[Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: (with DISCUSS and COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 05 September 2023 17:50 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: taps@ietf.org
Delivered-To: taps@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B14C151711; Tue, 5 Sep 2023 10:50:49 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-taps-interface@ietf.org, taps-chairs@ietf.org, taps@ietf.org, anna.brunstrom@kau.se, anna.brunstrom@kau.se
X-Test-IDTracker: no
X-IETF-IDTracker: 11.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <169393624961.57527.10448223141659236366@ietfa.amsl.com>
Date: Tue, 05 Sep 2023 10:50:49 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/taps/3Rqrs-HU4oGe7_hqejra_jK-SsA>
Subject: [Taps] Roman Danyliw's Discuss on draft-ietf-taps-interface-22: (with DISCUSS and COMMENT)
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "IETF Transport Services \(TAPS\) Working Group" <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2023 17:50:49 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-taps-interface-22: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-taps-interface/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

** Section 6.3.  I’m having trouble understanding the level of abstraction used
to specify the SecurityParameter API if the desired outcome is an interoperable
solution.  My top-line concern is around what are the defined security
parameters are where are they formally defined. The API examples seem to
suggest they are “identity, server-certificate, client-certificate, key-pair,
supported-group, ciphersuite, signature-algorithm, and pre-shared-key.”

A few examples of this ambiguity:

-- “SecurityParameters.Set(identity, myIdentity)”: What is the “identity”
parameter? What would be passed here?

-- Per “SecurityParameters.Set(server-certificate, myCertificate)” and
“SecurityParameters.Set(client-certificate, myCertificate)”, assuming
myCertificate is an X.509 certificate, what format would that be passed in
(e.g., PEM, DER)?

-- What is in “myCertficate”:
o can it be a certificate chain?
o in the case of client-auth or a server, is this a bundle with both an X.509
and a private key?

-- The parameters “supported-group”, “ciphersuite” and “signature-algorithm”
all appear to be enumerated values.  Where do those come from?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Sean Turner for the SECDIR review.

** Section 6.1.
-- Per “Port (a 16-bit integer):”, shouldn’t this be “16-bit unsigned integer”?

-- Per “Service (an identifier that maps to a port; either the name of a
well-known service, or a DNS SRV service name to be resolved):”, what makes
something a “well-known service”?  Is this string have to be from
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?

-- Per “IP address (IPv4 or IPv6 address):”, is there a formal syntax for an
IPv4 or IPv6 address that can be cited?

** Section 6.3.  Editorial.  Should the convention of “myVariableName” be used
here? OLD SecurityParameters.Set(pre-shared-key, key, identity)

NEW
SecurityParameters.Set(pre-shared-key, myKey, myIdentity)

** Section 6 of draft-ietf-taps-arch-18 said:
==[ snip ]==
   However, a Transport
   Services implementation can race different security protocols, e.g.,
   if the application explicitly specifies that it considers them
   equivalent.
==[ snip ]==

How does one use the API described in this document to convey equivalence?

** A few methods seem to be used in the prose without formal definition beyond
the example:

-- Section 6.1.1: WithTTL()
-- Section 6.1.3: WithProtocol()