Re: [Ace] Call for adoption of draft-palombini-ace-key-groupcomm

On Thu, Dec 06, 2018 at 03:12:04PM -0800, Jim Schaad wrote: > I have not looked in detail at the mls protocol documents, but from what I > remember they have more or less skipped the entire AAA question of having a > central authorizer and made it so that any entity which is currently active >

Re: [Ace] [Secdispatch] EDHOC

On Fri, Jan 18, 2019 at 11:54:58AM -0500, Richard Barnes wrote: > Let me provide some additional context. When the chairs and ADs discussed > this in BKK, it seemed pretty clear that EDHOC is not within the current > charter of ACE — after all, ACE is targeted at authentication and >

Re: [Ace] Resume of discussion at IETF 103 meeting on draft-ietf-ace-oauth-authz

[with no hats] On Mon, Nov 12, 2018 at 04:21:55PM +0100, Ludwig Seitz wrote: > Hello ACE, > > I wanted to post a resume of the in room discussions from the IETF 103 > meeting, related to draft-ietf-ace-oauth-authz, for those who missed > them and those who want to further comment (sorry for

Re: [Ace] EDHOC standardization

On Mon, Nov 05, 2018 at 09:16:54AM +0700, Michael Richardson wrote: > > Benjamin Kaduk wrote: > >> John Mattsson wrote: > of negotiation is > >> still needed. The current plan for the next version > is to introduce > >> cipher suites a

Re: [Ace] EDHOC standardization

On Fri, Nov 02, 2018 at 02:55:54PM +, John Mattsson wrote: > Hi Benjamin, Salvador > > While DTLS 1.3 have done a very good job of lowering the overhead of the > record layer when application data is sent (see e.g. >

Re: [Ace] Minimizing overhead of certificates in constrained IoT

On Fri, Nov 02, 2018 at 11:31:16AM +, John Mattsson wrote: > Hi, > > We recently submitted > https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-00, which build > on research done by Research Institutes of Sweden, Royal Institute of > Technology in Stockholm, and Nexus: > >

Re: [Ace] EDHOC standardization

Hi Salvador, On Wed, Oct 31, 2018 at 10:12:54AM +0100, Salvador Pérez wrote: > Hello authors of EDHOC, > > we have implemented a previous version of EDHOC > (draft-selander-ace-cose-ecdhe) and want to share some experiences. > > Our work so far has focused on implementation and

Re: [Ace] WGLC for draft-ietf-ace-authz

Just one minor note -- this is a great discussion to see happening! On Tue, Oct 23, 2018 at 04:43:14PM +0200, Ludwig Seitz wrote: > > On 22/10/2018 21:09, Jim Schaad wrote: > > * Section 5.8.2 - If the RS is going to do introspection, can it send some > > type of "Server Busy - try again in xxx"

Re: [Ace] ACE - OAuth Synchronization

Hi Hannes, Can you remind me which parameters are being problematic in this regard? I mostly only remember the ace discussions of keyid, recently, so I probably lost track of some relevant bits. Thanks, Ben On Thu, Jul 19, 2018 at 02:34:26PM +, Hannes Tschofenig wrote: > Hi Ben, Hi Ekr, >

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

Ben. > > This begs the question why the collision of session keys is suddenly a > problem in the ACE context when it wasn't a problem so far. Something must > have changed. > > Ciao > Hannes > > > -----Original Message- > From: Benjamin Kaduk [mailto:ka...

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

On Tue, Jun 26, 2018 at 08:53:57AM +, Hannes Tschofenig wrote: > Ben, > > I was wondering whether the situation is any different in Kerberos. If the > KDC creates tickets with a session key included then it needs to make sure > that it does not create the same symmetric key for different

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote: > See my note just now proposing this text to Jim: > > "Likewise, if PoP keys are used for multiple different kinds of CWTs in an > application and the PoP keys are identified by Key IDs, care must be taken to > keep the keys for the

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

On Fri, Jun 22, 2018 at 01:36:16PM +, Hannes Tschofenig wrote: > Hi Jim, > > > > My problem is that if there are two different people with the same Key ID, > either intentionally or unintentionally, then using the key ID to identify > the key may allow the other person to masquerade as the

Re: [Ace] How to specify DTLS MTI in COAP-EST

On Wed, Jun 06, 2018 at 07:32:13PM -0400, Michael Richardson wrote: > > In draft-ietf-ace-coap-est, we would like to specify some mandatory to > implement algorithms for DTLS. > > We write: >The mandatory cipher suite for DTLS in EST-coaps is >TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 defined

Re: [Ace] draft-ietf-ace-coap-est-00

On Tue, Mar 13, 2018 at 09:44:37PM -0400, Michael Richardson wrote: > > Jim Schaad wrote: > > In section 2 - There will be a problem in that the port format > extension is > > being eliminated in TLS 1.3 - We may want to divide this into a 1.2 and > 1.3 > >

[Ace] Draft agenda for London

Hi all, I just (belatedly) posted a draft agenda to the datatracker (https://datatracker.ietf.org/doc/agenda-101-ace/), also copied below. Please holler if there are obvious bugs, you requested time but didn't get a response, etc. I know it's a little bit of short notice, but to the speakers:

Re: [Ace] draft-ietf-ace-coap-est-00

On Mon, Mar 12, 2018 at 09:08:05AM +0100, peter van der Stok wrote: > Hi Jim, > > thanks for the comments. See my reactions below. > Jim Schaad schreef op 2018-03-10 22:15: > > I agree with Hannes, this version of the document is much cleaner and > > much > > clearer. I think that it has solved

Re: [Ace] CBOR Web Token (CWT) draft addressing IETF last call comments

ms, as suggested by Kyle Rose. > * Added guidance about the selection of the Designated Experts, as > suggested by Benjamin Kaduk. > * Acknowledged additional reviewers. > > The specification is available at: > > * https://tools.ietf.org/html/draft-ietf-ace-cbo

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

On Tue, Feb 27, 2018 at 11:59:50AM +0200, Dan Romascanu wrote: > Hi, > > See also my other notes. > > I believe that what the document tries to say is: > > Register R is divided into four different ranges R1, R2, R3, R4 (defining > the value limits may be useful) > > Values in range R1 are

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

On Mon, Feb 26, 2018 at 11:03:07AM -0800, Dan Romascanu wrote: > > 1. CWT is derived from JWT (RFC 7519) using CBOR rather than JSON for > encoding. > The rationale as explained in the document is related to efficiency for some > IoT systems. The initial claims registry defined in Section 9.1 is

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

On Mon, Feb 26, 2018 at 11:19:04PM +0200, Dan Romascanu wrote: > Hi Jim, > > Thank you for your answer and for addressing my comments. > > On item #2: > > > > On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad wrote: > > > > > > > > -Original Message- > > > From:

[Ace] shepherd review of draft-ietf-ace-cbor-web-token-11

Hi all, We're getting ready to send this to Kathleen for processing (hopefully to finish before her term as AD does!), but there are a few nits that should be fixed with a new rev before we actually push the button. We currently have an informational reference to RFC 5226, which has since been

Re: [Ace] Removal of the Client Token from ACE-OAuth draft

On Thu, Feb 01, 2018 at 01:59:48PM +, Hannes Tschofenig wrote: > Hi all, > > the Client Token is a new mechanism in the ACE-OAuth that aims to solve a > scenario where the Client does not have connectivity to the Authorization > Server to obtain an access token while the Resource Server

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token (ends 29 November)

On Thu, Nov 23, 2017 at 11:55:46AM +0100, Carsten Bormann wrote: > Hi Ludwig, > > > I'm not sure what the RFC editors prefer as affiliation > > (I've seen both): > > > > -- > > E. Wahlstroem > > > > -- OR > > E. Wahlstroem > > (no affiliation) > > — > > I don’t know what the RFC editor

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token (ends 29 November)

Reminder: there is only one week left in this WGLC. -Ben On Wed, Nov 01, 2017 at 12:24:56PM -0500, Benjamin Kaduk wrote: > This message begins a working group last call for > draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC, > ending at 23:59 PST on Wednesday 29

Re: [Ace] IETF 100 draft agenda posted

> -Original Message- > From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Benjamin Kaduk > Sent: 07 November 2017 16:49 > To: ace@ietf.org > Subject: [Ace] IETF 100 draft agenda posted > > Hi all, > > I just posted a draft agenda to the datatracker for our se

[Ace] IETF 100 draft agenda posted

Hi all, I just posted a draft agenda to the datatracker for our sesion in Singapore, included below for your convenience. Note that it is still draft, i.e., might change some more. Presenters, please send your slides to the chairs by Sunday the 12th so that we can get them uploaded and confirm

Re: [Ace] timeslot for draft-ietf-ace-dtls-authorize @IETF 100

Hi Olaf, On Mon, Nov 06, 2017 at 05:11:43PM +0100, Olaf Bergmann wrote: > Dear chairs, > > we would like to request a 10 min timeslot for the ACE session at IETF > 100 to present the current status of draft-ietf-ace-dtls-authorize. We > have not yet decided on a presenter but at least one of the

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

On Wed, Nov 01, 2017 at 06:33:59PM +0100, Carsten Bormann wrote: > Just wondering: > > Are you aware that this is a second WGLC? You didn’t mention that. I was aware, sorry for not mentioning it. (The first WGLC was on the -04.) > (And do we really need four weeks for a second WGLC? Even

[Ace] WGLC on draft-ietf-ace-cbor-web-token

This message begins a working group last call for draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC, ending at 23:59 PST on Wednesday 29 November, 2017. The current (-09) version of the document is available at: https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-09 .

<    1   2