IETF Logo Mail Archive

Re: [Drip] Secdir early review of draft-ietf-drip-auth-05

mohamed.boucadair@orange.com Wed, 23 March 2022 07:49 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D16F23A111A; Wed, 23 Mar 2022 00:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1m-kuDTIAro; Wed, 23 Mar 2022 00:49:28 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11C693A1119; Wed, 23 Mar 2022 00:49:24 -0700 (PDT)
Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar26.francetelecom.fr (ESMTP service) with ESMTPS id 4KNgVC0WTPzFpjV; Wed, 23 Mar 2022 08:49:23 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1648021763; bh=jDw8s+Vx/aUcDuMoeXdivYFstRJrg5LL1IbgGeohYv4=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=VOG86PsPUuoeQpNm65Kd4DjrVNKeRV8OiVAEIyZEqufYrAHP9wwgUQKoE9eDAYuxY CIAK51yRto3OCXOOtnRAGHF1tYyykqYW4ZVdTrTvAwoWGPGdSmvojrCuFjR6s5JV+G bcxO4fQL+S/f9KxS+jekzUVctXgf/JgiyvQxteKoaqFKF9AibR707umATRZtguvIfs csYV7Uo+s1Qpb4DV1n1OAkZAlJiULw8gbQj9ya5alfFnwFXyTUOSnYJO9NzNuXjg7v Inh0nuivjmQ6bU9uBtd/va8lxeRH4AQYntrDrudIABs0lNsuKv5Q6ZVv8AOJ1nKCOt ms/zbNU37bb4A==
From: <mohamed.boucadair@orange.com>
To: Rich Salz <rsalz@akamai.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-drip-auth.all@ietf.org" <draft-ietf-drip-auth.all@ietf.org>, "tm-rid@ietf.org" <tm-rid@ietf.org>
Thread-Topic: Secdir early review of draft-ietf-drip-auth-05
Thread-Index: AQHYPgDgWoCz4xzIQUyaT6e5NyEDq6zMlUeQ
Content-Class:
Date: Wed, 23 Mar 2022 07:49:22 +0000
Message-ID: <15974_1648021762_623AD102_15974_26_1_bc21dcd525a5402c9b0e5a09261978b4@orange.com>
References: <164796264611.30352.8191375984632777321@ietfa.amsl.com>
In-Reply-To: <164796264611.30352.8191375984632777321@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-03-23T07:36:06Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=5edc729d-862f-4f13-9fe9-3ffe5e85f828; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.115.27.53]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/HG1c2OWkbfXiXhdyIkU8y9Pi6AI>
Subject: Re: [Drip] Secdir early review of draft-ietf-drip-auth-05
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 07:49:34 -0000

Hi Rich, 

It was really a challenge to request this review (2022-03-08) with a suggested deadline of 2022-03-22 and get it done before our session (2022-03-23). So, many thanks for sharing your review in a timely manner.

All good comments and fair questions. I trust the pen holders will follow-up SOON (*). 

Cheers,
Med	

> -----Message d'origine-----
> De : Rich Salz via Datatracker <noreply@ietf.org>
> Envoyé : mardi 22 mars 2022 16:24
> À : secdir@ietf.org
> Cc : draft-ietf-drip-auth.all@ietf.org; tm-rid@ietf.org
> Objet : Secdir early review of draft-ietf-drip-auth-05
> 
> Reviewer: Rich Salz
> Review result: Has Issues
> 
> I know nothing about DRIP. I skimmed RFC 9153 and the suggested draft.
> Take thesze comments with appropriate skepticism.
> 
> ASTM needs to be expanded.
> 
> Are "pages" basically packets? A confirmation/explanation, perhaps in
> the definitions section would help. The definitions points to drip-
> requirements draft, but then documents "aircraft"?  Really? :)
> 
> There are far too many one-paragraph sections.  Come up with broader
> titles and merge things a bit; I think it will read better. I know kthis
> is not a trivial amount of work.
> 
> Sec 3.3.1: the bit numbering is opposite of what I'm used to (i.e., 31-
> >0, this is 0->31).  This holds for all other ascii-art protocol blocks.
> Consider breaking up the top byte into two nibbles AH and PH Pad out
> AuthType into
> 
> Sec 3.3.2 the constraints/requirements should be first.
> 
> Sec 4.1.2.1 Put spaces between the logical parts of the bytes:
> 	12 50098960bf8c0504200100100 0a00145aac6b00abba268b7 Is that
> correct?  Why only the last 23?  Maybe I am missing some other checksum,
> or don't know enough about Reed-Solomon.
> 
> Sec 5, "UNIX timestamp offset by ..." you mean Unix-style timestamp but
> with an epoch of ... right?  Is the "UA signature" defined somewhere?
> Same question about the signatures in Sec 6, etc.
> 
> Related question, where are the algorithms for the "Message Hash"
> and other hashes within the doc defined?  Should be a forward reference.
> Or worse, it's an external reference?
> 
> Sec 6.3.5.1 "multiplexing" seems out of place.
> 
> General comment, putting all limitations, constraints, requirements,
> etc., should be up front.
> 
> Is Appendix A useful here?  I don't see how.
> 
> The sample messages in C do not seem useful, as they seem to be
> repeating just the packet layouts.  I do not understand what the "Hex"
> values in
> C.3 mean and there seems to be no way to re-compute/verify them.
> 
> 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.8.7 | Report a Bug | By Email