[secdir] Re: draft-ietf-rats-msg-wrap-18 ietf last call Secdir review
Thomas Fossati <thomas.fossati@linaro.org> Mon, 06 October 2025 20:59 UTC
Return-Path: <thomas.fossati@linaro.org>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BE2326E35FEE for <secdir@mail2.ietf.org>; Mon, 6 Oct 2025 13:59:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9dNMy-rHSJG for <secdir@mail2.ietf.org>; Mon, 6 Oct 2025 13:59:27 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 93BE36E35FE0 for <secdir@ietf.org>; Mon, 6 Oct 2025 13:59:27 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-36453927ffaso53099701fa.2 for <secdir@ietf.org>; Mon, 06 Oct 2025 13:59:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1759784366; x=1760389166; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=S2StQyzCsBLi6+X+eBBJOD2wsD2Cb22sZdoyqhLO5v8=; b=w+/oVD0u1vGDf1gkiRAkah+UD9V4kFjpdcWhbWVgYbzqVP1fAV0lQRcAkrMzt/zYut wZgmcZ6weC1fCJqVdqzv61obWkv1t/lLqSS+aOyiHvc1kBLKApSoQatrT2vb4/Bb+UZV ZEPpaX3TjaH9ADhfv/NpnTyGhV1QzzRiVfXmAk9RG7dBb5a1aQRR9C2D7cmnb7A9yMdO 93VHMrBA6fwZ0JBJRZl7bi8h5HR0D2Fcj/etEJcZ6Ns+dlXddpBp/wVJjf/5szZdBYI4 RjCpuEIloYKepE+eui7SLZumnMncl0kohgp2emhxkn4/ZSLb623Pv7OkcIPX/z+7WJHp mI3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759784366; x=1760389166; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S2StQyzCsBLi6+X+eBBJOD2wsD2Cb22sZdoyqhLO5v8=; b=NslxX0LHguNqGYARzxQxBfwSLg5hp9m0XWNpAad9sV7BwIOgLO80k04O0aZVhMnRAU fcVbO8GkqfhZrXjG9X4UDL932BvMLRdR5DM5K5BifEbhYpsz1kvJKQXXW7K4lZYGG7jr 6gc+zLPpnm9xx8ToHHeeXfSqgzE6qtz+q4lsauuhkDj4l1QpCvC0RiZ6fCowJZxLIiCZ fLj2wbojX43k3lCFwiVJDaOXtHZLm5w2i8Yf7Wb9NIKSCz6I2n7kt0zpWJAvr55F+CmH NUH2NZfLtywUuKv6P/I3KrzMybzXNRLMmdcs1pesSitnhivYAhAZzEGr1kkcb6R0r1EN v+Mg==
X-Gm-Message-State: AOJu0YwUMHoEmZvP/+ETPEKkoRYCRNLk7+NqtdNRPseJTRmp8BzAu4kY FJl4Kv5Mxkk6yzOzhHIicALjHIh8u963uwKbesO0VqVOCZAdEH3nAMRpDe2kFs+FRLPk3PbBVuG n6IkCpsMlueXjPL/Nn9jIZqMj4i54TSmH5oAWeDekLjB0CQm0x9vfzY+NTQ==
X-Gm-Gg: ASbGncuovu7GhUrkRI7rhWcxNj2W5ZpPYEsjxEm6bb6CIXvilRr1tunaBAfLLi92vk6 Kr1O2uZfq9luok4PFfxWcFF8q1KYnwiIfDglo9FbXnIwcwcDiqzT0ecTHu3HmJyQ7AVmDt2OJVH EgRiR/Liouud0cdIdOGUkjm3gpd4dS36PZI/0YBfhNAr+y1GBbSHlFMTv5ON88hnGeJFpr209C1 tSgwOXY0vEBY+CfEulzrOGnskIDGHNDZyCHwB1VtpuaNLH0/3igmBAmXC/8nOMkC/NcnKGOCNSj jNKM/rEKPt+/LMgrqeZWfMyxpDm8rs9YHCdmIkSTn6cVZB+DE9mrq7RB7ua9+HrpWZtNrUfQXZM v3eNdk3Dr0oMQsTpa8SVoCGtHej05O+0tt5bqS4gCgMqjcQ==
X-Google-Smtp-Source: AGHT+IFHY3+QbYEWkxRHe66IHRnwtEN1Bc9NLN6A7JC19toul3fEdwXLsZLbHPElZz1eYhUUlW9dWOX9Mp/P8wXRy+U=
X-Received: by 2002:a05:651c:160d:b0:36d:114b:52e2 with SMTP id 38308e7fff4ca-374c382cd0emr34588891fa.34.1759784366181; Mon, 06 Oct 2025 13:59:26 -0700 (PDT)
MIME-Version: 1.0
References: <175978091243.3836367.9289657222022936809@dt-datatracker-6c6cdf7f94-h6rnn>
In-Reply-To: <175978091243.3836367.9289657222022936809@dt-datatracker-6c6cdf7f94-h6rnn>
From: Thomas Fossati <thomas.fossati@linaro.org>
Date: Mon, 06 Oct 2025 22:59:09 +0200
X-Gm-Features: AS18NWBJ92ZJOfMm3DsMtYaG2Y0ZDGH7W1uJepytAi0cuZ-R10kUzdql1kvZRUg
Message-ID: <CA+1=6yezAV6t_fKi_nh8r_-OX0VNvQt-=z6FbNey4i_1Fiaxmg@mail.gmail.com>
To: Benjamin Schwartz <ietf@bemasc.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: YUYWX4Y5R5TPTY7T6RQVBOBC3NQB3QUD
X-Message-ID-Hash: YUYWX4Y5R5TPTY7T6RQVBOBC3NQB3QUD
X-MailFrom: thomas.fossati@linaro.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: secdir@ietf.org, draft-ietf-rats-msg-wrap.all@ietf.org, last-call@ietf.org, rats@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: draft-ietf-rats-msg-wrap-18 ietf last call Secdir review
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/_Z0ucXKT6Z3wtJasyQuxdU1i8Z8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Hi Ben, Thanks very much for your review and comments. On Mon, 6 Oct 2025 at 22:01, Benjamin Schwartz via Datatracker <noreply@ietf.org> wrote: > > Document: draft-ietf-rats-msg-wrap > Title: RATS Conceptual Messages Wrapper (CMW) > Reviewer: Benjamin Schwartz > Review result: Has Nits > > Clear document describing some serialization formats. > > Notes: > > Section 3.1: > > * The "ind" field is defined as a 32-bit bitfield of types. This constraint on > the range of expressible message types seems hard to justify. In the common > case, a short list of small integers would be almost as compact (in CBOR), and > in the extreme case (32 message types), the proportional savings of using a > bitfield is presumably minimal compared to the messages themselves. This seems > like a case of trying to save 1 byte, at the cost of considerably reduced > flexibility for extensions (especially experimental or private extensions). > And in some cases, the bitfield representation is actually _less_ compact. * This design is based on the assumption that there will only be a limited number of conceptual RATS messages. I'd be surprised if we ended up with more than triple the number of currently registered messages. Therefore, 32 should be more than enough. [ Famous last words :-) ] > Also, the description says "Only four values are registered", but the > definition of `cm-type` shows 5 values. Yes, thanks. We spotted that too and fixed it in the editor's copy [1] [1] https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/pull/247 > Section 3.4: > > * It seems like this text is recommending sending JSON or CBOR in a shared > container, with the recipient disambiguating them based on the first byte. I can see now how that could be interpreted that way, and that's certainly not how it's supposed to work (at least not in the common case), so we need to clarify that. The split in the JSON/CBOR decoding path is expected to happen via media type/content format (§10.6 and §10.7, respectively), or via the container context of the embedded CMW, i.e., the CWT/JWT claims (§10.1 and §10.2) or the X.509 extension (§10.8). Once the CMW has been dispatched to the intended decoder, however, there is still a look-ahead step to distinguish between an array or object (on the JSON path) and a record, map or tag (on the CBOR path). Would it be helpful to separate the CMWTypeDemux function into two, one for JSON and one for CBOR? Or would a clarification in prose suffice? Regarding the following observation: > [...] The proposed disambiguation is different > from the one proposed in the CBOR specification (see > https://www.rfc-editor.org/rfc/rfc8949.html#section-3.4.6-4, > https://www.rfc-editor.org/rfc/rfc9277.html#section-2.2) I am not sure I understand what you mean. CMW demux is based on the jump table described in Appendix B of RFC8949. > Section 10.5 > * The IANA registry is given as "expert review", but the instructions to the > expert effectively make the policy equivalent to Standards Action (or perhaps > even stricter!). IMHO it should be changed to Standards Action. (A > non-bitfield representation would allow a much more relaxed registration > policy.) Is this because of the limited codepoint space? If so, we don't think there will be an uncontrolled proliferation of conceptual messages unless the RATS architecture changes dramatically. cheers, thanks!
- [secdir] draft-ietf-rats-msg-wrap-18 ietf last ca… Benjamin Schwartz via Datatracker
- [secdir] Re: draft-ietf-rats-msg-wrap-18 ietf las… Thomas Fossati
- [secdir] Re: draft-ietf-rats-msg-wrap-18 ietf las… Ben Schwartz
- [secdir] Re: draft-ietf-rats-msg-wrap-18 ietf las… Thomas Fossati
- [secdir] Re: draft-ietf-rats-msg-wrap-18 ietf las… Ben Schwartz
- [secdir] Re: [Rats] Re: draft-ietf-rats-msg-wrap-… Michael Richardson