[Ace] WGLC for draft-ietf-dtl-authorize

The chairs believe that the set of documents dealing with the OAuth framework for constrained environments is nearing the point that we should be able to advance it to the IESG for publication. We therefore want to have a full list of issues that need to be dealt with at the Bangkok meeting.

[Ace] WGLC for draft-ietf-ace-oscore-profile

The chairs believe that the set of documents dealing with the OAuth framework for constrained environments is nearing the point that we should be able to advance it to the IESG for publication. We therefore want to have a full list of issues that need to be dealt with at the Bangkok meeting.

[Ace] WGLC for draft-ietf-ace-authz

The chairs believe that the set of documents dealing with the OAuth framework for constrained environments is nearing the point that we should be able to advance it to the IESG for publication. We therefore want to have a full list of issues that need to be dealt with at the Bangkok meeting.

Re: [Ace] JWT + OAuth Request

> -Original Message- > From: Michael Richardson > Sent: Thursday, October 4, 2018 6:45 AM > To: Jim Schaad > Cc: ace@ietf.org > Subject: Re: [Ace] JWT + OAuth Request > > > Jim Schaad wrote: > > The OAuth group discovered a problem with some t

Re: [Ace] ace-coap-est: unclear definition of /.well-known/est URI

> -Original Message- > From: Ace On Behalf Of Michael Richardson > Sent: Monday, September 24, 2018 9:27 AM > To: consulta...@vanderstok.org > Cc: Esko Dijk ; Panos Kampanakis (pkampana) > ; ace@ietf.org > Subject: Re: [Ace] ace-coap-est: unclear definition of /.well-known/est URI > >

Re: [Ace] Review draft-ietf-ace-coap-est

Yes I think that is correct. I’ll need to review final text at some point but what you say below look right. From: Panos Kampanakis (pkampana) Sent: Thursday, September 13, 2018 1:29 PM To: Jim Schaad ; consulta...@vanderstok.org Cc: draft-ietf-ace-coap-...@ietf.org; 'ace' Subject: RE

Re: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth-authz

We are doing all of this in response to a draft? Why can you not fix the draft and put the OAuth parameters in a sub map so there is no collisions? Jim > -Original Message- > From: Mike Jones > Sent: Tuesday, August 28, 2018 9:45 AM > To: Ludwig Seitz ; Samuel Erdtman ;

Re: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth-authz

> -Original Message- > From: Ace On Behalf Of Ludwig Seitz > Sent: Monday, August 27, 2018 12:52 AM > To: ace@ietf.org > Subject: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth- > authz > > Hello group, > > at IETF 102 there was a discussion about the numerical

Re: [Ace] Text for KID in POP

Should be circumscribed not circumcised although the first does echo my personal feelings. Jim > -Original Message- > From: Ace On Behalf Of Jim Schaad > Sent: Wednesday, July 18, 2018 6:13 PM > To: ace@ietf.org > Subject: [Ace] Text for KID in POP > > A

[Ace] Text for KID in POP

Add the following text to section 3.4. WARNING: The use of a Key ID in a POP CWT needs to be carefully circumcised. Where the Key ID is not a cryptographic value derived from the key or where all of the parties involved are not validating the cryptographic derivation, it is possible to get into

Re: [Ace] Review Comments on -03

://AS/token. Once upon a time, I thought there was some work being done in the core group that would help clean this up. It has not finished, nor have I seen much about it recently. Jim > -Original Message- > From: Carsten Bormann > Sent: Monday, July 16, 2018 7:14 AM > To

[Ace] Comments on ace key groupcomm -01

* Section 2 - client - write rights and/or read rights. Unless you think that write implies read in which case you should state that * Section 2 - KDC - should also say what it does in the later parts - * Section 2 - Dispatcher - If this is a bus, then you are not really communicating with it

Re: [Ace] Review draft-ietf-ace-coap-est

From: Peter van der Stok Sent: Monday, July 9, 2018 1:01 AM To: Jim Schaad Cc: consulta...@vanderstok.org; draft-ietf-ace-coap-...@ietf.org; 'ace' Subject: Re: [Ace] Review draft-ietf-ace-coap-est * In section 4.1 I have a question about what you are using for payload content

Re: [Ace] Review draft-ietf-ace-coap-est

From: Peter van der Stok Sent: Wednesday, July 4, 2018 1:53 AM To: Jim Schaad Cc: draft-ietf-ace-coap-...@ietf.org; 'ace' Subject: Re: [Ace] Review draft-ietf-ace-coap-est Hi Jim, Many thanks for the review. See our answers below. * In section 4.1 I have a question about what you

[Ace] Review draft-ietf-ace-coap-est

* In section 4.1 I have a question about what you are using for payload content encoding. Part of this might just be a question of how you plan to move from ASN.1 to CBOR at some point in the future. I think that it would necessitate doing new media-types in that event. You appear to be doing a

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

From: Samuel Erdtman Sent: Wednesday, June 27, 2018 8:18 AM To: Jim Schaad Cc: Hannes Tschofenig ; Benjamin Kaduk ; Mike Jones ; draft-ietf-ace-cwt-proof-of-possess...@ietf.org; ace@ietf.org Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02 Jim

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

that they should not be doing. This is about an attack not about getting things to generally work right. Jim > -Original Message- > From: Hannes Tschofenig > Sent: Tuesday, June 26, 2018 6:09 PM > To: Jim Schaad ; 'Benjamin Kaduk' > ; 'Mike Jones' > Cc: draft-ietf-ace-cw

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

No Ben, you are 100% correct. This is about identifiers and not session keys. > -Original Message- > From: Benjamin Kaduk > Sent: Tuesday, June 26, 2018 5:14 PM > To: Hannes Tschofenig > Cc: Mike Jones ; Jim Schaad > ; draft-ietf-ace-cwt-proof-of-possess...@ietf.o

[Ace] Montreal IETF Agenda

If you want a spot on the agenda please let the chairs know. Please include topic/draft, presenter and a time request. Jim ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

[Ace] Early registration of CoAP Media types for draft-ietf-ace-coap-est

We have received a request for early registration approval for the media types in draft-ietf-ace-coap-est. As part of the input to the decision to do this we need to know if there are any people who object to proceeding. If you object please respond either to the list or to the chairs and

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

No not really, Hannes's language is much closer to what I am looking for. I don't care if they are different kinds of CWTs. I care about impersonation. > -Original Message- > From: Mike Jones > Sent: Friday, June 22, 2018 10:44 PM > To: Jim Schaad ; Hannes Tschofenig > ;

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

> -Original Message- > From: Benjamin Kaduk > Sent: Friday, June 22, 2018 10:44 PM > To: Hannes Tschofenig > Cc: Jim Schaad ; 'Mike Jones' > ; draft-ietf-ace-cwt-proof-of- > possess...@ietf.org; ace@ietf.org > Subject: Re: [Ace] Key IDs ... RE: WGLC on

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

That language works if you assume that there is only one CWT that an RS will look to. If there are multiple CWTs then one needs coordination language between them. > -Original Message- > From: Hannes Tschofenig > Sent: Friday, June 22, 2018 6:36 AM > To: Jim Schaad ;

Re: [Ace] Review of draft-ietf-ace-oauth-authz -12

I sent this review early by accident (I thought I was sending a different mail). However a couple things below. From: Samuel Erdtman Sent: Thursday, June 21, 2018 8:15 AM To: Jim Schaad Cc: draft-ietf-ace-oauth-au...@ietf.org; ace Subject: Re: [Ace] Review of draft-ietf-ace-oauth

Re: [Ace] [core] Early media-type registration for EST over CoAP

That sounds like a good plan forward. Are you also going to need an early registration on the multipart-core draft as well? Jim From: Peter van der Stok Sent: Wednesday, June 20, 2018 3:07 AM To: Carsten Bormann Cc: Hannes Tschofenig ; core ; ace@ietf.org; Jim Schaad ; r

[Ace] Review of draft-ietf-ace-oauth-authz -12

Based on where I currently am, here is another review of the document. 1. In section 4 for Figure one: Is the term "RS Information" your term or an OAuth term. When I see this I think of it as information for not about the RS which I do not believe is the intent. 2. In section 5.1 - I am

Re: [Ace] [core] Early media-type registration for EST over CoAP

> -Original Message- > From: Ace On Behalf Of Michael Richardson > Sent: Tuesday, June 19, 2018 7:33 AM > To: core ; ace@ietf.org > Subject: Re: [Ace] [core] Early media-type registration for EST over CoAP > > > Carsten Bormann wrote: > > On Jun 19, 2018, at 14:11, Carsten

[Ace] Contact Info for ACE Interop Event tomorrow

We will go ahead and use a webex meeting for the interop event tomorrow JOIN WEBEX MEETING https://ietf.webex.com/ietf/j.php?MTID=m1e4d4e3b7a8f81354335d9be30dc3687 Meeting number (access code): 640 485 375 Host key: 770328 Meeting password: DEGrDby3 JOIN BY PHONE 1-650-479-3208 Call-in toll

Re: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-possession-02

> -Original Message- > From: Hannes Tschofenig <hannes.tschofe...@arm.com> > Sent: Wednesday, May 23, 2018 12:55 PM > To: Jim Schaad <i...@augustcellars.com>; draft-ietf-ace-cwt-proof-of- > possess...@ietf.org > Cc: ace@ietf.org > Subject: RE: [Ace]

Re: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-possession-02

I have removed items where the proposed solution is probably sufficient. > -Original Message- > From: Mike Jones <michael.jo...@microsoft.com> > Sent: Sunday, May 20, 2018 4:34 AM > To: Jim Schaad <i...@augustcellars.com>; draft-ietf-ace-cwt-proof-of- > po

Re: [Ace] OAuth-Authz Interop

. It would be nice to get those changes published. Jim > -Original Message- > From: Ace <ace-boun...@ietf.org> On Behalf Of Ludwig Seitz > Sent: Tuesday, May 15, 2018 6:47 AM > To: ace@ietf.org > Subject: Re: [Ace] OAuth-Authz Interop > > On 2018-05-07 18:44, Jim Sc

Re: [Ace] OAuth-Authz Interop

etf.org> Subject: Re: [Ace] OAuth-Authz Interop On 2018-05-08 08:57, Ludwig Seitz wrote: > On 2018-05-07 18:44, Jim Schaad wrote: >> I have been meaning to get this out for a while and have failed. A >> doodle poll to setup an interop event for this work is at >> &

[Ace] OAuth-Authz Interop

I have been meaning to get this out for a while and have failed. A doodle poll to setup an interop event for this work is at https://doodle.com/poll/k27g9r26bghvnytu If you want to participate and none of the times are good please let me know. Things for testing: 1) DTLS profile w/ shared

[Ace] draft-ietf-ace-coap-est-00

I agree with Hannes, this version of the document is much cleaner and much clearer. I think that it has solved most of the problems that I initially had with the draft. It is not ready to progress as there are still sections that are marked as TODO. But it is much closer to finishing that it

Re: [Ace] Adam Roach's No Objection on draft-ietf-ace-cbor-web-token-13: (with COMMENT)

It might make more sense to prefix the JWT versions as not being what is here. Jim > -Original Message- > From: Mike Jones [mailto:michael.jo...@microsoft.com] > Sent: Wednesday, March 7, 2018 9:47 PM > To: Benjamin Kaduk ; Adam Roach > Cc: The IESG

Re: [Ace] Alexey Melnikov's No Objection on draft-ietf-ace-cbor-web-token-12: (with COMMENT)

> -Original Message- > From: Alexey Melnikov [mailto:aamelni...@fastmail.fm] > Sent: Sunday, March 4, 2018 1:01 PM > To: Jim Schaad <i...@augustcellars.com>; The IESG <i...@ietf.org> > Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; &g

Re: [Ace] Alexey Melnikov's No Objection on draft-ietf-ace-cbor-web-token-12: (with COMMENT)

IANA does ask for the expert review as part of the processing it does even for standards track documents. This is because, in part, they are responsible for doing the final number assignment. That is which number in the range is actually used. The interesting question would be what happens

[Ace] Agenda Items for London

Please let the chairs know if you want a slot on the agenda for London. Please give us an idea of what you think you need to cover, how long you think it will take and who is doing the presentations. For people doing the presentations, I would like to get slides during the week of March 12th so

[Ace] Adoption of draft-vanderstok-ace-est

Looking at the mailing list, it appears that the working group thinks that the document should be adopted. Peter, please republish the document as an ACE working group document and I will then approve it. Jim ___ Ace mailing list Ace@ietf.org

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

From: Dan Romascanu [mailto:droma...@gmail.com] Sent: Tuesday, February 27, 2018 2:23 PM To: Jim Schaad <i...@augustcellars.com> Cc: Benjamin Kaduk <ka...@mit.edu>; gen-art <gen-...@ietf.org>; draft-ietf-ace-cbor-web-token@ietf.org; ietf <i...@ietf.org>; ace@ie

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

Kaduk <ka...@mit.edu> Cc: Jim Schaad <i...@augustcellars.com>; gen-art <gen-...@ietf.org>; draft-ietf-ace-cbor-web-token@ietf.org; ietf <i...@ietf.org>; ace@ietf.org Subject: Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12 Hi, See also my

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

From: Dan Romascanu [mailto:droma...@gmail.com] Sent: Monday, February 26, 2018 1:19 PM To: Jim Schaad <i...@augustcellars.com> Cc: gen-art <gen-...@ietf.org>; ace@ietf.org; ietf <i...@ietf.org>; draft-ietf-ace-cbor-web-token@ietf.org Subject: Re: Genart telechat re

[Ace] Minutes for IETF 100

I have uploaded the minutes for the meeting. Please feel free to look at them and send me comments. Jim ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token (ends 29 November)

Esko, Whether a generic encode would automatically skip over tags is going to depend on the data model presented to the user by the parser. I have worked with one where the tags are ignored by the data model unless the user explicitly asks about them. I have worked with another where the

Re: [Ace] CWT - Audience

This was done because, in CBOR, there is a way to distinguish between a string and a URL. This is lacking in JSON. I believe that the ability to not have to determine this heuristically is a good thing. Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman Sent:

Re: [Ace] Review of draft-ietf-ace-cwt-proof-of-possession 00

> -Original Message- > From: Mike Jones [mailto:michael.jo...@microsoft.com] > Sent: Friday, October 27, 2017 7:43 PM > To: Jim Schaad <i...@augustcellars.com>; draft-ietf-ace-cwt-proof-of- > possess...@ietf.org > Cc: ace@ietf.org > Subject: RE: Review

Re: [Ace] Question about the response to an unauthorized request

[mailto:cigdem.sen...@gmail.com] Sent: Wednesday, October 25, 2017 2:19 PM To: Jim Schaad <i...@augustcellars.com> Cc: Ludwig Seitz <ludwig.se...@ri.se>; ace@ietf.org Subject: Re: [Ace] Question about the response to an unauthorized request UMA assumes that resource server

Re: [Ace] Question about the response to an unauthorized request

em On Mon, Oct 23, 2017 at 2:38 PM, Ludwig Seitz <ludwig.se...@ri.se <mailto:ludwig.se...@ri.se> > wrote: Hello ACE, Jim Schaad has brought up an interesting question [1] on draft-ietf-ace-oauth-authz [2]: Currently when a client makes an unauthorized request to a resou

Re: [Ace] Question about the response to an unauthorized request

heless, it may be useful to think how other groups approach similar problems. Best, --Cigdem On Mon, Oct 23, 2017 at 2:38 PM, Ludwig Seitz <ludwig.se...@ri.se <mailto:ludwig.se...@ri.se> > wrote: Hello ACE, Jim Schaad has brought up an interesting question [1] on dr

[Ace] Review of draft-ietf-ace-cwt-proof-of-possession 00

* I dislike the statement of what the specification claims to do. It will be misread by many people who are not familiar with how you are defining the word "presenter". If I intercept a CWT and present it to a validator, it does not make a claim that I possess a specific POP key. Given what

[Ace] FW: draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag

Of Jim Schaad Sent: Thursday, October 19, 2017 2:14 PM To: 'Carsten Bormann' <c...@tzi.org>; 'Hannes Tschofenig' <hannes.tschofe...@arm.com> Cc: 'Mike Jones' <michael.jo...@microsoft.com>; ace@ietf.org Subject: Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag The type

Re: [Ace] Comments on draft-tiloca-ace-oscoap-joining

palomb...@ericsson.com] > Sent: Friday, October 20, 2017 6:21 AM > To: Jim Schaad <i...@augustcellars.com>; draft-tiloca-ace-oscoap- > join...@ietf.org; draft-palombini-ace-coap-pubsub-prof...@ietf.org > Cc: ace@ietf.org > Subject: RE: Comments on draft-tiloca-ace-oscoap-joinin

[Ace] Comments on draft-tiloca-ace-oscoap-joining

After the interim meeting, I read this document through in order to produce a review. Instead you are going to get a meta-review. I am having a hard to seeing why this document exists in its current form and it is not some type of simple profile of the pub-sub security draft. While I am not sure

Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag

ormann [mailto:c...@tzi.org] > Sent: Thursday, October 19, 2017 1:32 PM > To: Hannes Tschofenig <hannes.tschofe...@arm.com> > Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad > <i...@augustcellars.com>; ace@ietf.org > Subject: Re: [Ace] draft-ietf-ace-cbor-web

[Ace] draft-palombini-ace-coap-pubsub-profile

After doing some reading elsewhere, I think it would be reasonable to outline the version of security when the pub/sub agent can be trusted. This makes a contrast with this model that people should understand. Jim ___ Ace mailing list Ace@ietf.org

[Ace] Review - draft-seitz-ace-oscoap-profile-03

Here are some comments on the draft. 1. Please change the title. It would be more appropriate to say that you are "OSCOAP profile of the Authentication and Authorization for Constrained Environments Framework". ( I will also be asking for a rename of that document to add framework to highlight

[Ace] Review of draft-jones-ace-cwt-proof-of-possession-00

Abstract - I am unclear how this is a profile of RFC 7800 rather than a restatement of that document. In what way does this qualify as a profile? Introduction - I do not understand the second half of the first sentence in the introduction. It claims that the document is going to show how proof

[Ace] draft-ietf-ace-cbor-web-token

Are the authors planning to do anything with the external data option that is part of the COSE specification? I realize that this is not part of JWT and thus including it would lead to a difference between the specifications, but as I was working to try and get my CWT implementation the question

[Ace] Comments on draft-ietf-ace-oauth-authz

* Figure 7 makes no sense. This appears to be mapping a string to a keyed object. I think however, that the error here is used as a value not a key. * Is there a recommendation for behavior if a new item is posted to the authz-info endpoint which has the same key id as a previous one? I can

Re: [Ace] I-D Action: draft-ietf-ace-cbor-web-token-05.txt

See below. Jim From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: Thursday, June 22, 2017 1:40 AM To: Jim Schaad <i...@augustcellars.com> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace <ace@ietf.org> Subject: Re: [Ace] I-D Action: draft-ietf-ace-cbor-web-token-05.txt

[Ace] Review on draft-ietf-ace-dtls-authorize-00

I have some comments on this draft that I have gotten from implementation attempts. Major Issues: Section 2 talks about looking things up in the resource directory, but it does not say what one would be looking for. Is this material which should be in the generic document? Section 2 - I see a

Re: [Ace] I-D Action: draft-ietf-ace-cbor-web-token-05.txt

Comments on this version of the draft. Section 7 - Step 6 & 7 - I do not know if it is legal to have a CWT CBOR tag at this point Section 7 - In Step 7 - it must be a valid CBOR map not just a valid CBOR object. Appendix A.3 - I was unable to reproduce the example. I assume that this means

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

and what is not so important might be one way to get around some of these issue Jim -Original Message- From: Mike Jones [mailto:michael.jo...@microsoft.com] Sent: Tuesday, May 16, 2017 3:58 PM To: Carsten Bormann <c...@tzi.org> Cc: Jim Schaad <i...@augustcellars.com>; Samuel E

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

To: Mike Jones <michael.jo...@microsoft.com> Cc: Jim Schaad <i...@augustcellars.com>; Samuel Erdtman <sam...@erdtman.se>; ace <Ace@ietf.org> Subject: Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token On May 16, 2017, at 00:16, Mike Jones <michael.jo...@microsoft.

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

Actually, I think both of those were Carsten not me From: Mike Jones [mailto:michael.jo...@microsoft.com] Sent: Monday, May 15, 2017 3:17 PM To: Jim Schaad <i...@augustcellars.com>; 'Samuel Erdtman' <sam...@erdtman.se> Cc: 'ace' <Ace@ietf.org> Subject: RE: [Ace] WGLC on d

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

It is correct that the tag can be added and subtracted at will w/o changing anything. From: Mike Jones [mailto:michael.jo...@microsoft.com] Sent: Monday, May 15, 2017 2:17 PM To: Samuel Erdtman <sam...@erdtman.se>; Jim Schaad <i...@augustcellars.com> Cc: ace <Ace@ietf.o

Re: [Ace] New OAuth client credentials RPK and PSK

How is this draft supposed to interact with draft-gerdes-ace-dtls-authorize? Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman Sent: Friday, May 12, 2017 1:03 AM To: ; ace Cc: Ludwig Seitz

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: Sunday, May 14, 2017 3:40 AM To: Jim Schaad <i...@augustcellars.com> Cc: ace <Ace@ietf.org> Subject: Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token Hi Jim, Thanks for your review and comments, see some initial re

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

Not ready to ship. * I find the text for NumericDate confusing and would suggest this is a cleaner wording. The "NumericDate" term has the same meaning, syntax and Processing rules as the "NumericDate" term defined in Section 2 of JWT [RFC7519], except that the CBOR numeric representation

Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03

From: Mike Jones [mailto:michael.jo...@microsoft.com] Sent: Wednesday, April 5, 2017 6:02 PM To: Samuel Erdtman <sam...@erdtman.se>; Jim Schaad <i...@augustcellars.com> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace <Ace@ietf.org> Subject: RE: [Ace] Review of draft-ietf-

Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03

Some comments inline From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: Sunday, April 2, 2017 10:58 PM To: Jim Schaad <i...@augustcellars.com> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace <Ace@ietf.org> Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-0

Re: [Ace] Review of draft-ietf-ace-cbor-web-token-03

It has been pointed out to me that I was incorrect when I thought that the TLA for the WG was SET. It should be secevent. Jim From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: Sunday, April 2, 2017 10:58 PM To: Jim Schaad <i...@augustcellars.com> Cc: draft-ietf-ace-cb

[Ace] Review of draft-ietf-ace-cbor-web-token-03

Given that it was stated that the authors believe that the document was ready for publication, I decided to do another review pass. 1. Following the discussion in the SET WG meeting, I believe that it would be reasonable to define some inputs for the external data fields to allow for

Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02

of this adoption call as a gating factor to produce such an update. jim > -Original Message- > From: peter van der Stok [mailto:stokc...@xs4all.nl] > Sent: Tuesday, March 7, 2017 12:33 AM > To: Jim Schaad <i...@augustcellars.com> > Cc: 'Kepeng Li' <kepeng@alibab

Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02

; <stokc...@xs4all.nl> > Cc: Jim Schaad <i...@augustcellars.com>; 'Kepeng Li' <kepeng.lkp@alibaba- > inc.com>; consulta...@vanderstok.org; Ace@ietf.org > Subject: Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02 > > Hi Derek > > we

Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02

After thinking about this for a long time, I will reluctantly state a position. I do not believe that the WG should adopt this document at least until such a time as a version has been released which does a substantially better job of restricting the scope of the problem to be solved. If the

[Ace] Questions on draft-ietf-ace-oauth-authz

In going through and starting to map out how an implementation would work, I have started getting some questions. 1. What is the difference between scope and audience, and is there an expected way that these values would relate to a CoAP URI? From OAuth, I would have generally expected scope to

Re: [Ace] draft-somaraju-ace-multicast

See Below From: Somaraju Abhinav [mailto:abhinav.somar...@tridonic.com] Sent: Monday, February 6, 2017 12:01 PM To: Jim Schaad <i...@augustcellars.com>; draft-somaraju-ace-multic...@tools.ietf.org Cc: 'ace' <ace@ietf.org> Subject: Re: [Ace] draft-somaraju-ace-multicast

Re: [Ace] draft-somaraju-ace-multicast

See comments inline From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Somaraju Abhinav Sent: 02 February 2017 03:48 To: Jim Schaad <i...@augustcellars.com>; draft-somaraju-ace-multic...@tools.ietf.org Cc: 'ace' <ace@ietf.org> Subject: Re: [Ace] draft-somaraju-ace-multicas

[Ace] Review of draft-selander-ace-cose-ecdhe-02

This may be a bit scatterbrained as I did this review in several sessions and the thoughts might not be consistent. 1. In section #1, I would put in the fact that the derived key would only be used for a period of time, after which a new ECDH key exchange would be run again. 2. It is not

<    1   2   3