Re: [Drip] Secdir early review of draft-ietf-drip-auth-05
"Card, Stu" <stu.card@axenterprize.com> Wed, 23 March 2022 15:56 UTC
Return-Path: <stu.card@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 46C1A3A177C
for <tm-rid@ietfa.amsl.com>; Wed, 23 Mar 2022 08:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id sW5w5ye355-s for <tm-rid@ietfa.amsl.com>;
Wed, 23 Mar 2022 08:56:25 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com
[IPv6:2a00:1450:4864:20::52b])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 2D4AA3A1779
for <tm-rid@ietf.org>; Wed, 23 Mar 2022 08:56:25 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id y10so2372777edv.7
for <tm-rid@ietf.org>; Wed, 23 Mar 2022 08:56:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=axenterprize.com; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=Qhng3uNm3LMDadyUnWwZ5Fq2PiHpbU7pb7ScYjHHhkU=;
b=obXNQdekchSoT0A2sBEjp5pewjXVS/SwcBfs0I7lry4siCiJJXMFuYAkBqLJd7uuNW
lYxQn/Z7TZXLEGSeKQeaHuq7qKM2NexBmE8Q2u4Wgiox//DV+7c7JNuFgCC67CcZ5f4S
l0Qup9MoQVbGXnhml8AN99/uE1lgaHuBwc/Hk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=Qhng3uNm3LMDadyUnWwZ5Fq2PiHpbU7pb7ScYjHHhkU=;
b=gt23+AxxsGYRq4FqjoFS5sKItzK0itW7mMisFt5D6rlJGPoSWntsJSdf0/WI1/brAA
Ib2cCZOzAXEf04ymcfLNhk4tcn4F/2JybW60ctebX36LQvv4g+IMcc7hnaa9NgbdNo4T
m1WgBDxGqlDGk333v3wcYbFmhR9NdS3IC3wZRx9aU10Y7o0Vf9S6thDU8BSwGyoyqdpl
Dw9BCyN04quYTEyx8luI3bmXK8+Ny6SFFCBjr3zZg9HdFhZZ6anhIbR+zNZMUMXPWzl+
GZ+fo8haCbNX1qcVvRDYQ4l0Fjf5BDuOjV5+h7YXtZACLl1SPxa3PzLqSSEmm2wiakGL
BiSw==
X-Gm-Message-State: AOAM531DicymjXcz+Zo7r1dEohAeb8hFlLbws+/kw6/O1PrHQFlOEJnc
EgO5/oiDcH3JzVXJsp3GUZ5bs++wlMCmEdZJeKQAV4t0sdk=
X-Google-Smtp-Source: ABdhPJxlVaUPoehz8q/I0Wzj6dyh2VgHNro5MqOaFXCa3wbioyaef3xyO0691dSjaj6sUaVOr5Opztha517y8JaAQ8k=
X-Received: by 2002:aa7:de96:0:b0:418:f9ca:67f6 with SMTP id
j22-20020aa7de96000000b00418f9ca67f6mr940062edv.25.1648050983132; Wed, 23 Mar
2022 08:56:23 -0700 (PDT)
MIME-Version: 1.0
References: <164796264611.30352.8191375984632777321@ietfa.amsl.com>
<15974_1648021762_623AD102_15974_26_1_bc21dcd525a5402c9b0e5a09261978b4@orange.com>
In-Reply-To: <15974_1648021762_623AD102_15974_26_1_bc21dcd525a5402c9b0e5a09261978b4@orange.com>
From: "Card, Stu" <stu.card@axenterprize.com>
Date: Wed, 23 Mar 2022 11:56:06 -0400
Message-ID: <CAKM0pYM7XCAnk=kzc62EMxh+sgoU6hcgb-RZStqHoQ73dxDTVw@mail.gmail.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>
Cc: Rich Salz <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>,
"draft-ietf-drip-auth.all@ietf.org" <draft-ietf-drip-auth.all@ietf.org>,
"tm-rid@ietf.org" <tm-rid@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006c0eca05dae4c523"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/Ekaa-d7wQi0ecvt5A6-wHIIRmrc>
Subject: Re: [Drip] Secdir early review of draft-ietf-drip-auth-05
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>,
<mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>,
<mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 15:56:31 -0000
The only point on which I will respond without getting some sleep first is expansion of ASTM. Originally, it was an acronym for "the American Society for Testing and Materials". However, it is no longer such; the full name of the organization is now "ASTM International". The other points will require more thought. ;-) Thanks for the quick review! On Wed, Mar 23, 2022 at 3:49 AM <mohamed.boucadair@orange.com> wrote: > Hi Rich, > > It was really a challenge to request this review (2022-03-08) with a > suggested deadline of 2022-03-22 and get it done before our session > (2022-03-23). So, many thanks for sharing your review in a timely manner. > > All good comments and fair questions. I trust the pen holders will > follow-up SOON (*). > > Cheers, > Med > > > -----Message d'origine----- > > De : Rich Salz via Datatracker <noreply@ietf.org> > > Envoyé : mardi 22 mars 2022 16:24 > > À : secdir@ietf.org > > Cc : draft-ietf-drip-auth.all@ietf.org; tm-rid@ietf.org > > Objet : Secdir early review of draft-ietf-drip-auth-05 > > > > Reviewer: Rich Salz > > Review result: Has Issues > > > > I know nothing about DRIP. I skimmed RFC 9153 and the suggested draft. > > Take thesze comments with appropriate skepticism. > > > > ASTM needs to be expanded. > > > > Are "pages" basically packets? A confirmation/explanation, perhaps in > > the definitions section would help. The definitions points to drip- > > requirements draft, but then documents "aircraft"? Really? :) > > > > There are far too many one-paragraph sections. Come up with broader > > titles and merge things a bit; I think it will read better. I know kthis > > is not a trivial amount of work. > > > > Sec 3.3.1: the bit numbering is opposite of what I'm used to (i.e., 31- > > >0, this is 0->31). This holds for all other ascii-art protocol blocks. > > Consider breaking up the top byte into two nibbles AH and PH Pad out > > AuthType into > > > > Sec 3.3.2 the constraints/requirements should be first. > > > > Sec 4.1.2.1 Put spaces between the logical parts of the bytes: > > 12 50098960bf8c0504200100100 0a00145aac6b00abba268b7 Is that > > correct? Why only the last 23? Maybe I am missing some other checksum, > > or don't know enough about Reed-Solomon. > > > > Sec 5, "UNIX timestamp offset by ..." you mean Unix-style timestamp but > > with an epoch of ... right? Is the "UA signature" defined somewhere? > > Same question about the signatures in Sec 6, etc. > > > > Related question, where are the algorithms for the "Message Hash" > > and other hashes within the doc defined? Should be a forward reference. > > Or worse, it's an external reference? > > > > Sec 6.3.5.1 "multiplexing" seems out of place. > > > > General comment, putting all limitations, constraints, requirements, > > etc., should be up front. > > > > Is Appendix A useful here? I don't see how. > > > > The sample messages in C do not seem useful, as they seem to be > > repeating just the packet layouts. I do not understand what the "Hex" > > values in > > C.3 mean and there seems to be no way to re-compute/verify them. > > > > > > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez > recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and > delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > >
- [Drip] Secdir early review of draft-ietf-drip-aut… Rich Salz via Datatracker
- Re: [Drip] Secdir early review of draft-ietf-drip… mohamed.boucadair
- Re: [Drip] Secdir early review of draft-ietf-drip… Card, Stu
- Re: [Drip] Secdir early review of draft-ietf-drip… Salz, Rich
- Re: [Drip] Secdir early review of draft-ietf-drip… Adam Wiethuechter
- Re: [Drip] Secdir early review of draft-ietf-drip… Salz, Rich
- Re: [Drip] [secdir] Secdir early review of draft-… Donald Eastlake