Thanks a lot for your review! Please find in line below our detailed replies to your comments.
A Github PR where we have addressed your comments is available at [GENART-PR].
Unless any concern is raised, we plan to soon merge this PR (and the other ones related to other received reviews), and to submit the result as version -10 of the document.
Thanks,
/Marco
[GENART-PR] https://github.com/core-wg/oscore-edhoc/pull/15
On 2023-11-12 17:19, Joel Halpern via
Datatracker wrote:
Reviewer: Joel Halpern Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://eur05.safelinks.protection.outlook.com/?url="">. Document: draft-ietf-core-oscore-edhoc-09 Reviewer: Joel Halpern Review Date: 2023-11-12 IETF LC End Date: 2023-11-13 IESG Telechat date: Not scheduled for a telechat Summary: This document is ready for publication as a proposed standard reviewer note: I did not attempt to verify that the description here of the underlying security protocols is correct. I leave that to the WG and the security reviewers. Major issues: N/A Minor issues: In reading the first part of section 3, I found myself confused in two regards. First, the diagram shows the third message as containing EDHOC message_3 + OSCORE-protected data. But the text refers to it as also containing C_R which is not apparently part of EDHOC message 3. I think this is explained in step 4 of section 3.2, but it is at best jarring at this stage. (Maybe just call it OSCORE option C_R? Or note at this point,as you do later, in the text that the EDHOC C_R and the OSCORE C_R are identical?)
==>MT
The *CoAP request* contains C_R, while EDHOC message_3 does not. In fact, that is the case in both the original workflow and the optimized workflow.
That is, in both workflows, C_R is not part of EDHOC message_3, and it has to be somehow specified in the CoAP request that conveys EDHOC message_3.
As to the original workflow, this is already defined in draft-ietf-lake-edhoc, and reminded in Section 2 of the present document. That is, C_R is specified in the payload of the CoAP request, as prepended to EDHOC message_3, i.e.:
> The request payload consists of the EDHOC connection identifier C_R encoded as per Section 3.3 of [I-D.ietf-lake-edhoc], concatenated with EDHOC message_3.
As to the optimized workflow in Section 3, the diagram in Figure 2 is correct about what it shows. As it happens, C_R is already specified as the value of the 'kid' field in the CoAP OSCORE Option included in the CoAP request. Hence, we take advantage of that and we do not prepend C_R to EDHOC message_3 in the request payload.
Note that there is no concept of "OSCORE C_R" or "OSCORE option C_R", and the CoAP OSCORE Option does not include a C_R field. There is only EDHOC C_R, as the EDHOC Connection Identifier of the Responder.
To make these points clearer, in Section 3.0 we have revised the bullet list introduced by "That is, the EDHOC + OSCORE request ..." to become as follows.
> That is, the EDHOC + OSCORE request is composed of the following two parts combined together in a single CoAP message:
>
> * The OSCORE Request from Figure 1, which is also in this case sent to a protected resource, with the correct CoAP method and options intended for accessing that resource.
>
> * EDHOC data consisting of the pair (C_R, EDHOC message_3) required for completing the EDHOC session, transported as follows:
> * C_R is the OSCORE Sender ID of the client and hence transported in the 'kid' field of the OSCORE Option (see Section 6.1 of RFC 8613). Unlike in the sequential workflow shown in Figure 1, C_R is thus not transported in the payload of the EDHOC + OSCORE request.
> * EDHOC message_3 is transported in the payload of the EDHOC + OSCORE request, prepended to the payload of the OSCORE Request. This is because EDHOC message_3 may be too large to be included in a CoAP Option, e.g., when conveying a large public key certificate chain as ID_CRED_I (see Section 3.5.3 of [I-D.ietf-lake-edhoc]) or when conveying large External Authorization Data as EAD_3 (see Section 3.8 of [I-D.ietf-lake-edhoc]).
<==
Second, the description here is worded in a way that leads the reader to
understand that the EDHOC message is part of the OSCOR content. The
processing order and protection structure is spelled out in section 3.2.
Maybe just add something like "This structure can be processed in order due
to the construction rules in section 3.2?
==>MT
In Section 3.0, we have extended the paragraph right before the bullet list as follows.
OLD
> That is, the EDHOC + OSCORE request is composed of the following two parts combined together in a single CoAP message:
NEW
> That is, the EDHOC + OSCORE request is composed of the following two parts combined together in a single CoAP message. The steps for processing the EDHOC + OSCORE request and the two parts combined in there are defined in Section 3.2 and Section 3.3.
<==
Nits/editorial comments:
-- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
Attachment:
OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
