Document: draft-ietf-core-oscore-groupcomm Title: Group Object Security for Constrained RESTful Environments (Group OSCORE) Reviewer: Mališa Vučinić Review result: Ready I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document specifies a group communication mode of OSCORE (RFC8613). As per this document, the endpoints in a group can communicate using a “group” mode and a “pairwise” mode. The group mode requests are source-authenticated using a countersignature, while pairwise exchanges are symmetrically-protected using a secret derived from a static-static DH key agreement algorithm. The document reuses the elements of OSCORE and complements the processing with actions dependent on the mode used. The document is well written and thorough. The constructs used seem solid and ensure the (nonce, key) pair uniqueness. Specifically on the Security Considerations section, the section details a number of implications on security and also details the security properties in group mode. One point I would like to make is that the pairwise mode deserves a clear list of claimed security properties, similar to how the group mode is discussed in Section 14.1. Also, it could perhaps be useful to discuss the security properties this specification does not aim to meet, specifically in comparison with other similar protocols like e.g. RFC9420. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
