[Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 05 September 2023 17:50 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: taps@ietf.org
Delivered-To: taps@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B14C151711; Tue, 5 Sep 2023 10:50:49 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-taps-interface@ietf.org, taps-chairs@ietf.org, taps@ietf.org, anna.brunstrom@kau.se, anna.brunstrom@kau.se
X-Test-IDTracker: no
X-IETF-IDTracker: 11.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <169393624961.57527.10448223141659236366@ietfa.amsl.com>
Date: Tue, 05 Sep 2023 10:50:49 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/3Rqrs-HU4oGe7_hqejra_jK-SsA>
Subject: [Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: (with DISCUSS and COMMENT)
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2023 17:50:49 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-taps-interface-22: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-taps-interface/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 6.3. I’m having trouble understanding the level of abstraction used to specify the SecurityParameter API if the desired outcome is an interoperable solution. My top-line concern is around what are the defined security parameters are where are they formally defined. The API examples seem to suggest they are “identity, server-certificate, client-certificate, key-pair, supported-group, ciphersuite, signature-algorithm, and pre-shared-key.” A few examples of this ambiguity: -- “SecurityParameters.Set(identity, myIdentity)”: What is the “identity” parameter? What would be passed here? -- Per “SecurityParameters.Set(server-certificate, myCertificate)” and “SecurityParameters.Set(client-certificate, myCertificate)”, assuming myCertificate is an X.509 certificate, what format would that be passed in (e.g., PEM, DER)? -- What is in “myCertficate”: o can it be a certificate chain? o in the case of client-auth or a server, is this a bundle with both an X.509 and a private key? -- The parameters “supported-group”, “ciphersuite” and “signature-algorithm” all appear to be enumerated values. Where do those come from? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Sean Turner for the SECDIR review. ** Section 6.1. -- Per “Port (a 16-bit integer):”, shouldn’t this be “16-bit unsigned integer”? -- Per “Service (an identifier that maps to a port; either the name of a well-known service, or a DNS SRV service name to be resolved):”, what makes something a “well-known service”? Is this string have to be from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml? -- Per “IP address (IPv4 or IPv6 address):”, is there a formal syntax for an IPv4 or IPv6 address that can be cited? ** Section 6.3. Editorial. Should the convention of “myVariableName” be used here? OLD SecurityParameters.Set(pre-shared-key, key, identity) NEW SecurityParameters.Set(pre-shared-key, myKey, myIdentity) ** Section 6 of draft-ietf-taps-arch-18 said: ==[ snip ]== However, a Transport Services implementation can race different security protocols, e.g., if the application explicitly specifies that it considers them equivalent. ==[ snip ]== How does one use the API described in this document to convey equivalence? ** A few methods seem to be used in the prose without formal definition beyond the example: -- Section 6.1.1: WithTTL() -- Section 6.1.3: WithProtocol()
- [Taps] Roman Danyliw's Discuss on draft-ietf-taps… Roman Danyliw via Datatracker
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Brian Trammell (IETF)
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Roman Danyliw
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Brian Trammell (IETF)
- Re: [Taps] Roman Danyliw's Discuss on draft-ietf-… Tommy Pauly