.
-- Mike
-Original Message-
From: Ace On Behalf Of Ludwig Seitz
Sent: Tuesday, July 3, 2018 2:33 AM
To: 'ace'
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
On 2018-07-03 11:31, Ludwig Seitz wrote:
>
> 6. Client B
On 2018-07-03 11:31, Ludwig Seitz wrote:
6. Client B gets 2 from AS bound via the cnf claim to KID="A"
This should of course read:
Client B gets T2 from AS ...
/Ludwig
--
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
___
I've finally had the time to think about that Key ID issue for ACE.
Here is what I got:
The case Jim is worried about is the following:
* Client A has key K1 with KID = "A"
* RS also has key K1 with KID = "A"
* Client A has the right to token T1 on RS
* Client B has the right to token T2 on
fenig ; Benjamin Kaduk ;
> ace
> *Subject:* Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
>
>
> Thanks for the clarifying comments here comes a few replies since I will
> not be able to join the IETF meeting :-(
>
>
>
> see i
of-of-possess...@ietf.org>;
> ace@ietf.org<mailto:ace@ietf.org>
> Subject: RE: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> Hi Jim,
>
> you are essentially proposing that we should not directly use the key id
that
> is in the CWT-P
To: Hannes Tschofenig; 'Benjamin Kaduk'; 'Mike Jones'
Cc: draft-ietf-ace-cwt-proof-of-possess...@ietf.org; ace@ietf.org
Subject: RE: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
Hannes,
My worry is not about implementers getting this correct and picking random
key ids. My worry
From: Samuel Erdtman
Sent: Wednesday, June 27, 2018 8:18 AM
To: Jim Schaad
Cc: Hannes Tschofenig ; Benjamin Kaduk
; Mike Jones ;
draft-ietf-ace-cwt-proof-of-possess...@ietf.org; ace@ietf.org
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
Jim
d ; 'Benjamin Kaduk'
> > ; 'Mike Jones'
> > Cc: draft-ietf-ace-cwt-proof-of-possess...@ietf.org; ace@ietf.org
> > Subject: RE: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> > possession-02
> >
> > Hi Jim,
> >
> > you are essential
t-proof-of-possess...@ietf.org; ace@ietf.org
> Subject: RE: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> Hi Jim,
>
> you are essentially proposing that we should not directly use the key id
that
> is in the CWT-PoP but rather use i
rg;
> ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> I thought we were worried about collision of key *identifiers*, which were
> not necessarily raw keys or hashes thereof. But it's possible I was not
paying
> enoug
: Benjamin Kaduk [mailto:ka...@mit.edu]
Sent: 26 June 2018 17:14
To: Hannes Tschofenig
Cc: Mike Jones; Jim Schaad; draft-ietf-ace-cwt-proof-of-possess...@ietf.org;
ace@ietf.org
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
I thought we were worried about
etf-ace-cwt-proof-of-possess...@ietf.org;
> ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote:
> > See my note just now proposing this text to Jim:
> >
>
@mit.edu]
> Sent: 26 June 2018 17:00
> To: Hannes Tschofenig
> Cc: Mike Jones; Jim Schaad; draft-ietf-ace-cwt-proof-of-possess...@ietf.org;
> ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on
> draft-ietf-ace-cwt-proof-of-possession-02
>
> On Tue, Jun 26, 2018 at 0
2018 17:00
To: Hannes Tschofenig
Cc: Mike Jones; Jim Schaad; draft-ietf-ace-cwt-proof-of-possess...@ietf.org;
ace@ietf.org
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
On Tue, Jun 26, 2018 at 08:53:57AM +, Hannes Tschofenig wrote:
> Ben,
&g
On Tue, Jun 26, 2018 at 08:53:57AM +, Hannes Tschofenig wrote:
> Ben,
>
> I was wondering whether the situation is any different in Kerberos. If the
> KDC creates tickets with a session key included then it needs to make sure
> that it does not create the same symmetric key for different
... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote:
> See my note just now proposing this text to Jim:
>
> "Likewise, if PoP keys are used for multiple different kinds of CWTs in an
> application and the PoP ke
On 2018-06-22 15:36, Hannes Tschofenig wrote:
Hi Jim,
I would like to comment on this issue.
-
14. I have real problems w/ the use of a KID for POP identification. It
may
identify the wrong key or, if used for granting access, may have problems
w/
identity collisions. These need to
On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote:
> See my note just now proposing this text to Jim:
>
> "Likewise, if PoP keys are used for multiple different kinds of CWTs in an
> application and the PoP keys are identified by Key IDs, care must be taken to
> keep the keys for the
Tschofenig
; draft-ietf-ace-cwt-proof-of-possess...@ietf.org
Cc: ace@ietf.org
Subject: RE: Key IDs ... RE: [Ace] WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
No not really, Hannes's language is much closer to what I am looking for. I
don't care if they are different kinds of CWTs. I care about
draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org
> Cc: ace@ietf.org
> Subject: RE: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> I think you're looking for language something along these lines, right
Jim?
>
> "Likewise, if PoP keys a
> -Original Message-
> From: Benjamin Kaduk
> Sent: Friday, June 22, 2018 10:44 PM
> To: Hannes Tschofenig
> Cc: Jim Schaad ; 'Mike Jones'
> ; draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org; ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on
nt: Friday, June 22, 2018 1:44 PM
To: Hannes Tschofenig
Cc: Jim Schaad ; Mike Jones
; draft-ietf-ace-cwt-proof-of-possess...@ietf.org;
ace@ietf.org
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
On Fri, Jun 22, 2018 at 01:36:16PM +, Hannes Tschofenig w
-cwt-proof-of-possess...@ietf.org
Cc: ace@ietf.org
Subject: RE: Key IDs ... RE: [Ace] WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
That language works if you assume that there is only one CWT that an RS will
look to. If there are multiple CWTs then one needs coordination language
be
On Fri, Jun 22, 2018 at 01:36:16PM +, Hannes Tschofenig wrote:
> Hi Jim,
>
>
> > My problem is that if there are two different people with the same Key ID,
> either intentionally or unintentionally, then using the key ID to identify
> the key may allow the other person to masquerade as the
'Mike Jones'
> ; draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org
> Cc: ace@ietf.org
> Subject: Key IDs ... RE: [Ace] WGLC on draft-ietf-ace-cwt-proof-of-
> possession-02
>
> Hi Jim,
>
> I would like to comment on this issue.
>
> -
> > >
Hi Jim,
I would like to comment on this issue.
-
> > 14. I have real problems w/ the use of a KID for POP identification. It
may
> identify the wrong key or, if used for granting access, may have problems
w/
> identity collisions. These need to be spelt out someplace to help people
>
26 matches
Mail list logo