Re: [Ace] ANIMA and ACE, IDevID terminology (was: Re: cBRSKI)

On Mon, May 01, 2023 at 12:09:03PM +0200, Christian Amsüss wrote: > Hi Michael, > (CC'ing ACE list because what I think will be the larger part of the > thread is hopefully relevant) > > > > there a generalization of the IEEE identifiers that also makes > > > sense for constrained but

Re: [Ace] Lars Eggert's No Objection on draft-ietf-ace-mqtt-tls-profile-15: (with COMMENT)

On Thu, Mar 10, 2022 at 12:27:49AM +, Cigdem Sengul wrote: > On Mon, 7 Mar 2022 at 09:31, Lars Eggert via Datatracker > wrote: > > > > > Found terminology that should be reviewed for inclusivity; see > > https://www.rfc-editor.org/part2/#inclusive_language for background and > > more > >

Re: [Ace] Murray Kucherawy's Discuss on draft-ietf-ace-mqtt-tls-profile-15: (with DISCUSS and COMMENT)

On Wed, Mar 09, 2022 at 10:35:01PM -0800, Murray Kucherawy via Datatracker wrote: > Murray Kucherawy has entered the following ballot position for > draft-ietf-ace-mqtt-tls-profile-15: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in

Re: [Ace] [Last-Call] Artart last call review of draft-ietf-ace-mqtt-tls-profile-14

On Wed, Mar 09, 2022 at 11:27:40PM +, Francesca Palombini wrote: > > Just one note: for the downref to informative documents (for those documents > that were actually included in the text), please revert the change – RFC 6234 > and RFC 8032 were correctly referenced as normative, since they

Re: [Ace] Genart last call review of draft-ietf-ace-mqtt-tls-profile-15

Hi Theresa, On Fri, Mar 04, 2022 at 06:42:07PM -0800, Theresa Enghardt wrote: > Dear Cigdem, > > Thank you for preparing the revised version, it looks pretty good to me. > > Some replies inline: > > On 3/4/22 14:23, Cigdem Sengul wrote: > > > > > > Section 1.3: > > > > "Will > >    

Re: [Ace] Last Call: (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework)

On Thu, Feb 17, 2022 at 03:07:40PM -0800, The IESG wrote: > > > Abstract > > >This document specifies a profile for the ACE (Authentication and >Authorization for Constrained Environments) framework to enable >authorization in a Message Queuing Telemetry Transport (MQTT)-based >

Re: [Ace] Last Call: (Message Queuing Telemetry Transport (MQTT)-TLS profile of Authentication and Authorization for Constrained Environments (ACE) Framework)

I started the last call so as to make the cutoff for the March 10th IESG telechat, but noticed a few things in the diff that can be tightened up. I will try to send a PR before directorate reviews start trickling in... Thanks for getting the new version up quickly! -Ben On Thu, Feb 17, 2022 at

Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-04

rver-operator-assigned names. -Ben > > Von: Ace Im Auftrag von Benjamin Kaduk > > Gesendet: Montag, 14. Februar 2022 20:22 > > > > Hi all, > > > > Jumping right in... > > > > > > I guess this is probably more of a comment on draft-ietf-lamp

[Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-04

Hi all, Jumping right in... I guess this is probably more of a comment on draft-ietf-lamps-cmp-updates, but since we are duplicating some of its content I will still call it out as a as a serious concern. My concern relates to the usage of the "cmp" well-known URI -- we hvae some text in §2.1

Re: [Ace] AD review of draft-ietf-ace-aif-04

Hi Carsten, On Sun, Feb 13, 2022 at 01:27:29AM +0100, Carsten Bormann wrote: > Hi Ben, > > thank you for the additional comments. > > I have prepared another small pull request with resulting changes at > > https://github.com/cabo/ace-aif/pull/2 Thanks, looks good. > >>> > >>> Abstract,

Re: [Ace] AD review of draft-ietf-ace-aif-04

you and from the WG, I plan to submit the > resulting updated I-D on Monday. That sounds good; I should be able to request that the Secretariat start the IETF LC shortly thereafter. Comments are pretty sparsely intertwined; most of your responses look good and unctonrtoversial. > > On 2022-02

[Ace] AD review of draft-ietf-ace-aif-04

Hi all, There's enough that will be changing yet that I'll mark this as "Revised I-D needed" in the datatracker rather than starting an IETF Last Call directly. We'll also need to change the "Intended RFC Status" field in the datatracker to match the Proposed Standard target. Without further

Re: [Ace] second AD evaluation of draft-ietf-ace-mqtt-tls-profile-13

On Wed, Dec 15, 2021 at 08:33:43PM +, Cigdem Sengul wrote: > Hello Ben, > Thank you for your Pull request. I have asked for clarifications in the > following. > > On Tue, Dec 7, 2021 at 8:27 PM Benjamin Kaduk wrote: > > > Hi all, > > > > As promi

Re: [Ace] AD Evaluation of draft-ietf-ace-mqtt-tls-profile-12

. > My responses are below. Thank you, as always, for your feedback. > > On Tue, Dec 7, 2021 at 8:14 PM Benjamin Kaduk wrote: > > > Hi Cigdem, > > > > Oof, has it really been two months since you sent this? I am sorry to have > > let it linger for so long. > >

[Ace] second AD evaluation of draft-ietf-ace-mqtt-tls-profile-13

Hi all, As promised, here are my comments on the -13. I put some text to this effect in my pull request (https://github.com/ace-wg/mqtt-tls-profile/pull/96), but technically RFC 7250 allows independent negotiation of the client using a RPK and the server using a RPK, but our text is written as

Re: [Ace] AD Evaluation of draft-ietf-ace-mqtt-tls-profile-12

detailed changes, and references to Github issues/commits are below. > I've SNIPped the ones that required no action or no > change based on our discussion e-mails. > > I will submit a new version - should I wait for your perusal of the changes > (detailed also below)? > >

Re: [Ace] Nits in draft-ietf-ace-oauth-authz

On Wed, Aug 11, 2021 at 06:42:47AM +, Ludwig Seitz wrote: > Hello Ace, > > I'm currently dealing with some nits in draft-ietf-ace-oauth-authz that I > have discovered during the final IANA check. For one of them I need group > feedback: > > The draft defines a CBOR abbreviation for the

Re: [Ace] AD Evaluation of draft-ietf-ace-mqtt-tls-profile-12

Hi Cigdem, Hopefully you have not gotten too far along on the few items where I reply and say that your proposed change may not be needed; I had hoped to write this message several days ago. (That said, there really are only a few such places; the bulk of your proposals look good.) On Sat, Aug

[Ace] AD Evaluation of draft-ietf-ace-mqtt-tls-profile-12

Hi all, Sorry to have taken so long to get back to this, and thank you for continuing to make updates in response to the changes in the framework and other profiles. In general, the protocol mechansisms defined here are in good shape; thank you! I made a github PR with some changes that seemed

Re: [Ace] Secdir telechat review of draft-ietf-ace-oauth-authz-41

Thanks, Phill. I really appreciate having another set of eyes go over the changes in the draft and cross-referencing against the review comments -- it makes me a lot more confident that we're in good shape now. -Ben On Fri, May 21, 2021 at 04:41:19PM -0700, Phillip Hallam-Baker via Datatracker

Re: [Ace] Ordering Guarantee in CoAP-EAP

Hi Dan, I think the Echo option should be workable for your case (and in fact would provide an example of a case where the "time-limited single-use cryptographic nonce" that I had asked about in my review of draft-ietf-core-echo-request-tag might be applicable). I expect the URI-Query proposal

Re: [Ace] MQTT, OSCORE, DTLS profiles - recommendation on RS - AS communication

Cigdem and Daniel, Thanks for working to get this resolved. It will be one less thing for me to comment on :) -Ben On Tue, Apr 13, 2021 at 08:57:53AM -0400, Daniel Migault wrote: > Thanks for the update, that works for me. > > Yours, > Daniel > > On Tue, Apr 13, 2021 at 8:44 AM Cigdem Sengul

Re: [Ace] Martin Duke's No Objection on draft-ietf-ace-oauth-params-13: (with COMMENT)

Hi Martin, On Thu, Mar 18, 2021 at 11:44:53AM -0700, Martin Duke via Datatracker wrote: > > > -- > COMMENT: > -- > > In sec 3.1 it says the AS SHOULD reject

Re: [Ace] [secdir] secdir review of draft-ietf-ace-dtls-authorize-14

On Tue, Mar 09, 2021 at 10:36:01AM -0500, Russ Mundy wrote: > All, thanks very much to everyone that contributed to resolving this issue. > I agree with Daniel that the issue can be closed, i.e., the issue I raised in > my secdir review has been satisfactorily addressed and resolved. Hi Russ,

Re: [Ace] minor comments on draft-ietf-ace-oscore-profile-16

of a > previously exchanged client nonce N1 for Security Context establishment by > replaying the corresponding client-to-server message. > > > Göran > > > > On 2021-03-04, 22:09, "Benjamin Kaduk" wrote: > > On Thu, Mar 04, 2021 at 04:17:52PM +, G

Re: [Ace] minor comments on draft-ietf-ace-oscore-profile-16

left > and forgotten during the ASCII art session. It is described in Section 4 so > could be removed from the figure if it isn't possible to find a place for it > to print well. Sounds reasonable. > On 2021-03-04, 03:29, "Benjamin Kaduk" wrote: > > Hi all, >

[Ace] minor comments on draft-ietf-ace-oscore-profile-16

Hi all, I was going through the four drafts that have been "waiting for writeup" for a while, to check that the latest changes are good and they are ready to go once the last point from the secdir review of draft-ietf-ace-dtls-authorize is wrapped up. In short: they are, but I had a couple

[Ace] please welcome Loganaden Velvindron as ACE co-chair!

Hi all, Please join me in welcoming Loganaden Velvindron as new ACE co-chair, joining Daniel Migault who is continuing as co-chair. Loganaden, thanks for taking on the role, and I look forward to working with you more! -Ben ___ Ace mailing list

Re: [Ace] draft-ietf-ace-dtls-authorize

I agree with Francesca that we should only RECOMMEND CoAP+DTLS for "both legs" of communication with the AS -- the intent of the framework is that we can decouple the protocol used in the different interactions if needed. -Ben P.S. The sentence prior to the quoted ones refers to Sections 5.6 and

Re: [Ace] [core] Proposed charter for ACE (EAP over CoAP?)

Hi Dan, Sorry to reply to such an old message... On Sat, Dec 12, 2020 at 06:36:53PM +0100, Dan Garcia Carrillo wrote: > Hi Mališa, > > > El 11/12/2020 a las 19:45, Mališa Vučinić escribió: > > > > Hi Dan, > > > > Thanks for the clarification regarding minimal-security. The points > > that you

Re: [Ace] I-D Action: draft-ietf-ace-oscore-profile-14.txt

Thanks, Francesca! It looks like the CBOR label values have gotten out of sync between Table 1 and the prose. (The IANA Considerations just refer to Table 1, so I think that Section 3.2.1 is the only thing that needs to be kept in sync.) -Ben On Mon, Dec 14, 2020 at 09:58:21AM +, Francesca

Re: [Ace] Charter discussion

Thanks for updating the draft charter at [1], Daniel! I note that Michael raised the question of whether some other group might also be interested in working on CMP-over-coap, so the IESG will be sure to discuss that if CMP is still in the draft ACE charter when it goes to the IESG for review.

[Ace] call for (ACE) co-chairing interest

Hi all, With Jim's passing we have a vacancy as ACE co-chair. It is often the case that a good WG chair candidate is already interested in the WG technologies and thus participating in the WG (though someone who is very interested and authoring many drafts in the WG may be too close to the work

Re: [Ace] draft-ietf-ace-oauth-authz-35 - unauthorized AS address, DoS, and privacy

On Thu, Sep 10, 2020 at 02:46:43PM -0400, Michael Richardson wrote: > > John Mattsson wrote: > > - That RS shares the AS address with anybody that asks can be a severe > > privacy problem. If RS is a medical device, the AS address can reveal > > sensitive information. If RS is a

Re: [Ace] Opsdir last call review of draft-ietf-ace-oscore-profile-11

Hi Linda, On Sun, Jul 19, 2020 at 08:16:17PM -0700, Linda Dunbar via Datatracker wrote: > Reviewer: Linda Dunbar > Review result: Has Nits > > I have reviewed this document as part of the Ops area directorate's ongoing > effort to review all IETF documents being processed by the IESG. These >

Re: [Ace] Genart last call review of draft-ietf-ace-oscore-profile-11

On Tue, Jul 21, 2020 at 03:56:07PM -0700, Elwyn Davies via Datatracker wrote: > Reviewer: Elwyn Davies > Review result: Almost Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the

Re: [Ace] IETF 108 tentative agenda and presentations (Daniel Migault)

On Tue, Jul 21, 2020 at 04:31:05PM -0400, Michael Richardson wrote: > > Mohit Sahni wrote: > > To give some background, this draft is an extension of Light Weight CMP > > Profile ( > > https://tools.ietf.org/html/draft-ietf-lamps-lightweight-cmp-profile-02) > > draft currently

Re: [Ace] Working Group Adoption Call for draft-bormann-core-ace-aif

On Wed, Jul 15, 2020 at 01:51:39PM -0700, Jim Schaad wrote: > I had been holding off doing an adoption call waiting for a formal request > to adopt it. However, given that this is now a dependency for three > different WG documents I think we need to do this now. > > Adoption call for >

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

On Wed, Jul 01, 2020 at 10:25:27AM +0200, Olaf Bergmann wrote: > Hi Jim, > > Jim Schaad writes: > > > If you are not doing a re-encoding of the token, then I believe that > > preferred serialization and deterministic serialization are going to > > generate the same answer. With the map being

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

's easy for you, please go ahead. Inline. > Benjamin Kaduk writes: > > > Hi Olaf, > > > > Thanks for the updated -11! > > Some minor replies below, though in general the proposals look good. > > > > On Thu, Jun 18, 2020 at 02:38:32PM +0200, Olaf Bergmann w

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

On Tue, Jun 30, 2020 at 04:21:34PM +0200, Carsten Bormann wrote: > On 2020-06-30, at 12:19, Olaf Bergmann wrote: > > > > NEW: > > > > All CBOR data types are encoded in canonical CBOR as defined in > > Section 3.9 of {{RFC7049}}. This implies in particular that the > > `type` and `L`

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

Hi Olaf, Thanks for the updated -11! Some minor replies below, though in general the proposals look good. On Thu, Jun 18, 2020 at 02:38:32PM +0200, Olaf Bergmann wrote: > Hi Benjamin, > > Benjamin Kaduk writes: > > > Thanks! I think we will probably need an -11 fairly s

Re: [Ace] "default value" for authz-info endpoint

erts): Would it make sense to define a new > attribute in the /.well-known/core format for Resource Servers using coap? > > /Ludwig > > > -----Original Message- > From: Ace On Behalf Of Benjamin Kaduk > Sent: den 31 maj 2020 00:36 > To: ace@ietf.org > Subject: [Ace]

[Ace] "default value" for authz-info endpoint

Hi all, I was prompted by the discussion at the interim to look more closely at what we say about the "default name" for endpoint URIs, e.g., the authz-info endpoint. The last paragraph of https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-33#section-5.8.1 says: The default name of this

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

On Wed, May 13, 2020 at 06:18:25PM +0200, Olaf Bergmann wrote: > Hi Ben, > > Benjamin Kaduk writes: > > > Please go ahead and upload a new version to the datatracker when you get a > > chance; I do have some further comments below. > > Thanks again for the

Re: [Ace] Update of access rights

Hi Francesca, Thanks for assembling this very nice writeup: I think it's quite helpful to get clarity, given that Ludwig thought this was already the case but I couldn't come to that conclusion based on my review of the document. I just have one (maybe nitpicky) comment: when identifying things

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

.github.io/ace-dtls-profile/ > > Benjamin Kaduk writes: > > > Hi all, > > > > Some high-level remarks before delving into the section-by-section > > comments: > > > > This document is pretty clearly DTLS 1.2-specific -- it talks about > > part

Re: [Ace] I-D Action: draft-ietf-ace-oscore-profile-10.txt

Hi Francesca, I took a look through the updates and we are looking in quite good shape. I filed https://github.com/ace-wg/ace-oscore-profile/pull/30 with a few final suggested tweaks, though I cannot quite say that they are all just editorial. In particular, I remove text about "the client MUST

Re: [Ace] ace - New Interim Meeting Request

FYI these showed up in the system as duplicates. I think I approved one set and cancelled the other, but please let me know if I fat-fingered it. -Ben On Sun, Apr 19, 2020 at 07:19:57PM -0700, IETF Meeting Session Request Tool wrote: > > A new interim meeting series request has just been

Re: [Ace] [EXTERNAL] Re: [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

On Wed, Mar 11, 2020 at 11:39:00PM +, Mike Jones wrote: > [Adding correct e-mail addresses for Chuck, who recently joined Visa] > > > > There are two reasons that I believe not using up one of the scarce one-byte > claim identifiers for "scope" is appropriate: > > 1. The claim values

Re: [Ace] AD review of draft-ietf-ace-oscore-profile-08

> which I have answered below, whatever is not reported below I found no issue > in doing the modifications you suggested, or is covered by the open points I > mentioned. Please do bring any of those I do not touch on up again if you > feel they were not solved in the PR. >

Re: [Ace] AD review of draft-ietf-ace-oscore-profile-08

register 2 new ACE parameters to transport the nonces used in > the exchange, instead of using "cnonce". (see point 3., 53.) > * Define the nonces as bstr so that length value is encoded. (7.) > https://tools.ietf.org/html/rfc8613#page-72 > * Editorial: point 75. > >

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

nt or not. > > > > Jim > > > > > > From: Ace On Behalf Of Jim Schaad > Sent: Sunday, January 19, 2020 3:35 PM > To: 'Brian Campbell' ; 'Seitz Ludwig' > > Cc: 'Roman Danyliw' ; oauth-ext-rev...@ietf.org; 'Daniel > Migault' ; drafts-lastc...@ian

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

sue a draft update that specifies > > that the JSON-based interactions should use the syntax from RFC7800 while > > the CBOR-based ones should use ID.ietf-ace-cwt-proof-of-possession. > > > > > > > > This correction goes for all the use of “cnf”, “req_cnf” and “rs_cnf

[Ace] Fwd: [OAUTH-WG] Doodle Poll for scheduling a discussion on proof-of-possession tokens

Hi all, The OAuth WG is planning to talk about proof-of-possession tokens; it would be great if some of the ACE WG participants could contribute with our experiences so far. -Ben On Mon, Jan 13, 2020 at 05:18:57PM +, Hannes Tschofenig wrote: > Hi all, > > at the Singapore IETF meeting we

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

On Thu, Jan 09, 2020 at 12:52:56PM -0800, Jim Schaad wrote: > > > -Original Message- > From: Benjamin Kaduk > Sent: Thursday, January 9, 2020 12:17 PM > To: Olaf Bergmann > Cc: Jim Schaad ; ace@ietf.org; > draft-ietf-ace-dtls-authorize@ietf.org > S

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

On Fri, Jan 03, 2020 at 08:36:54PM -0800, Jim Schaad wrote: > > > -Original Message- > From: Benjamin Kaduk > Sent: Thursday, January 2, 2020 3:40 PM > To: draft-ietf-ace-dtls-authorize@ietf.org > Cc: ace@ietf.org > Subject: AD review of draft-ietf-ace-dtls-

Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

On Thu, Jan 09, 2020 at 12:32:40PM +0100, Olaf Bergmann wrote: > Hi Jim, > > Jim Schaad writes: > > > -Original Message- > > From: Ace On Behalf Of Olaf Bergmann > > Sent: Monday, January 6, 2020 2:03 AM > > To: Jim Schaad > > Cc: ace@ietf.

[Ace] AD review of draft-ietf-ace-oscore-profile-08

Hi all, Some high-level points before the section-by-section commentary: I'm a little confused by the registry we are creating in Section 9.2. While it's clear that we need something to specify the CBOR map key labels to encode the structure for transit, it's not clear that we need easy

[Ace] AD review of draft-ietf-ace-dtls-authorize-09

Hi all, Some high-level remarks before delving into the section-by-section comments: This document is pretty clearly DTLS 1.2-specific -- it talks about particular protocol messages, message fields, and cipher suites that simply do not apply to DTLS 1.3. In order to use this profile with DTLS

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

On Mon, Dec 23, 2019 at 02:32:15PM -0700, Brian Campbell wrote: > The OAuth Token Introspection Response registry > > already has an entry for "cnf", which makes the first request in >

Re: [Ace] Alexey Melnikov's Discuss on draft-ietf-ace-coap-est-17: (with DISCUSS and COMMENT)

On Fri, Dec 20, 2019 at 06:16:34PM +0100, Carsten Bormann wrote: > On Dec 20, 2019, at 17:34, Klaus Hartke wrote: > > > > I would prefer if draft-ietf-ace-coap-est didn't say anything here, > > since the Uri-Host and Uri-Port options and whether they should be > > omitted or not is entirely

Re: [Ace] FW: [IANA #1157486] Last Call: (Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)) to Proposed

On Sat, Dec 21, 2019 at 11:07:34AM -0800, Jim Schaad wrote: > Personal opinion, > > I think that we should be requesting a separate page. I think we are going > to have enough different registries that keeping them separate from OAuth is > going to be useful in preventing confusion. For the

Re: [Ace] Alexey Melnikov's Discuss on draft-ietf-ace-coap-est-17: (with DISCUSS and COMMENT)

On Wed, Dec 18, 2019 at 05:27:06AM -0800, Alexey Melnikov via Datatracker wrote: > Alexey Melnikov has entered the following ballot position for > draft-ietf-ace-coap-est-17: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and

Re: [Ace] Review for draft-palombini-ace-coap-pubsub-profile

On Wed, Dec 18, 2019 at 03:47:04PM +, Cigdem Sengul wrote: > Dear Francesca, > > Thank you for your responses to my comments. > My comments are inline. > > > > > > > In the following, I list a few things reading the draft made me think, > > especially in its applicability to MQTT: > > > >

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-authz-27

On Sat, Dec 14, 2019 at 05:20:34PM +0100, Ludwig Seitz wrote: > On 2019-12-12 21:44, Stewart Bryant via Datatracker wrote: > > > > o A RS sending a "cnonce" parameter in an an AS Request Creation > > SB> An RS... > > This doesn't feel right, since there is no consonant in RS and the R

Re: [Ace] Secdir last call review of draft-ietf-ace-oauth-authz-27

Hi Steve, Thanks for the thoughtful and in-depth commentary; I look forward to seeing the authors' response. I'll make a few notes inline in the interim... On Sun, Dec 08, 2019 at 10:18:53AM -0800, Stephen Kent via Datatracker wrote: > Reviewer: Stephen Kent > Review result: Has Issues > >

Re: [Ace] Secdir last call review of draft-ietf-ace-coap-est-15

//github.com/SanKumar2015/EST-coaps/commit/53933bb9f9365795f2302baef2e39709ae05 > addresses your feedback? I will then re-upload it. > > Thanks, > Panos > > -Original Message- > From: Ace On Behalf Of Panos Kampanakis (pkampana) > Sent: Monday, November 18, 201

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

On Wed, Nov 27, 2019 at 03:31:16PM +, Ludwig Seitz wrote: > Hi Ben, > > replies inline. > > /Ludwig > ____ > From: Benjamin Kaduk > Sent: Tuesday, November 26, 2019 12:04 AM > To: Ludwig Seitz > Cc: ace@ietf.org > Subject:

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

Hi Ludwig, On Thu, Nov 21, 2019 at 03:16:03AM +0100, Ludwig Seitz wrote: > Hello ACE, > > turns out -26 didn't cover one of the items in Ben's review, namely the > question of using Client introspection to determine token expiration as > a lower bound for key expiration. Since the whole issue

Re: [Ace] AD review of draft-ietf-ace-oauth-params-05

(hopefully) in the framework's thread. -Ben On Mon, Nov 18, 2019 at 09:42:41PM -0800, Benjamin Kaduk wrote: > On Sun, Nov 17, 2019 at 04:45:04AM +0100, Ludwig Seitz wrote: > > On 15/11/2019 13:14, Benjamin Kaduk wrote: > > > Hi all, > > > > > > I'm mostly just

Re: [Ace] AD review of draft-ietf-ace-oauth-params-05

On Sun, Nov 17, 2019 at 04:45:04AM +0100, Ludwig Seitz wrote: > On 15/11/2019 13:14, Benjamin Kaduk wrote: > > Hi all, > > > > I'm mostly just nitpicking in the following comments; the actual content > > here is in good shape. (But some of these are popular things tha

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

On Wed, Nov 13, 2019 at 01:55:44PM +0100, Ludwig Seitz wrote: > On 10/11/2019 04:28, Benjamin Kaduk wrote: > > >>> 1.) > >>> Perhaps the most far-reaching changes needed > >>> will be to rename the "profile" claim, since that has already be

Re: [Ace] Secdir last call review of draft-ietf-ace-coap-est-15

Hi Panos, On Wed, Oct 16, 2019 at 03:06:01PM +, Panos Kampanakis (pkampana) wrote: > Hi Yaron, > > Thank you for the thorough review and feedback. > > To make sure I don't miss any of your comments over an email thread, I track > all your feedback in git issue 152 >

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

(This is still "in backwards order" (per https://mailarchive.ietf.org/arch/msg/ace/qy9wQX04zkLS3n4BHS0GxKKi1XM) albeit with a much-longer-than-planned delay...) On Tue, Oct 15, 2019 at 04:07:48PM +0200, Ludwig Seitz wrote: > Hello Ben, > > thank you for your thorough review. > > I have taken

Re: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)

r. Let me know what you decide. > > Thanks again, > -- Mike > > -Original Message- > From: Barry Leiba > Sent: Monday, October 28, 2019 2:00 PM > To: Mike Jones > Cc: Mirja Kuehlewind ; Benjamin Kaduk ;

Re: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)

On Fri, Oct 25, 2019 at 12:31:42PM -0400, Barry Leiba wrote: > Yeh, it's very common for authors to try to tell IANA how to handle > registrations, and I often push back on that as inappropriate. There > are certainly special conditions that IANA should be told about, but > this is standard

Re: [Ace] Genart last call review of draft-ietf-ace-cwt-proof-of-possession-08

Thanks for the update, Mike. I will go ahead and get this in front of the whole IESG, but one comment below... On Fri, Oct 18, 2019 at 10:57:06PM +, Mike Jones wrote: > Hi Christer, > > https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-09 has > been published, which

Re: [Ace] Genart last call review of draft-ietf-ace-coap-est-15

There will hopefully be a secdir review as well before the document goes into IESG evaluation; given this is a pretty small change, I'd say hold off on uploading for now. Thanks for asking, and thanks David for the review, Ben On Tue, Oct 08, 2019 at 06:37:25PM +, Panos Kampanakis

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

On Fri, Sep 27, 2019 at 03:22:45AM -0700, Jim Schaad wrote: > > > -Original Message- > From: Ludwig Seitz > Sent: Friday, September 27, 2019 12:03 AM > To: Benjamin Kaduk ; draft-ietf-ace-oauth-authz@ietf.org > Cc: ace@ietf.org > Subject: Re: AD review of dr

[Ace] AD review of draft-ietf-ace-oauth-authz-24

Hi all, The length of this review notwithstanding, this document is generally in good shape -- there's a bunch of localized items to tighten up, and we can flesh out the security considerations some more, but nothing too drastic should be needed. Perhaps the most far-reaching changes needed will

Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

On Tue, Sep 24, 2019 at 04:33:18PM -0700, Benjamin Kaduk wrote: > Hi all, > > Thanks for the updates; they look good! > > Before I kick off the IETF LC, I just have two things I wanted to > double-check (we may not need a new rev before the LC): > > (1) In Sec

Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

> Rgs, > Panos > > > -Original Message- > From: Ace On Behalf Of Panos Kampanakis (pkampana) > Sent: Tuesday, September 10, 2019 12:18 AM > To: Jim Schaad ; 'Michael Richardson' > > Cc: draft-ietf-ace-coap-est@ietf.org; 'Benjamin Kaduk' ; &

Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

On Mon, Sep 09, 2019 at 05:38:23PM +0100, Michael Richardson wrote: > > Benjamin Kaduk wrote: > >> I think that we could go to TLS Exporter right now, but it would take > >> some work. > > > I'd rather have both classic-EST and coap-EST benefit th

Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

On Mon, Sep 09, 2019 at 12:54:12PM +0100, Michael Richardson wrote: > > Peter van der Stok wrote: > > . if the SignedData is not the outermost container, then we don't > > care what the relevant Content-Format for it is; we only care about the > > Content-Format for the

Re: [Ace] AD review of draft-ietf-ace-coap-est-12

On Mon, Sep 02, 2019 at 02:47:10PM +0200, Peter van der Stok wrote: > Hi Ben, > > Below some additional reactions to your review. > In some parts the term "suggest" is used, meaning that I am not sure of > the correctness of my reaction. > A confirmation/denial would be appreciated in those

Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

[trimming] On Tue, Sep 03, 2019 at 02:18:22PM +0200, Peter van der Stok wrote: > >[RFC7030] recommends the use of additional encryption of the returned >private key. For the context of this specification, clients and >servers that choose to support server-side key generation MUST >

Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

Stok > > SENT: Tuesday, September 3, 2019 5:18 AM > > TO: Benjamin Kaduk > > CC: Jim Schaad ; > > draft-ietf-ace-coap-est@ietf.org; consulta...@vanderstok.org; > > ace@ietf.org > > SUBJECT: Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

Re: [Ace] AD review of draft-ietf-ace-coap-est-12 part 2

3F3925C0755799DEECA745372B01697BD8A6 – Private > Key value > > [1] (1 elem) – Public key value > > BIT STRING (520 bit) > 01011011101110001101000100010000100101101001100011… > > > > > > This looks correct to me. > > > > Jim > > > &

Re: [Ace] AD review of draft-ietf-ace-coap-est-12

kground; it seems that there's reasonable justification for the preference for certificate authentication; if a TLS-layer password-based use case does arise, it should be possible to write a companion document. > Jim Schaad schreef op 2019-08-30 01:15: > > > A couple of answers from my

[Ace] AD review of draft-ietf-ace-coap-est-12

Hi all, A good number of comments here, though many are just nits. We may need some more in-depth discussion about only using certificates for client authentication (immediately below) and how we discuss server-keygen. Thanks, Ben

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

On Mon, Aug 12, 2019 at 02:08:12PM +0200, Ludwig Seitz wrote: > Hello Ben, > > thank you for your review. Comments inline. > > @co-authors: Please check if you agree with my proposed resolutions. > > /Ludwig > > On 30/07/2019 17:56, Benjamin Kaduk wrote: > &g

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

Noting that there are several points that Jim left to the authors to reply to, also inline... On Tue, Jul 30, 2019 at 10:10:12AM -0700, Jim Schaad wrote: > Comments inline. > > -Original Message- > From: Benjamin Kaduk > Sent: Tuesday, July 30, 2019 8:56 AM > To:

[Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

We should be consistent across examples about whether the use of CBOR diagnostic notation also requires a disclaimer about "with linebreaks for readability". Section 2 Presenter Party that proves possession of a private key (for asymmetric key cryptography) or secret key (for

Re: [Ace] [Technical Errata Reported] RFC8392 (5710)

On Mon, Apr 29, 2019 at 09:53:01AM -0700, Jim Schaad wrote: > > > > -Original Message- > > From: Carsten Bormann > > Sent: Monday, April 29, 2019 9:41 AM > > To: Felipe Gasper > > Cc: Benjamin Kaduk ; Roman Danyliw ; > > Daniel Migault ; erdt.

Re: [Ace] [Technical Errata Reported] RFC8392 (5710)

On Mon, Apr 29, 2019 at 12:03:57PM -0400, Felipe Gasper wrote: > > > On Apr 29, 2019, at 12:00 PM, Benjamin Kaduk wrote: > > > > On Mon, Apr 29, 2019 at 08:55:53AM -0700, RFC Errata System wrote: > >> The following errata report has been submitted for RFC8

Re: [Ace] [Technical Errata Reported] RFC8392 (5710)

On Mon, Apr 29, 2019 at 08:55:53AM -0700, RFC Errata System wrote: > The following errata report has been submitted for RFC8392, > "CBOR Web Token (CWT)". > > -- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5710 > >

Re: [Ace] [OAUTH-WG] Resource, Audience, and req_aud

On Thu, Feb 07, 2019 at 02:28:02PM -0700, Brian Campbell wrote: > > The token-exchange draft defines both the "resource" and "audience" > parameters for use in the context of a > "urn:ietf:params:oauth:grant-type:token-exchange" grant type request to the > token endpoint. There is a lot of

Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

On Wed, Jan 30, 2019 at 09:37:45AM +0100, Ludwig Seitz wrote: > > On 30/01/2019 07:01, Jim Schaad wrote: > > ** IANA Section Issues > > > > 1. None of the new registries appear to have any guidance for the DEs to > > use when approving items. > > Is it acceptable to add a single guidance

Re: [Ace] Security of the Communication Between C and RS

On Thu, Dec 20, 2018 at 09:11:24AM +, Hannes Tschofenig wrote: > > -Original Message- > From: Ludwig Seitz > Sent: Donnerstag, 20. Dezember 2018 08:40 > To: Jim Schaad ; Hannes Tschofenig > ; 'Stefanie Gerdes' ; ace@ietf.org > Subject: Re: [Ace] Security of the Communication Between

  1   2   >