Mercurial > hg > ietf

annotate ace-key-groupcomm-review.txt @ 3:11c0afd7bad2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
trying to get into Section 3
author Henry S. Thompson <ht@inf.ed.ac.uk>
date Wed, 25 Oct 2023 22:36:22 +0100
parents 92618ff70952
children a88cd2ff0a89
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
1 Document:
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
2 Intended RFC status: Proposed Standard
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
3 Review type: artart - Last Call review
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
4 Reviewer: Henry S. Thompson
3
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
5 Review Date: 2023-10-@@
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
6 Result: Ready with Issues
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
7
3
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
8 *Summary*
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
9
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
10 Caveat: I'm not familiar with the group comms family of RFCs or the
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
11 applications they support, so this review is from an outsider's
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
12 perspective.
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
13
3
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
14 *Substantive points*
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
15
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
16 Section 2. I'm seeing an inconsistency in the way the Dispatcher is
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
17 discussed. When introduced in the bullet points the last bullet says
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
18
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
19 "If it consists of an explicit entity such as a pub-sub Broker or a
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
20 message relayer, the Dispatcher is comparable to an _untrusted_
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
21 on-path intermediary, and as such it is _able to read_ the messages
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
22 sent by Clients in the group." [emphasis added]
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
23
3
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
24 But at the end of section 2 we find
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
25
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
26 "5. The joining node can communicate _securely_ with the other group
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
27 members, using the keying material provided in step 3."
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
28 [emphasis added]
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
29
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
30 If the Dispatcher is untrusted, how can communication be secure?
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
31 There is no discussion of the Dispatcher in the Security section.
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
32
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
33 *Minor points*
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
34
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
35 Section 1. I note that one of the two referenced examples of candidate
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
36 application profiles, "A publish-subscribe architecture for the
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
37 Constrained Application Protocol (CoAP)" [1], has expired. I'm not
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
38 sure how much it matters to have reasonably mature examples, but
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
39 without _some_ good reasons to suppose that there's a community out
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
40 there waiting to implement this framework, its future does seem a bit
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
41 shaky... There is of course a chicken-and-egg problem here which may
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
42 explain the lack of progress.
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
43
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
44 Section 2. This is the first point where the actual connection between
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
45 ACE and this document is made clear, that is, that the KDC is the
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
46 Resource Server _per ACE_. Simply adding ", per ACE," to "Resource
3
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
47 Server" in para 2 of Section 1 would fix this for me.
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
48
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
49 *Nits*
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
50
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
51 Section 1 / Appendix A: The use of REQ[n] and OPT[n] in conjunction
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
52 with REQUIRED and MAY is not explained, nor are they linked to the
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
53 relevant text in Appendix A. There is an oblique reference to this
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
54 practice in para. 4 of Section 1, which could stand to be expanded to
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
55 explain your conventions.
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
56
3
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
57 Passim: Please do a thorough spell-check. The following were found in the
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
58 first 4 sections:
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
59 recommeded -> recommended
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
60 memebrs -> members
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
61 specificaton -> specification
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
62 acces -> access
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
63 trasferring -> transferring
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
64
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
65 ht
11c0afd7bad2 trying to get into Section 3
Henry S. Thompson <ht@inf.ed.ac.uk>
parents: 1
diff changeset
66 --
1
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
67
92618ff70952 getting started
Henry S. Thompson <ht@inf.ed.ac.uk>
parents:
diff changeset
68 [1] https://datatracker.ietf.org/doc/html/draft-ietf-core-coap-pubsub-12