On 7/21/2016 5:29 AM, Ludwig Seitz wrote:
On 2016-07-21 11:04, Michael Richardson wrote:
Why will ACE succeed when DICE failed?
Does ACE now have some knowledge or mechanism that DICE couldn't have
created
because it was out of scope?
ACE is (also) about authorization, which DICE wasn't. A compromised
lightbulb might well have the possibility to talk to a door lock
(using it's group key), but it would lack the authorization to do
anything with the lock.
IMHO that's what ACE add that DICE didn't have (and wasn't chartered
to have).
Hi Ludwig -
Sorry - you are incorrect.
The group key is also the authorization key in the model proposed. Any
entity that holds that key can forge a message that can cause the action
authorized by the issuance of that key. In your example, assuming that
the door lock and the lightbulb share the same group key, then
compromising the lightbulb allows you to control the door lock.
In general, authentication comes with the key that you have -
authorization is then tied to that key. In DTLS (as in TLS), your
session key is also your authorization key once your TLS session is tied
to a particular identity (e.g. via an HTTP login, via a client cert
exchange, via OAuth).
So - cosmetic differences only.
Mike
/Ludwig
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
