I'm sorry that I missed today's meeting. I guess this wasn't on the agenda in the end?
Göran Selander <goran.selan...@ericsson.com> wrote: > But you are right that the draft is not just a new ACE profile. The > voucher concept fits into ANIMA, but is carried as an ACE access > token. It also makes use of the auxiliary data and other elements of > EDHOC. But neither ANIMA nor LAKE seems to be the right working > groups. ANIMA is not using the ACE framework, and LAKE is for the > nearest future only concerned with the basic AKE. ANIMA BRSKI is not using the ACE framework, but that's because I don't think it was clear when we started the work that vouchers were semantically similar to JWT/CWT. Well, I tried to move things that way, but it was just too soon. When we started, I thought that the thing that the AS (W) returns to V is an RFC8366 semantic voucher (encoded to CBOR a la draft-ietf-anima-constrained-voucher). However, in the document it has taken on it's own life. I think that we tried to make it close to an ACE token. This is where the connection comes in. Jim: jim> I have been sitting this to try and make a decision and figure out jim> what my feelings are with this draft. I did a fast read through the jim> document, too fast to actually understand what it is trying to do, and jim> I immediately ran into the question of why this document would be part jim> of ACE. It is using the concepts of a voucher, which is not currently jim> an ACE concept, as one of the fundamental concepts. That combined with jim> the use of an AKE makes me very wary of this document. (I have not jim> spent enough time embedded in the ECIES and HPKE world to understand jim> this well.) I think that the ECIES and HPKE part is not particularly significant. There are some links at: https://www.sandelman.ca/SSW/ietf/brski-links/ The link: Generic Animation of BRSKI - Bootstrapping Remote Secure Key Infrastructure (ODP) (screencast) (enterprise/IoT screencast) points to: https://www.youtube.com/watch?v=Mtbh_GN0Ce4 which is only 5 minutes long. I should redo this for ACE-AKE-AUTHZ, aka Ultra-Constrained enrollment.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace