Re: [Ace] Last Call: (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework)
I started the last call so as to make the cutoff for the March 10th IESG telechat, but noticed a few things in the diff that can be tightened up. I will try to send a PR before directorate reviews start trickling in... Thanks for getting the new version up quickly! -Ben On Thu, Feb 17, 2022 at 03:07:40PM -0800, The IESG wrote: > > The IESG has received a request from the Authentication and Authorization for > Constrained Environments WG (ace) to consider the following document: - > 'Message Queuing Telemetry Transport (MQTT)-TLS profile of >Authentication and Authorization for Constrained Environments (ACE) >Framework' >as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-c...@ietf.org mailing lists by 2022-03-03. Exceptionally, comments may > be sent to i...@ietf.org instead. In either case, please retain the beginning > of the Subject line to allow automated sorting. > > Abstract > > >This document specifies a profile for the ACE (Authentication and >Authorization for Constrained Environments) framework to enable >authorization in a Message Queuing Telemetry Transport (MQTT)-based >publish-subscribe messaging system. Proof-of-possession keys, bound >to OAuth2.0 access tokens, are used to authenticate and authorize >MQTT Clients. The protocol relies on TLS for confidentiality and >MQTT server (broker) authentication. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/ > > > > No IPR declarations have been submitted directly on this I-D. > > > > > ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] Last Call: (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework) to P
The IESG has received a request from the Authentication and Authorization for Constrained Environments WG (ace) to consider the following document: - 'Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-c...@ietf.org mailing lists by 2022-03-03. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies a profile for the ACE (Authentication and Authorization for Constrained Environments) framework to enable authorization in a Message Queuing Telemetry Transport (MQTT)-based publish-subscribe messaging system. Proof-of-possession keys, bound to OAuth2.0 access tokens, are used to authenticate and authorize MQTT Clients. The protocol relies on TLS for confidentiality and MQTT server (broker) authentication. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/ No IPR declarations have been submitted directly on this I-D. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-04
Benjamin Kaduk wrote: > A brief look into the history of RFC 7030 reveals that several > reviewers took objection to the usage of "arbitrary labels" under > /.well-known/est in question here, including a DISCUSS ballot from > Stephen Farrell. Unfortunately, (in my assessment) it seems that that > position was converted to a COMMENT prematurely, as only the question > of "how would this even work at all" was resolved, and the question of > "why does this need to be well-known" was not. Yes, as a deep reader of RFC7030, these labels always seemed like a solution looking for a problem. > In particular, if you have out-of-band between client and server about > what "arbitrary label" to use, then there is by assumption a channel > that could be used to coordinate what URI to use, so the server could > just assign a regular URI out of the portion of the URI namespace that > is wholly under its control (i.e., just the toplevel /arbitraryLabel1 I always assumed that the arbitrary label was something that the manufacturer provisioned. A device that needed multiple certificates for, "email", "https" and "xmpp" would know that, it would use that kind of thing there. THe different labels would be patched through a front-end to different CAs in the backend. But that this was entirely a local thing. I actually always thought that /.well-known was excessive for EST, period. I can't imagine a situation where an EST Registrar would do anything else. There is a big operational difference between EST vs securitytxt, which might be on any server. But, what mattered is that we pick a common place to put the EST stuff, and the established part of the dance floor that the IETF has marked off is /.well-known, so EST is there. It makes sense to put CMP there too. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] I-D Action: draft-ietf-ace-mqtt-tls-profile-14.txt
Dear Ace, This version updates the document as required for the AD review, mainly aligning the descriptions to DTLS-profile when TLS is used for client authentication. Kind regards, --Cigdem On Thu, 17 Feb 2022 at 09:29, wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Authentication and Authorization for > Constrained Environments WG of the IETF. > > Title : Message Queuing Telemetry Transport (MQTT)-TLS > profile of Authentication and Authorization for Constrained Environments > (ACE) Framework > Authors : Cigdem Sengul > Anthony Kirby > Filename: draft-ietf-ace-mqtt-tls-profile-14.txt > Pages : 43 > Date: 2022-02-17 > > Abstract: >This document specifies a profile for the ACE (Authentication and >Authorization for Constrained Environments) framework to enable >authorization in a Message Queuing Telemetry Transport (MQTT)-based >publish-subscribe messaging system. Proof-of-possession keys, bound >to OAuth2.0 access tokens, are used to authenticate and authorize >MQTT Clients. The protocol relies on TLS for confidentiality and >MQTT server (broker) authentication. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-ace-mqtt-tls-profile-14 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-mqtt-tls-profile-14 > > > Internet-Drafts are also available by rsync at rsync.ietf.org: > :internet-drafts > > > ___ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] I-D Action: draft-ietf-ace-mqtt-tls-profile-14.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF. Title : Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework Authors : Cigdem Sengul Anthony Kirby Filename: draft-ietf-ace-mqtt-tls-profile-14.txt Pages : 43 Date: 2022-02-17 Abstract: This document specifies a profile for the ACE (Authentication and Authorization for Constrained Environments) framework to enable authorization in a Message Queuing Telemetry Transport (MQTT)-based publish-subscribe messaging system. Proof-of-possession keys, bound to OAuth2.0 access tokens, are used to authenticate and authorize MQTT Clients. The protocol relies on TLS for confidentiality and MQTT server (broker) authentication. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-ace-mqtt-tls-profile-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-mqtt-tls-profile-14 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
