Re: [secdir] secdir review of draft-cakulev-mikey-ibake-02

"Cakulev, Violeta (Violeta)" <violeta.cakulev@alcatel-lucent.com> Tue, 23 November 2010 19:15 UTC

Return-Path: <violeta.cakulev@alcatel-lucent.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DC81F3A69B0; Tue, 23 Nov 2010 11:15:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zg+GQPNWa9T0; Tue, 23 Nov 2010 11:14:58 -0800 (PST)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id 4EA963A69AB; Tue, 23 Nov 2010 11:14:57 -0800 (PST)
Received: from usnavsmail2.ndc.alcatel-lucent.com (usnavsmail2.ndc.alcatel-lucent.com [135.3.39.10]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id oANJFsMA011069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 23 Nov 2010 13:15:55 -0600 (CST)
Received: from USNAVSXCHHUB02.ndc.alcatel-lucent.com (usnavsxchhub02.ndc.alcatel-lucent.com [135.3.39.111]) by usnavsmail2.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id oANJFrww013846 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 23 Nov 2010 13:15:54 -0600
Received: from USNAVSXCHMBSA3.ndc.alcatel-lucent.com ([135.3.39.119]) by USNAVSXCHHUB02.ndc.alcatel-lucent.com ([135.3.39.111]) with mapi; Tue, 23 Nov 2010 13:15:53 -0600
From: "Cakulev, Violeta (Violeta)" <violeta.cakulev@alcatel-lucent.com>
To: Glen Zorn <gwz@net-zen.net>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "Sundaram, Ganapathy S (Ganesh)" <ganesh.sundaram@alcatel-lucent.com>, "'Tim Polk'" <william.polk@nist.gov>
Date: Tue, 23 Nov 2010 13:15:52 -0600
Thread-Topic: secdir review of draft-cakulev-mikey-ibake-02
Thread-Index: ActaOFVRLTmiVrU2Qw28WkPSr1be4AwKeloQ
Message-ID: <AAE76B481E7A0E4C96610790A852B9A62508045DBF@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
References: <002801cb5a38$5db4f5c0$191ee140$@net>
In-Reply-To: <002801cb5a38$5db4f5c0$191ee140$@net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_AAE76B481E7A0E4C96610790A852B9A62508045DBFUSNAVSXCHMBSA_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.10
X-Mailman-Approved-At: Tue, 23 Nov 2010 11:21:18 -0800
Subject: Re: [secdir] secdir review of draft-cakulev-mikey-ibake-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2010 19:15:10 -0000

Glen,
Thanks for the comments.
Please see inline ([VC]).

-Violeta

________________________________
From: Glen Zorn [mailto:gwz@net-zen.net]
Sent: Wednesday, September 22, 2010 5:27 AM
To: iesg@ietf.org; secdir@ietf.org; Cakulev, Violeta (Violeta); Sundaram, Ganapathy S (Ganesh); 'Tim Polk'
Subject: secdir review of draft-cakulev-mikey-ibake-02


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the Security Area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.



Editorial Comments


General

*         Articles are missing in a large number of places (too many to specify and correct one-by-one here).  For example, "The REQUEST_KEY_INIT message includes Initiator's public identity" which should, presupposing that "Initiator" is not a proper noun, read  "The REQUEST_KEY_INIT message includes the Initiator's public identity".  Other examples are given below; please correct.

Abstract

*         s/relies on trusted key management service/relies on a trusted key management service/
[VC]  Changed as suggested.

Section 1
Paragraph 1

*         s/Multimedia Internet Keying (MIKEY) [RFC3830] specification/The Multimedia Internet Keying (MIKEY) [RFC3830] specification/

*         The last sentence doesn't make a lot of sense to me; suggest changing "Following MIKEY specification, multiple  extensions of MIKEY have been specified such as [RFC4650] and  [RFC4738]." to "Multiple extensions of MIKEY have been defined, such as HMAC-Authenticated Diffie-Hellman [RFC4650] and MIKEY-RSA-R [RFC4738]."
[VC] Changed as suggested.
Paragraph 2

*         s/key management services will have to be online/such key management services would have to be online/

*         The statement that "In some applications, this architecture creates a huge burden on operators to install, and manage these boxes." seems to be unnecessarily evangelistic; suggest deleting it.

*         I don't know what "operational discomfort on the part of end-users" means.
[VC] Changed as suggested. "operational discomfort on the part of end-users" is deleted.
Paragraph 3

*         Suggest changing the first sentence to read "This document describes a solution in which the KMS are provided by low availability..."

*         s/identity based/identity-based/

*         s/in the date field, is/in the date field is/

*         Suggest changing "for a whole month (more generally subscription cycle) at the beginning of a subscription cycle." to "for a whole subscription cycle at the beginning of the cycle."
[VC] Changed as suggested.


Section 2

*         It's not clear why "Definitions and Notation" and "Abbreviations" are sub-sections of "Requirements notation".   Suggest that Section 2 be re-titled as "Terminology", with "Requirements Language", "Definitions and Notation" and "Abbreviations" as sub-sections.

*         s/IBE framework is defined in/The IBE framework is defined in/

*         I'm continually amazed by the apparent inability of people who presumably work with objects and pointers thereto to distinguish between a reference and the document to which it refers.  [RFC5091] is a pointer; it does not define anything, let alone the IBE framework.

*         s/Identity Based/Identity-based/g

*         Add definitions of TGK and TEK to the list of abbreviations.
[VC] Changed as suggested.

Section 3.2

*         It's not clear that "call" and "session" are the same thing.  Suggest changing "redirect the call to a different destination" to "redirect the session to a different destination" for the sake of clarity and consistency.

*         The acronym "IMS" is used w/o being previously defined; suggest adding an entry for IMS to the "Abbreviations" section.
[VC] Changed as suggested. References to IMS are deleted.

Section 4.1

*         In the second paragraph, "Key Management Services" is plural but seems to generally referred to in the singular.  As an example, how should one read "KMSs"? "Key Management Serviceses"?  Suggest s/Key Management Services/Key Management Service/G

*         Correct grammar: Change "The Initiator and the Responder do not share any credentials, however the Initiator knows Responder's public identity.  Below, description of how private keys are obtained using MIKEY messages is provided.  Alternative way" to "The Initiator and Responder do not share any credentials; however, the Initiator knows the Responder's public identity.  Below, a description of how private keys are obtained using MIKEY messages is provided.  An alternative way"
[VC] Changed as suggested.

Section 4.2.1

*         In the first paragraph, s/the user have pre-shared credentials/the user has pre-shared credentials
[VC] Changed as suggested.

Section 4.2.1.1.1

*         s/[RFC3830] Section 4.1.4/Section 4.1.4 of RFC 3830/
[VC] Changed as suggested.

Section 4.2.1.1.2

*         The first sentence makes no sense.

*         In the second paragraph, s/PKE payload/The PKE payload/
[VC] The first sentence is modified.

Section 4.2.1.2

*         The second sentence of the first paragraph says "In case of a REQUEST_KEY_INIT_PKE message, the KMS MUST ensure that the IDcert is equal to the identity specified in the certificate."  My guess is that IDcert should actually be IDRi here, since IDcert occurs nowhere else in the draft.
[VC] Changes are reflected in the latest version of the I-D.

Section 4.2.2

*         s/key mode ,/key mode,/
[VC] Changed as suggested.


Technical Comments

General

*         The fourth paragraph of Section 4.1 (and elsewhere) says 'If the Initiator is authorized to make the request' but the criteria for this authorization decision don't seem to be specified anywhere in the document.  Since this decision is vital to the successful operation of the protocol, I think it would be nice if the authors gave readers a clue as to how to go about making it.
[VC] Figure 4 is added to clarify trust relation assumed in the I-D. Trust relation between a user and the KMS is pre-established and is out of scope of this document. Modifications are made throughout the text to address this comment elsewhere in the I-D.

Section 4.1

*         The first sentence of paragraph 4 contains rather confusing notation.  It says "The Initiator next chooses a random x and computes xP (i.e. adds P to itself x times), where P is a point on elliptic curve E known to all users."  The notation "xP" is a conventional one for expressing the multiplication of P by x, which is not the same as the addition of P to itself x times.  If the latter interpretation is actually, I think that a better notation should be chosen.
[VC] Currently, , there is no notation that is common across I-Ds and RFCs for elliptic curve point multiplication. Therefore, the intent was to define it in that one sentence. Nevertheless, to clarify the notation and text, point multiplication is denoted as [x]P in the latest version of the I-D, and this notation is added in Section 2.

Section 4.2.1.1

*         The last sentence says "The KEMAC payload SHOULD be used only when the user needs to use specific keys.  Otherwise, this payload SHALL not be used."  This appears to be self-contradictory, since "SHOULD" allows the usage under certain circumstances while "SHALL NOT" (note typo) absolutely forbids it.
[VC] Good point. Fixed in the latest version

Section 4.2.1.2

*         The last paragraph says "If the KMS cannot correctly parse the received message, or the user is not authorized to receive the requested Private Keys, the KMS SHOULD send an appropriate Error message."  I'm assuming that the term "Error message" here is referring to the Error payload defined in section 6.12 of RFC 3830, but I don't see any Error no values therein that seem appropriate for either of the listed conditions.
[VC] Error message here actually refers to error message defined in Section 5.1.2 of RFC 3830. Nevertheless, the text is modified to address the first technical comment.