-ietf-satp-core > > I'll address the comments inline. To the ones I do not respond to, I agree: > > A 2024-04-07 23:50, Martin Gfeller escreveu: > > Dear Martin, Thomas, and Rafael > > The following notes refer to the Draft of SATP Core ( > https://datatracker.ietf.org/doc/html/draft-ietf-satp-core-04). > > Again, my comments may show my limited understanding or my stumbling over > certain wordings. > > Kind regards, Martin > > General > > Is there any reference to the architecture document, which is > important to the > understanding of this document? > > > > You are right - we should refer to it as the theoretical foundation of the > SATP core draft. I've added an issue: > https://github.com/ietf-satp/draft-ietf-satp-core/issues/12 > > > > > > 3. Terminology > > Client application: This is the application employed by a user to > interact with a gateway. > > > Do we need to say what we want to achieve with the application? > Simply interacting > could mean anything. > As the introduction mentions only gateways, this is the first time > "application" is used. > > > > We should make it clearer that the client application implements the > end-user business logic (that requires interoperability) and interacts with > a gateway via API1. > > > > > Claim: An assertion made by an Entity [JWT]. > > By referencing [JWT], do we prescribe that Claims are encoded as > JWTs? > Either state more explicitly "encoded as JWT", or relax it, as > "for example encoded > as JWT". > > > I do not have a strong opinion on this. By enforcing JWTs we are > facilitating gateway implementations, as they now do not need to check for > JWT (or other) support on Stage 0, but it is instead the canonical format > for doing claims. > > > > > Claim Type: > > Stipulates that JWT above is just one option. Perhaps always have > "X type" before "X"; > i.e., "claim type" before "claim" > > Network: > Might be worthwhile to define network. > > > > Perhaps we could use ISO WG 307's definition? > > > > > > 4.2 SAT Model > > When do we speak about SAT and when about SATP? > > I think the model is for the protocol, so SATP Model, not SAT > Model. > > local gateway > > "local" is understandable, but not actually defined. As the > application is defined > to interact with a gateway, a gateway is always "local" from the > perspective of > the application. > > 4.7.2 Message Type > > Inconsistent style - drop the "This is the " > > 4.7.3 Digital Asset Identifier > > unique identifier (UUIDv2) that uniquely identifies > > unique, more unique, most unique? :-) > > > :-) > > > I believe UUIDv2 is too restrictive. I would suggest we mention a more > technology-neutral formulation, e.g. that digital asset identifiers should > be globally unique and let the implementors decide how the digital asset > identifiers could be defined > > > > > application of the beneficiary > > This is the first time the application in NW2 is mentioned in an > active role - in > the document above this point, I understood that while the NW2 and > GW2 are involved, > the application of the beneficiary is not actively involved. > > 4.7.4 Session ID: (delete the ":") > > Was the Context-Id introduced? Yes, but below. Somewhat circular. > Same problem > noted in Architecture document. > > > Same comment as above. UUIDv2 should be one possible mechanism for global > unique identification > > > 4.7.5 Transfer-Context ID > > Is the "Sequence Number" part of the Transfer-Context ID, or a > possible implementation, > or something additional? > > > I believe the sequence number is part of the Transfer-Context ID. Also > same comment as above - UUIDv2 should be one possible mechanism for global > unique identification > > > > > 4.7.8. Payload Hash > > Is the algo to be used intentionally left open? > > > > I believe that was the rationale. We could support the ones that NIST > recommends, in a practical implementation. > > > > > 4.8 Negotiation of Security Protocols and Parameters > > transfer initiation stage (Stage-0) > > Isn't that Stage-1, according to 4.4? > > 7-9: Stages > > Do we need to repeat the use of HTTP GET and POST - until the > parenthetical remark > about the TLS nonce for each Stage? > > 10.2 > > The purpose The purpose > > Repeated. > > 17.2 Informative References > > Wouldn't including references to the SATP Architecture and Use Cases > documents be good? > > > Cheers, > > Rafael > > > > > > On Fri, Apr 5, 2024 at 10:24 AM <internet-drafts@ietf.org> wrote: > > Internet-Draft draft-ietf-satp-core-04.txt is now available. It is a work > item > of the Secure Asset Transfer Protocol (SATP) WG of the IETF. > > Title: Secure Asset Transfer Protocol (SATP) Core > Authors: Martin Hargreaves > Thomas Hardjono > Rafael Belchior > Name: draft-ietf-satp-core-04.txt > Pages: 39 > Dates: 2024-04-05 > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-satp-core/ > > > > > > -- > -- Rafael Belchior > > Ph.D. student in Computer Science and Engineering, *Blockchain* - Técnico > Lisboa > https://rafaelapb.github.io/ > https://www.linkedin.com/in/rafaelpbelchior/ > -- > sat mailing list > sat@ietf.org > https://www.ietf.org/mailman/listinfo/sat > > > -- > sat mailing list > sat@ietf.org > https://www.ietf.org/mailman/listinfo/sat > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [Sat] I-D Action: draft-ietf-satp-core-04.txt internet-drafts
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Martin Gfeller
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Rafael Belchior
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Denis Avrilionis
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Orie Steele
- Re: [Sat] I-D Action: draft-ietf-satp-core-04.txt Thomas Hardjono