Hello Martin,Thanks a lot for your review! Please find in line below our detailed replies to your comments.
A Github PR where we have addressed your comments is available at [PR].Unless any concern is raised, we plan to soon merge this PR (and the other ones related to other received reviews), and to submit the result as version -18 of the document.
Thanks, /Marco [PR] https://github.com/ace-wg/ace-key-groupcomm/pull/164 On 2023-11-28 22:11, Martin Duke via Datatracker wrote:
Martin Duke has entered the following ballot position for draft-ietf-ace-key-groupcomm-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)Please refer tohttps://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C1359a87ce9cd413ae9a308dbf0568b50%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638368026718160171%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J16AYuoNBuMg4tBidZr9DvGOfnY97NBL6wrdFnjdo5o%3D&reserved=0 for more information about how to handle DISCUSS and COMMENT positions.The document, along with other ballot positions, can be found here: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-key-groupcomm%2F&data=05%7C01%7Cmarco.tiloca%40ri.se%7C1359a87ce9cd413ae9a308dbf0568b50%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638368026718168118%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HatfmpKO8zy%2Fqwc2sNS9wIBHOo6xd15YgpKXqcQWvdA%3D&reserved=0 ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Vidhi Goel for the TSVART review. (2) "If it consists of an explicit entity such as a pub-sub Broker or a message relayer, the Dispatcher is comparable to an untrusted on-path intermediary, and as such it is able to read the messages sent by Clients in the group." Is this accurate? Why does the Dispatcher need the group key to relay messages?
==>MT We have rephrased the following two paragraphs of Section 2 as follows. OLD> Dispatcher: entity through which the Clients communicate with the group, when sending a message intended to multiple group members. That is, the Dispatcher distributes such a one-to-many message to the group members as intended recipients. A single-recipient message intended to only one group member may be delivered by alternative means, with no assistance from the Dispatcher.
NEW (emphasis mine)Dispatcher: entity through which the Clients communicate with the group when sending a message intended to multiple group members. That is, the Dispatcher distributes such a one-to-many message to the group members as intended recipients. **The Dispatcher does not have access to the group keying material**. A single-recipient message intended to only one group member may be delivered by alternative means, with no assistance from the Dispatcher.
OLD> If it consists of an explicit entity such as a pub-sub Broker or a message relayer, the Dispatcher is comparable to an untrusted on-path intermediary, and as such it is able to read the messages sent by Clients in the group.
NEW (emphasis mine)> If it consists of an explicit entity such as a pub-sub Broker or a message relayer, the Dispatcher is comparable to an untrusted on-path intermediary, and as such it is able to **see the messages sent by Clients in the group, but not to decrypt them and read their plain content**.
<==
(3.3) s/since it allows to ask/since it allows the client to ask
==>MT Yes, now fixed. <==
-- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
