Russ's comments on draft -05 about teep-protocol HOT 4 CLOSED

In Section 4.2, tes discussion of token says:

  The TAM MUST expire the token value after receiving the first
  responce from the device and ignore any subsequent messages that
  have the same token value.

Should this say the first response that has a valid signature? Otherwise, we are creating an opportunity for an attacker to quickly respond with a matching token but otherwise garbage. Then a legitimate responder will be ignored.

Section 6.1 second paragraph says to drop the message if it is not valid according to the rules in 4.1.2. Section 4.1.2 explains that the TEEP message fields are only looked at in step 6, so by the time you get to the text in section 4.2 you've already passed steps 1-5, so you get the meaning you stated.

from teep-protocol.

Russ Housley wrote:

In Section 7, I think that future ciphersuites should allow MAC algorithms other than HMAC, such as GMAC.

Do you believe any text change is needed?

sure, just change "HMAC" to "MAC"

from teep-protocol.

The last comment remaining is:

In Section 9, please say whether future registrations will allow integrity-without-confidentiality ciphersuites. Let's settle this now instead of dumping on the IANA Expert.

This was discussed at IETF 110 where the minutes conclude:

Dave T: if thereʼs a use case that doesnʼt require confidentiality, we could allow IANA expert the latitude to decide.
Nancy: Intent of the UCCS draft was to address EAT tokens/claims that do not require confidentiality
Brendan: If integrity-only is to be allowed, it probably needs an entry in the security considerations detailing how much it exposes personal information.
Dave T: propose to update draft to allow for ability to not have confidentiality, but include in the security considerations the use cases where it is appropriate or perhaps state examples where this should not be allowed

from teep-protocol.

Fixed in draft-06

from teep-protocol.