I have trimmed down to the issues that I wanted to respond to.
Jim
-Original Message-
From: Ludwig Seitz
Sent: Tuesday, October 15, 2019 7:08 AM
To: Benjamin Kaduk ; draft-ietf-ace-oauth-authz@ietf.org
Cc: ace@ietf.org
Subject: Re: AD review of draft-ietf-ace-oauth-authz-24
Hello
Some of what is going here is going to duplicate information from my last
message. Some of this are not necessarily things that need to be in this
document but should be discussed at some point.
1. Are there any specifics about using ACE over HTTP that need to be
explicitly stated some place. S
On 15/10/2019 16:07, Ludwig Seitz wrote:
78.)
Section 6.1
I think we should have a little bit more discussion about what attacks
are possible even when a client hard-codes a list of trustworthy ASes,
e.g., when a device in one AS's purview is compromised and tries to get
the client to use a dif
Hello Ben,
thank you for your thorough review.
I have taken the liberty to add numbers to your comments in order to
refer to them in a easier way.
I have fixed 93 your 113 and there are 20 left where I am asking for
clarifications. These are:
6.), 12.), 16.), 19.), 34.), 39.), 41.), 45.),
Hello,
Thank you, Jim, for this plan.
Responses are inline.
On Mon, Oct 14, 2019 at 2:47 AM Jim Schaad wrote:
> I was going through the document and trying to figure out what a test plan
> might look like. I was also trying to make sure I understood all of the
> information flows.
>
> 1. Post