Hello,
As discussed in the interim, I've submitted a v04.
There are a few things, which may still merit a v05, but we did the
following updates on v04. The changes include:
- Linked the terms Broker and MQTT server more at the introduction of
the document.
- Clarified support for MQTTv3.1.1 and removed phrases that might be
considered as MQTTv5 is backward compatible with MQTTv3.1.1
- Corrected the Informative and Normative references.
- For AS discovery, clarified the CONNECT message omits the
Authentication Data field.
- Specified the User Property MUST be set to "ace_as_hint" for AS
Request Creation Hints.
- Added that MQTT v5 brokers MAY also implement reduced interactions
described for MQTTv3.1.1.
- Added to Section 3.1, in case of an authorisation failure and QoS
level 0, the RS sends a DISCONNECT with reason code '0x87 (Not authorized)'.
- Added a pointer to section 4.7 of MQTTv5 spec for more information
on topic names and filters.
- Added HS256 and RS256 are mandatory to implement depending on the
choice of symmetric or asymmetric validation.
- Added MQTT to the TLS exporter label to make it application
specific: 'EXPORTER-ACE-MQTT-Sign-Challenge'.
- Added a format for Authentication Data so that length values
prefix the token (or client nonce) when Authentication Data contains more
than one piece of information.
- Clarified clients still connect over TLS (server-side) for the
authz-info flow.
Thanks,
--Cigdem
---------- Forwarded message ---------
From: <[email protected]>
Date: Mon, Mar 9, 2020 at 2:39 PM
Subject: New Version Notification for draft-ietf-ace-mqtt-tls-profile-04.txt
To: Anthony Kirby <[email protected]>, Cigdem Sengul <[email protected]>,
Paul Fremantle <[email protected]>
A new version of I-D, draft-ietf-ace-mqtt-tls-profile-04.txt
has been successfully submitted by Cigdem Sengul and posted to the
IETF repository.
Name: draft-ietf-ace-mqtt-tls-profile
Revision: 04
Title: MQTT-TLS profile of ACE
Document date: 2020-03-09
Group: ace
Pages: 28
URL:
https://www.ietf.org/internet-drafts/draft-ietf-ace-mqtt-tls-profile-04.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/
Htmlized:
https://tools.ietf.org/html/draft-ietf-ace-mqtt-tls-profile-04
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-ace-mqtt-tls-profile
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-mqtt-tls-profile-04
Abstract:
This document specifies a profile for the ACE (Authentication and
Authorization for Constrained Environments) framework to enable
authorization in an MQTT-based publish-subscribe messaging system.
Proof-of-possession keys, bound to OAuth2.0 access tokens, are used
to authenticate and authorize MQTT Clients. The protocol relies on
TLS for confidentiality and MQTT server (broker) authentication.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
