Re: [Ace] OAuth-Authz Interop

On 2018-05-07 18:44, Jim Schaad wrote: I have been meaning to get this out for a while and have failed. A doodle poll to setup an interop event for this work is at https://doodle.com/poll/k27g9r26bghvnytu If you want to participate and none of the times are good please let me know. Things for

[Ace] EST over CoAP: Introduction

Here is a proposal to change the introduction to the relevant parts only and to avoid repetition. (The current document still keeps talking about IEEE 802.15.4 when there are so many other radio technologies as well. There is nothing in this spec that makes this 15.4 specific. I understand that

Re: [Ace] EST over CoAP

FWIW I would untangle the tamper resistance property from the lifetime of these keys. You will want to issue new keys periodically anyway. From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Panos Kampanakis (pkampana) Sent: 15 May 2018 16:01 To: Mohit Sethi; ace@ietf.org Subject: Re: [Ace] EST

Re: [Ace] EST over CoAP

Hi Mohit, These priv/public keypairs+cert are provisioned and used on the endpoint as identity for authentication. If tamper-resistance is not supported on the endpoint, the keypairs could be reprovisioned more often than the traditional cert lifetime as the server-side key gen transaction does

[Ace] Review of draft-sengul-ace-mqtt-tls-profile-02

Hello ACE, I've reviewed draft-sengul-ace-mqtt-tls-profile-02. I think this is a very relevant draft, due to the amount of IoT devices that use MQTT. I would encourage the WG to pick this up as the third profile of draft-ietf-ace-oauth-authz Detailed comments below. /Ludwig 1.

Re: [Ace] Early media-type registration for EST over CoAP

On May 15, 2018, at 10:56, Hannes Tschofenig wrote: > > I am curious whether it would be possible to ask for early media-type > registration of at least these two types: > - application/pkcs7-mime > - application/pkcs10 There already are registered. I think you are

Re: [Ace] EST over CoAP

Agreed. I see your point. I had read your whitepaper sometime back I think. Indeed ACE-Oath, or LWM2M KDC, or OCF DOXS could provide address the credential management issue. But I don't think we can tell endpoints that they are on their own unless they get the right hardware or they comply with

Re: [Ace] Review of draft-sengul-ace-mqtt-tls-profile-02

Hello Ludwig, Thank you for reviewing our draft. We will start working on addressing your comments asap. Thanks, --Cigdem On Tue, May 15, 2018 at 10:04 AM, Ludwig Seitz wrote: > Hello ACE, > > I've reviewed draft-sengul-ace-mqtt-tls-profile-02. I think this is a > very

Re: [Ace] EST over CoAP

Hi Mike, You are getting the story wrong. First, the boundary between what is IoT and what isn't isn't that clear. One man's IoT is another man's data center. Second, many of the problems we run into are fundamental to crypto rather than the protocol design. There is just no free lunch even

[Ace] Early media-type registration for EST over CoAP

I get the impression that the EST over CoAP spec will not completed as soon as I had hoped. I am curious whether it would be possible to ask for early media-type registration of at least these two types: - application/pkcs7-mime - application/pkcs10 Ciao Hannes IMPORTANT NOTICE: The contents