This is not a finished review - but I wanted to get it out. Jim
General - Should the concept of a legal requester be part of the information that is transported with the public key? I don't believe that this is currently done, but would additionally allow for a server to ignore comments from individuals who are not authorized for that role. Section 2.2 - must new security parameters be regenerated on each membership change? Section 2.2. - Does completion of a group rekeying include confirmed redistribution before the version number is incremented? Section 4.2.1 - I think that we are going to need a discussion on a couple of issues related to the OSCORE half of how these values are going to be created. Pieces of the discussion are: 1. What is the POP her going to try and prove. Specifically is timeliness part of the discussion. 2. What do we do about token which grants access to multiple topics. Is joining the second group considered to be a re-join rather than an original join for the purposes of this discussion? 3. What are the interactions about cached public keys, when are these ok and how is this communicated to the client as a failure? Section 4.3 - Does it make sense to return a new rsnoce as part of these errors? _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
