Last Call Review of draft-ietf-anima-constrained-join-proxy-14
review-ietf-anima-constrained-join-proxy-14-opsdir-lc-schoenwaelder-2023-09-25-00
| Request | Review of | draft-ietf-anima-constrained-join-proxy-14 |
|---|---|---|
| Requested revision | 14 (document currently at 15) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2023-09-08 | |
| Requested | 2023-08-08 | |
| Requested by | Toerless Eckert | |
| Authors | Michael Richardson , Peter Van der Stok , Panos Kampanakis | |
| I-D last updated | 2023-09-25 | |
| Completed reviews |
Iotdir Last Call review of -14
by Russ Housley
(diff)
Secdir Last Call review of -14 by Mališa Vučinić (diff) Genart Last Call review of -14 by Ines Robles (diff) Opsdir Last Call review of -14 by Jürgen Schönwälder (diff) Iotdir Last Call review of -05 by Russ Housley (diff) Tsvart Last Call review of -10 by Spencer Dawkins (diff) Opsdir Last Call review of -09 by Jürgen Schönwälder (diff) Secdir Last Call review of -09 by Mališa Vučinić (diff) Genart Last Call review of -09 by Ines Robles (diff) Artart Last Call review of -10 by Rich Salz (diff) Opsdir Telechat review of -10 by Jürgen Schönwälder (diff) |
|
| Comments |
Requesting last-call review in preparation of finishing WGLC and to update/override the earlier review results, so as to accelerate following AD/IETF/IESG review. The authors confirmed that they resolved all issues raised in early reviews. If feasible, request to re-assign document to prior reviewers: OPSDIR: Jürgen Schönwälder GENART: Ines Robles SECDIR: Malisa Vucinic IOTDIR: Russ Housley |
|
| Assignment | Reviewer | Jürgen Schönwälder |
| State | Completed | |
| Request | Last Call review on draft-ietf-anima-constrained-join-proxy by Ops Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/sW4tZ2ENng6cxCBxh5G0aYmAiaE | |
| Reviewed revision | 14 (document currently at 15) | |
| Result | Has issues | |
| Completed | 2023-09-25 |
review-ietf-anima-constrained-join-proxy-14-opsdir-lc-schoenwaelder-2023-09-25-00
Thanks for taking my earlier comment into consideration. I appreciate
that it is now clearer which functionality needs to be implemented and
where.
Concerning the protection against abuse of the join proxy, I now
see that the message is:
JPY_message =
[
pledge_context_message : bstr,
content : bstr
]
However, I also read about the 'header' and the 'content' fields. Is
the pledge_context_message field the 'header'? If so, the document is
contradicting itself since in some parts it says what it contains
while in other parts it says pledge_context_message is entirely
implementation specific.
My understanding of the new design is that pledge_context_message
field effectively acts as a nonce and token, it is not protected and
likely even valid for multiple usages. If so, calling the result an
encrypted message is perhaps misleading since I may be able to replay
other messages once I have sniffed the pledge_context_message
value. The targets I may be possible to reach depends on how an
implementation chooses to implement pledge_context_message, the
specification only gives an illustrative example.
Anyway, this is an improvement, but perhaps it would be even better if
there would be a minimum requirement which information needs to be in
the token to prevent abuse of join proxies. But SECDIR people should be
the proper persons to judge this and whether it is find to trust that
implementations understand the significance of including enough
context information. Perhaps this should be discussed in the security
considerations to highlight the security implication of the choice of
the pledge_context_message content.