Great! Thanks Olaf for addressing the comments and moving the document forward!
Yours, Daniel ________________________________ From: Francesca Palombini <[email protected]> Sent: Tuesday, June 8, 2021 6:06 AM To: Olaf Bergmann <[email protected]> Cc: Stefanie Gerdes <[email protected]>; The IESG <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]>; [email protected] <[email protected]> Subject: Re: Francesca Palombini's Yes on draft-ietf-ace-dtls-authorize-16: (with COMMENT) Hi Olaf, Right! Somehow I managed to miss the « response » from the « access token response ». Thanks for the answers, it all looks good to me and ready to ship. Francesca On 8 June 2021 at 11:59:19 CEST, Olaf Bergmann <[email protected]> wrote: Hi Francesca, On 2021-06-08, Francesca Palombini <[email protected]> wrote: > My turn to apologize for the late reply :) I went through the comment > again and I believe I must have misread something. I am ok with the > current text, or the previous one as well, if you'd rather not add > this sentence. Thanks for the followup — we have kept the new text in version -18. > I do have one additional comment, which came out while looking this over > again - about the following text: > > correct public key in the DTLS handshake. If the authorization > server has specified a "cnf" field in the access token response, the > client MUST use this key. Otherwise, the client MUST use the public > > The access token is opaque to the client (as defined the ace > framework), so the client is not necessarily able to read and extract > the key it is supposed to use from it. If I am not mistaken, the > correct way for the AS to tell the client what key to use would be to > use the "cnf" field defined in Section 3.2 of oauth-params. You are correct. That is basically what this text says (= if the AS has provided the cnf in its response, the client has to use it). Grüße Olaf
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
