On Tue, Nov 3, 2020 at 5:05 AM Göran Selander <[email protected]> wrote:
> Hi Daniel, and all, > > > > Some comments on the proposed charter and your mail, sorry for late > response. > > > > 1. > > ”The Working Group is charged with maintenance of the framework and > existing profiles thereof, and may undertake work to specify profiles of > the framework for additional secure communications protocols” > > > > I take it this text covers (should the WG want to adopt): > > > > - draft-tiloca-ace-group-oscore-profile > - an ACE-EDHOC profile (i.e. the POST /token response and the access > token provision information to support authentication with EDHOC, e.g. raw > public key of the other party). Such a profile could provide good trust > management properties, potentially at the cost of a larger access token > etc. > > > My understanding is that it covers anything related to profiles. > > > 2. > > ”In particular the discussion might revive a discussion that happened in > 2017 [2] - when I was not co-chair of ACE -and considered other expired > work such as [3]. Please make this discussion constructive on this thread. > ” > > > > As I remember it, the outcome of this discussion was – in line with the > mindset of EST – that it is beneficial to re-use authentication and > communication security appropriate for actual use case. If coaps is > suitable for a particular use case, then it makes sense to protect also the > enrolment procedure with this protocol. But whereas the security protocol > is coaps instead of https, the enrolment functionality and semantics should > reuse that of EST, possibly profiled for the new setting: [4]. > > > > In the same spirit there was support at the meeting [2] to specify > protection of EST payloads profiled for use with OSCORE as communication > security protocol, together with a suitable AKE for authentication. > Following the adoption of EDHOC in LAKE this work has now been revived [5]. > IMHO the reasoning above still makes sense. > > > > With this in mind, and taking into account recent discussion on the list, > perhaps this part of the charter: > > > > ”The Working Group will standardize how to use Constrained Application > Protocol (CoAP) as a Transport Medium for the Certificate management > protocol version 2 (CMPv2). ” > > > > should be rephrased or complemented with the reasoning above, for example: > > > > The scope of the Working Group includes profiles of the Enrolment over > Secure Transport (EST) transported with the Constrained Application > Protocol (CoAP)” > Thanks for the clarification. I added some text to add EST profiles. > Thanks > > Göran > > > > [4] https://tools.ietf.org/html/draft-ietf-ace-coap-est > > [5] https://tools.ietf.org/html/draft-selander-ace-coap-est-oscore > > > > > > > > > > On 2020-10-15, 19:50, "Ace" <[email protected]> wrote: > > Hi, > > I would like to start the charter discussion. Here is a draft of a > proposed charter [1]. > > > > It seems to be that additional discussion is needed with regard to the > last paragraph related certificate management. In particular the discussion > might revive a discussion that happened in 2017 [2] - when I was not > co-chair of ACE -and considered other expired work such as [3]. Please make > this discussion constructive on this thread. > > > > The fundamental question is whether we need certificate management at this > stage. If the answer is yes, and we have multiple proposals, it would be > good to clarify the position of the different proposals and evaluate > whether a selection is needed or not before validating the charter. > > > > Please provide your inputs on the mailing list before October 30. Of > course for minor edits, you may suggest them directly on the google doc. > > > > Yours, > > Daniel > > > > [1] > https://docs.google.com/document/d/1RtxUSvUeBdZWoQkjSj2c3DtR8DuBwPM2BnBXhoDiptY/edit?usp=sharing > < > https://protect2.fireeye.com/v1/url?k=4f3d9c3b-118c475b-4f3ddca0-86e2237f51fb-627e48b069462d70&q=1&e=6924b2a6-e7e5-4ec1-a1af-c94637953dc5&u=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1RtxUSvUeBdZWoQkjSj2c3DtR8DuBwPM2BnBXhoDiptY%2Fedit%3Fusp%3Dsharing> > > > [2] > https://datatracker.ietf.org/doc/minutes-interim-2017-ace-03-201710191300/ > > [3] https://datatracker.ietf.org/doc/draft-selander-ace-eals/ > > > > -- > > Daniel Migault > > > > Ericsson > -- Daniel Migault Ericsson
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
