Hi Randy! Thank you for the pointer, I was not aware of rfc3414.
I am in favor of solutions that do not need a time protocol/synchronized time; I think we will need both at ACE. Freshness is what seems to provide the 'Timeliness Module' of rfc3414 (but then I think the module to work needs some sort of "Time Synchronization" sec 2.3. which I could not figure out in detail). In any case I will deep digger on the document. About the need for time: Internal ACE discussions (clock design team), that now I hope well be debated publicly, lead to some partial conclusions; and I think one of them is that a minimal time-sync will be needed in ACE. The protocol we are designing, consist on two messages (fundamentally: two object structures), that where designed to be easily attached/piggybacked with other messages of the ACE framework. I can no think about something more minimalistic, other than not using self containing structures, and using something more compact than CBOR/COSE. Also I think its good to separate the debate about the actual time sync procedure (nonce, what to authenticate, etc), and the second issue is how to encode and send those messages within the ACE framework. I think its an open discussion, so Its good that we are talking about Time in ACE. Eager to continue the time-discussion, but now I don' have more time :P Renzo PS: One thing that must be clarified on future versions of draft is that we will be too pretentious to call a "full-blown" time protocol our proposal, certainly time precision/accuracy is not one of the goals. On Tue, Nov 1, 2016 at 7:10 PM, Randy Presuhn <[email protected]> wrote: > Hi - > > On 10/31/2016 11:45 PM, Ludwig Seitz wrote: >> >> On 2016-11-01 01:41, Randy Presuhn wrote: >>> >>> Hi - >>> >>> >>> On 10/31/2016 7:25 AM, Renzo Navas wrote: >>> ... >>>> >>>> The need for a secure source of time is getting clearer on ACE (either >>>> that, or mechanisms to assure freshness of each transaction), and we >>>> hope that with this protocol we are giving the first step to come up >>>> with a constrained-resource friendly solution. >>> >>> ... >>> >>> Along the way to SNMPv3, we learned that a full-blown time >>> protocol isn't actually necessary to provide authentication, >>> timeliness, replay protection, etc. See RFC 3414 for details >>> on how to get these properties cheaply, both from protocol >>> overhead and processing perspectives. >>> >>> Randy >>> >> >> Does your "etc" include expiration of access tokens? > > > The standard access control model (VACM, RFC 3415) does not > rely on "access tokens" - what is (and is not) allowed is > determined the currently configured permissions on the system > whose information is being accessed / modified / published, > and the authenticated identity of the user/entity to which the > information is being delivered or by which it is being modified. > > This may or may not meet your needs. The SNMP design was driven > in part by a requirement for things to work correctly even when > large portions of the internet infrastructure (such as NTP, > PKI, DNS, etc.) were malfunctioning, broken, or under attack, > and to work on systems with minimal (from the perspective > of the late 1980s and extending into the 1990s) capabilities. > Again, this might not be necessary here. It does seem, however, > that what seems like a shortcut here or there can have large > impacts on the ultimate complexity and technology footprint > of a design... > > > Randy > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
