X.509 Certificate Extended Key Usage (EKU) for 5G Network Functions
draft-ietf-lamps-nf-eku-05

Received changes through RFC Editor sync (changed state to RFC, created became rfc relationship between draft-ietf-lamps-nf-eku and RFC 9509, changed IESG state to RFC Published)

[Ballot comment]
Question 11 of the shepherd writeup is incomplete.  (See Eric V.'s comment.)

The SHOULD in Section 3 is bare.  What's the interoperability or security impact if I don't do what it says?  Apart from that, it seems to me that you could almost get away with not even using BCP 14 in this document.

In Section 4, bullet 3, "Ku" should be "KU".

[Ballot comment]
# GEN AD review of draft-ietf-lamps-nf-eku-04

CC @larseggert

Thanks to Elwyn Davies for the General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/MQz148ST9nIOc_fa4bQSjywrIPM).

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Outdated references

Reference `[RFC5246]` to `RFC5246`, which was obsoleted by `RFC8446` (this may
be on purpose).

### Grammar/style

#### Section 5, paragraph 1
```
poseId and Permitted KeyPurposeId by an relying party to permit or prohibit
                                    ^^
```
Use "a" instead of "an" if the following word doesn't start with a vowel sound,
e.g. "a sentence", "a university".

#### Section 5, paragraph 1
```
d and Permitted KeyPurposeId by an relying party to permit or prohibit combin
                                  ^^^^^^^
```
The verb "rely" requires the preposition "on" (or "upon").

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT].

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments
[IRT]: https://github.com/larseggert/ietf-reviewtool

[Ballot comment]
        In addition, the IANA repository "SMI Security for PKIX Extended Key Purpose"

You mean Registry, not repository?

        It's important to note that using the anyExtendedKeyUsage
        KeyPurposeId, as defined in Section 4.2.1.12 of [RFC5280], is
        generally considered a poor practice. This is especially true for
        publicly trusted certificates, whether they are multi-purpose
        or single-purpose, within the context of 5G systems and the 5G
        Core Service Based Architecture.

Why is it important to note? I would likely either remove the paragraph
or just reword it much simpler:

        KeyPurposeId properties are meant to limit the applicability of
        the certificate. The use of the anyExtendedKeyUsage KeyPurposeId
        would remove the use of this additional security property.

But if you are only trying to say "we obviously dont want to use
anyExtendedKeyUsage", then I think that is quite obvious and the entire
paragraph can be cut.  If this property is currently used because there
is no other KeyPurposeId that can be used and that's why it is currently
being used, perhaps that should be stated explicitly, eg "this document
defines new KeyPurposeId values that allow 5G systems to no longer need
to rely on the less secure anyExtendedKeyUsage KeyPurposeId".

      If the purpose of the issued certificates is not restricted, i.e.,
        the type of operations for which a public key contained in the
        certificate can be used are not specified, those certificates
        could be used for another purpose than intended, violating the
        CA policies, and increasing the risk of cross-protocol attacks.

I would remove "violating the CA policies" because if the CA signed without
specifying restrictions, you are not really violating their policies.

        Another example, if the purpose of the certificate is for the
        NF service consumer is to use it as a client certificate, the
        NF with this client certificate and corresponding private key
        must not be allowed to sign the CCA.

Doesn't the lack of X509v3 Basic Constraints CA:TRUE deal with this use
case already? So maybe this is not the best example, or if it is, perhaps
explain why the Basic Constraints CA: in itself isn't enough?

        Vendor-defined KeyPurposeIds used within a PKI governed
        by the vendor or a group of vendors typically do not pose
        interoperability concerns, as non-critical extensions can be
        safely ignored if unrecognized. However, using or misusing
        KeyPurposeIds outside of their intended vendor-controlled
        environment can lead to interoperability issues. Therefore, it is
        advisable not to rely on vendor-defined KeyPurposeIds. Instead,
        the specification defines standard KeyPurposeIds to ensure
        interoperability across various implementations.

I think this paragraph can be safely deleted. It is stating things that
are very obvious (there are multiple vendors in the telecom industry)
      This specification defines the KeyPurposeIds id-kp-jwt,
        id-kp-httpContentEncrypt, id-kp-oauthAccessTokenSigning for
        respectively [...]

I think you want to say:

        This specification defines the KeyPurposeIds id-kp-jwt,
        id-kp-httpContentEncrypt, id-kp-oauthAccessTokenSigning and
        uses these for respectively [...]

That makes it clear that these KeyPurposeIds are not just for 5G equipment.

        Applications verifying the signature of a Client Credentials
        Assertion (CCA) represented as JWT, decrypting JSON objects in
        HTTP messages between Security Edge Protection Proxies (SEPPs)
        using JWE or verifying the signature of an OAuth 2.0 access
        tokens for service authorization to grant temporary access
        to resources provided by NF producers using JWS MAY require
        corresponding KeyPurposeIds be specified by the EKU extension.

This is pretty unreadable. How about:

        Applications verifying the KeyPurposeIds id-kp-jwt, id-kp-httpContentEncrypt
        and id-kp-oauthAccessTokenSigning MAY require corresponding KeyPurposeIds
        be specified by the EKU extension.

The "MAY" here is also rather weak, and undoing the gains of using
these new KeyPurposeIds. Maybe "SHOULD" is better? Or perhaps some
additional text about greenfield deployments could say something like
"if the application knows clients are required to use these KeyPurposeIds,
it MUST require them being set".

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-lamps-nf-eku-03

Thank you for the work put into this document.

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and one nit.

Special thanks to Russ Housley for the shepherd's detailed write-up including the WG consensus *but it lacks* the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric

# COMMENTS

## 3GPP Liaison

While it does not seem that this draft specifies anything for the 3GPP (it is more like an IETF extension to an IETF specification used by 3GPP), I am curious to check whether an official review by 3GPP has been done via liaison statements (the shepherd only says `People that participate in the 3GPP have indicated that this document  will be referenced by future 3GPP standards.`)

## Abstract & Section 1

Is "5G System" a well-defined term ? Even if most readers would guess what it is. Should there be some explanation or a reference ?

Is it limited to 3GPP use cases ? NF could have a broader scope that 3GPP.

## Section 1

Most probably because I am not an expert in this field, but the introduction does not seem to explain what this document is about. It provides the context though.

# NITS

## Section 3

CCA has already been expanded.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-lamps-nf-eku-01. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the SMI Security for PKIX Extended Key Purpose registry in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry group located at:

https://www.iana.org/assignments/smi-numbers/

three new registrations are to be made as follows:

Decimal: [ TBD-at-Registration ]
Description: id-kp-jwt
Reference: [ RFC-to-be ]

Decimal: [ TBD-at-Registration ]
Description: id-kp-httpContentEncrypt
Reference: [ RFC-to-be ]

Decimal: [ TBD-at-Registration ]
Description: id-kp-oauthAccessTokenSigning
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Second, in the SMI Security for PKIX Module Identifier registry also in the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry group located at:

https://www.iana.org/assignments/smi-numbers/

a single new registration is to be made as follows:

Decimal: [ TBD-at-Registration ]
Description: id-mod-nf-eku
Reference: [ RFC-to-be ]

As this also requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

The IANA Functions Operator understands that these two actions are the only ones required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2023-09-08):

From: The IESG
To: IETF-Announce
CC: draft-ietf-lamps-nf-eku@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (X.509 Certificate Extended Key Usage (EKU) for 5G Network Functions) to Proposed Standard


The IESG has received a request from the Limited Additional Mechanisms for
PKIX and SMIME WG (lamps) to consider the following document: - 'X.509
Certificate Extended Key Usage (EKU) for 5G Network Functions'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2023-09-08. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  RFC 5280 specifies several extended key purpose identifiers
  (KeyPurposeIds) for X.509 certificates.  This document defines
  encrypting JSON objects in HTTP messages, JSON Web Token (JWT) and
  signing the OAuth 2.0 access tokens KeyPurposeIds for inclusion in
  the Extended Key Usage (EKU) extension of X.509 v3 public key
  certificates used by Network Functions (NFs) for the 5G System.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lamps-nf-eku/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/5966/

Shepherd Write-up for draft-ietf-lamps-nf-eku-01


(1) Does the working group (WG) consensus represent the strong
concurrence of a few individuals, with others being silent, or did it
reach broad agreement?

  There is support for this document in the LAMPS WG.

(2) Was there controversy about particular points, or were there
decisions where the consensus was particularly rough?

  The original individual Internet-Draft took a very different approach
  to the one that was approved by the LAMPS WG.  The authors took the
  advice from many commenters.  During the WG Last Call no one spoke
  against the document, but there was some discussion to confirm that
  all cases where properly covered.
 
(3) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarize the areas of conflict in separate
email messages to the responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal or indicated any discontent.

(4) For protocol documents, are there existing implementations of the
contents of the document?  Have a significant number of potential
implementers indicated plans to implement?  Are any existing
implementations reported somewhere, either in the document itself (as
RFC 7942 recommends) or elsewhere (where)?

  People that participate in the 3GPP have indicated that this document
  will be referenced by future 3GPP standards.

(5) Does this document need review from other IETF working groups or
external organizations?  Have those reviews occurred?

  None needed.

(6) Describe how the document meets any required formal expert review
criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type
reviews.

  ASN.1 is used.  The document shepherd compiled the ASN.1 module
  after inserting placeholder values for the ones that need to be
  assigned by IANA.  It compiles without errors.

(7) If the document contains a YANG module, has the final version of the
module been checked with any of the recommended validation tools for
syntax and formatting validation?  If there are any resulting errors or
warnings, what is the justification for not fixing them at this time?
Does the YANG module comply with the Network Management Datastore
Architecture (NMDA) as specified in RFC 8342?

  YANG is not used in the document.

(8) Describe reviews and automated checks performed to validate sections
of the final version of the document written in a formal language, such
as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc.

  ASN.1 is used.  The document shepherd compiled the ASN.1 module
  after inserting placeholder values for the ones that need to be
  assigned by IANA.  It compiles without errors.

(9) Based on the shepherd's review of the document, is it their opinion
that this document is needed, clearly written, complete, correctly
designed, and ready to be handed off to the responsible Area Director?

  The document shepherd finds the document clear and complete.

(10) Several IETF Areas have assembled lists of common issues that their
reviewers encounter.  Do any such issues remain that would merit specific
attention from subsequent reviews?

  The document shepherd finds no concerns.

(11) What type of RFC publication is being requested on the IETF stream
(Best Current Practice, Proposed Standard, Internet Standard,
Informational, Experimental, or Historic)?  Why is this the proper type
of RFC?  Do all Datatracker state attributes correctly reflect this
intent?

  Proposed Standard.  The datatracker indicates this intent.

(12) Has the interested community confirmed that any and all appropriate
IPR disclosures required by BCP 78 and BCP 79 have been filed?  If not,
explain why.  If yes, summarize any discussion and conclusion regarding
the intellectual property rights (IPR) disclosures, including links to
relevant emails.

  All authors and contributors have explicitly confirmed that all IPR
  disclosures required for full conformance with the provisions of
  BCP 78 and BCP 79 have already been filed.  There are none.

(13) Has each Author or Contributor confirmed their willingness to be
listed as such?  If the number of Authors/Editors on the front page is
greater than 5, please provide a justification.

  All authors have explicitly confirmed their willingness to be listed
  as an author.  All contributors are listed as authors.

(14) Identify any remaining I-D nits in this document.  (See the idnits
tool and the checkbox items found in Guidelines to Authors of
Internet-Drafts).  Simply running the idnits tool is not enough; please
review the entire guidelines document.

  IDnits points out that the obsolete RFC 5246 is referenced.  This is
  intensional.  Notices that the same section also references RFC 8446.

  The document shepherd review of the document did not find any
  issues related to the Guidelines to Authors of Internet-Drafts.

(15) Should any informative references be normative or vice-versa?

  All references are in the proper category.

(16) List any normative references that are not freely available to
anyone.  Did the community have sufficient access to review any such
normative references?

  All normative references are RFCs, 3GPP specifications, or ITU-T
  recommendations.  All of these are freely available for download.

(17) Are there any normative downward references (see RFC 3967, BCP 97)?
If so, list them.

  There are no downrefs.

(18) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If they exist, what is
the plan for their completion?

  All of the normative references have already been published.

(19) Will publication of this document change the status of any existing
RFCs?  If so, does the Datatracker metadata correctly reflect this and
are those RFCs listed on the title page, in the abstract, and discussed
in the introduction?  If not, explain why and point to the part of the
document where the relationship of this document to these other RFCs is
discussed.

  Publication of this document will not effect the status of any
  other documents.

(20) Describe the document shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all aspects of the document requiring IANA
assignments are associated with the appropriate reservations in IANA
registries.  Confirm that any referenced IANA registries have been
clearly identified.  Confirm that each newly created IANA registry
specifies its initial contents, allocations procedures, and a reasonable
name (see RFC 8126).

  No concerns were found.  The IANA Considerations ask IANA to assign
  some object identifiers from existing registries, and the document
  shepherd is the IANA Designated Expert for the registries where these
  will be assigned.

(21) List any new IANA registries that require Designated Expert Review
for future allocations.  Are the instructions to the Designated Expert
clear?  Please include suggestions of designated experts, if appropriate.

  No new IANA registries are needed.

Shepherd Write-up for draft-ietf-lamps-nf-eku-01


(1) Does the working group (WG) consensus represent the strong
concurrence of a few individuals, with others being silent, or did it
reach broad agreement?

  There is support for this document in the LAMPS WG.

(2) Was there controversy about particular points, or were there
decisions where the consensus was particularly rough?

  The original individual Internet-Draft took a very different approach
  to the one that was approved by the LAMPS WG.  The authors took the
  advice from many commenters.  During the WG Last Call no one spoke
  against the document, but there was some discussion to confirm that
  all cases where properly covered.
 
(3) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarize the areas of conflict in separate
email messages to the responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal or indicated any discontent.

(4) For protocol documents, are there existing implementations of the
contents of the document?  Have a significant number of potential
implementers indicated plans to implement?  Are any existing
implementations reported somewhere, either in the document itself (as
RFC 7942 recommends) or elsewhere (where)?

  People that participate in the 3GPP have indicated that this document
  will be referenced by future 3GPP standards.

(5) Does this document need review from other IETF working groups or
external organizations?  Have those reviews occurred?

  None needed.

(6) Describe how the document meets any required formal expert review
criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type
reviews.

  ASN.1 is used.  The document shepherd compiled the ASN.1 module
  after inserting placeholder values for the ones that need to be
  assigned by IANA.  It compiles without errors.

(7) If the document contains a YANG module, has the final version of the
module been checked with any of the recommended validation tools for
syntax and formatting validation?  If there are any resulting errors or
warnings, what is the justification for not fixing them at this time?
Does the YANG module comply with the Network Management Datastore
Architecture (NMDA) as specified in RFC 8342?

  YANG is not used in the document.

(8) Describe reviews and automated checks performed to validate sections
of the final version of the document written in a formal language, such
as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc.

  ASN.1 is used.  The document shepherd compiled the ASN.1 module
  after inserting placeholder values for the ones that need to be
  assigned by IANA.  It compiles without errors.

(9) Based on the shepherd's review of the document, is it their opinion
that this document is needed, clearly written, complete, correctly
designed, and ready to be handed off to the responsible Area Director?

  The document shepherd finds the document clear and complete.

(10) Several IETF Areas have assembled lists of common issues that their
reviewers encounter.  Do any such issues remain that would merit specific
attention from subsequent reviews?

  The document shepherd finds no concerns.

(11) What type of RFC publication is being requested on the IETF stream
(Best Current Practice, Proposed Standard, Internet Standard,
Informational, Experimental, or Historic)?  Why is this the proper type
of RFC?  Do all Datatracker state attributes correctly reflect this
intent?

  Proposed Standard.  The datatracker indicates this intent.

(12) Has the interested community confirmed that any and all appropriate
IPR disclosures required by BCP 78 and BCP 79 have been filed?  If not,
explain why.  If yes, summarize any discussion and conclusion regarding
the intellectual property rights (IPR) disclosures, including links to
relevant emails.

  All authors and contributors have explicitly confirmed that all IPR
  disclosures required for full conformance with the provisions of
  BCP 78 and BCP 79 have already been filed.  There are none.

(13) Has each Author or Contributor confirmed their willingness to be
listed as such?  If the number of Authors/Editors on the front page is
greater than 5, please provide a justification.

  All authors have explicitly confirmed their willingness to be listed
  as an author.  All contributors are listed as authors.

(14) Identify any remaining I-D nits in this document.  (See the idnits
tool and the checkbox items found in Guidelines to Authors of
Internet-Drafts).  Simply running the idnits tool is not enough; please
review the entire guidelines document.

  IDnits points out that the obsolete RFC 5246 is referenced.  This is
  intensional.  Notices that the same section also references RFC 8446.

  The document shepherd review of the document did not find any
  issues related to the Guidelines to Authors of Internet-Drafts.

(15) Should any informative references be normative or vice-versa?

  All references are in the proper category.

(16) List any normative references that are not freely available to
anyone.  Did the community have sufficient access to review any such
normative references?

  All normative references are RFCs, 3GPP specifications, or ITU-T
  recommendations.  All of these are freely available for download.

(17) Are there any normative downward references (see RFC 3967, BCP 97)?
If so, list them.

  There are no downrefs.

(18) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If they exist, what is
the plan for their completion?

  All of the normative references have already been published.

(19) Will publication of this document change the status of any existing
RFCs?  If so, does the Datatracker metadata correctly reflect this and
are those RFCs listed on the title page, in the abstract, and discussed
in the introduction?  If not, explain why and point to the part of the
document where the relationship of this document to these other RFCs is
discussed.

  Publication of this document will not effect the status of any
  other documents.

(20) Describe the document shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all aspects of the document requiring IANA
assignments are associated with the appropriate reservations in IANA
registries.  Confirm that any referenced IANA registries have been
clearly identified.  Confirm that each newly created IANA registry
specifies its initial contents, allocations procedures, and a reasonable
name (see RFC 8126).

  No concerns were found.  The IANA Considerations ask IANA to assign
  some object identifiers from existing registries, and the document
  shepherd is the IANA Designated Expert for the registries where these
  will be assigned.

(21) List any new IANA registries that require Designated Expert Review
for future allocations.  Are the instructions to the Designated Expert
clear?  Please include suggestions of designated experts, if appropriate.

  No new IANA registries are needed.