Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token (ends 29 November)

2017-11-24 Thread Benjamin Kaduk
On Thu, Nov 23, 2017 at 11:55:46AM +0100, Carsten Bormann wrote: > Hi Ludwig, > > > I'm not sure what the RFC editors prefer as affiliation > > (I've seen both): > > > > -- > > E. Wahlstroem > > > > -- OR > > E. Wahlstroem > > (no affiliation) > > — > > I don’t know what the RFC editor

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token (ends 29 November)

2017-11-22 Thread Benjamin Kaduk
Reminder: there is only one week left in this WGLC. -Ben On Wed, Nov 01, 2017 at 12:24:56PM -0500, Benjamin Kaduk wrote: > This message begins a working group last call for > draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC, > ending at 23:59 PST on Wednesday 29

Re: [Ace] IETF 100 draft agenda posted

2017-11-07 Thread Benjamin Kaduk
> -Original Message- > From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Benjamin Kaduk > Sent: 07 November 2017 16:49 > To: ace@ietf.org > Subject: [Ace] IETF 100 draft agenda posted > > Hi all, > > I just posted a draft agenda to the datatracker for our se

[Ace] WGLC on draft-ietf-ace-cbor-web-token

2017-11-01 Thread Benjamin Kaduk
This message begins a working group last call for draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC, ending at 23:59 PST on Wednesday 29 November, 2017. The current (-09) version of the document is available at: https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-09 .

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token

2017-11-01 Thread Benjamin Kaduk
On Wed, Nov 01, 2017 at 06:33:59PM +0100, Carsten Bormann wrote: > Just wondering: > > Are you aware that this is a second WGLC? You didn’t mention that. I was aware, sorry for not mentioning it. (The first WGLC was on the -04.) > (And do we really need four weeks for a second WGLC? Even

[Ace] IETF 100 draft agenda posted

2017-11-07 Thread Benjamin Kaduk
Hi all, I just posted a draft agenda to the datatracker for our sesion in Singapore, included below for your convenience. Note that it is still draft, i.e., might change some more. Presenters, please send your slides to the chairs by Sunday the 12th so that we can get them uploaded and confirm

Re: [Ace] timeslot for draft-ietf-ace-dtls-authorize @IETF 100

2017-11-06 Thread Benjamin Kaduk
Hi Olaf, On Mon, Nov 06, 2017 at 05:11:43PM +0100, Olaf Bergmann wrote: > Dear chairs, > > we would like to request a 10 min timeslot for the ACE session at IETF > 100 to present the current status of draft-ietf-ace-dtls-authorize. We > have not yet decided on a presenter but at least one of the

Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token (ends 29 November)

2017-12-01 Thread Benjamin Kaduk
Hi Esko, On Fri, Dec 01, 2017 at 09:47:52AM +, Esko Dijk wrote: > Dear all, > > Overall the document looks in good shape to go forward if the earlier > mentioned issue of multiple values for "audience" (reported by Hannes) is > addressed; and the below issue I see for Section 5. Other

Re: [Ace] How to specify DTLS MTI in COAP-EST

2018-06-07 Thread Benjamin Kaduk
On Wed, Jun 06, 2018 at 07:32:13PM -0400, Michael Richardson wrote: > > In draft-ietf-ace-coap-est, we would like to specify some mandatory to > implement algorithms for DTLS. > > We write: >The mandatory cipher suite for DTLS in EST-coaps is >TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 defined

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

2018-06-26 Thread Benjamin Kaduk
On Tue, Jun 26, 2018 at 08:53:57AM +, Hannes Tschofenig wrote: > Ben, > > I was wondering whether the situation is any different in Kerberos. If the > KDC creates tickets with a session key included then it needs to make sure > that it does not create the same symmetric key for different

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

2018-06-26 Thread Benjamin Kaduk
Ben. > > This begs the question why the collision of session keys is suddenly a > problem in the ACE context when it wasn't a problem so far. Something must > have changed. > > Ciao > Hannes > > > -----Original Message- > From: Benjamin Kaduk [mailto:ka...

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

2018-06-26 Thread Benjamin Kaduk
ntifier get recycle when > users get retired or otherwise leave the system might be an option. Is this a > more likely? > > As you see I am trying to find some examples of vulnerabilities in existing > systems and I am having a hard time. > > Ciao > Hannes > > --

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

2018-06-22 Thread Benjamin Kaduk
On Fri, Jun 22, 2018 at 01:36:16PM +, Hannes Tschofenig wrote: > Hi Jim, > > > > My problem is that if there are two different people with the same Key ID, > either intentionally or unintentionally, then using the key ID to identify > the key may allow the other person to masquerade as the

Re: [Ace] Key IDs ... RE: WGLC on draft-ietf-ace-cwt-proof-of-possession-02

2018-06-23 Thread Benjamin Kaduk
On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote: > See my note just now proposing this text to Jim: > > "Likewise, if PoP keys are used for multiple different kinds of CWTs in an > application and the PoP keys are identified by Key IDs, care must be taken to > keep the keys for the

[Ace] shepherd review of draft-ietf-ace-cbor-web-token-11

2018-02-02 Thread Benjamin Kaduk
Hi all, We're getting ready to send this to Kathleen for processing (hopefully to finish before her term as AD does!), but there are a few nits that should be fixed with a new rev before we actually push the button. We currently have an informational reference to RFC 5226, which has since been

Re: [Ace] Removal of the Client Token from ACE-OAuth draft

2018-02-01 Thread Benjamin Kaduk
On Thu, Feb 01, 2018 at 01:59:48PM +, Hannes Tschofenig wrote: > Hi all, > > the Client Token is a new mechanism in the ACE-OAuth that aims to solve a > scenario where the Client does not have connectivity to the Authorization > Server to obtain an access token while the Resource Server

Re: [Ace] Removal of the Client Token from ACE-OAuth draft

2018-02-09 Thread Benjamin Kaduk
On Fri, Feb 09, 2018 at 09:04:45AM +0100, Ludwig Seitz wrote: > On 2018-02-08 21:08, Benjamin Kaduk wrote: > > > > Right, this seems to be the key point. If there's not any running > > code and not going to be any, it's pretty likely that the spec (for > > this

Re: [Ace] ACE - OAuth Synchronization

2018-07-19 Thread Benjamin Kaduk
Hi Hannes, Can you remind me which parameters are being problematic in this regard? I mostly only remember the ace discussions of keyid, recently, so I probably lost track of some relevant bits. Thanks, Ben On Thu, Jul 19, 2018 at 02:34:26PM +, Hannes Tschofenig wrote: > Hi Ben, Hi Ekr, >

[Ace] Draft agenda for London

2018-03-13 Thread Benjamin Kaduk
Hi all, I just (belatedly) posted a draft agenda to the datatracker (https://datatracker.ietf.org/doc/agenda-101-ace/), also copied below. Please holler if there are obvious bugs, you requested time but didn't get a response, etc. I know it's a little bit of short notice, but to the speakers:

Re: [Ace] draft-ietf-ace-coap-est-00

2018-03-12 Thread Benjamin Kaduk
On Mon, Mar 12, 2018 at 09:08:05AM +0100, peter van der Stok wrote: > Hi Jim, > > thanks for the comments. See my reactions below. > Jim Schaad schreef op 2018-03-10 22:15: > > I agree with Hannes, this version of the document is much cleaner and > > much > > clearer. I think that it has solved

Re: [Ace] draft-ietf-ace-coap-est-00

2018-03-13 Thread Benjamin Kaduk
On Tue, Mar 13, 2018 at 09:44:37PM -0400, Michael Richardson wrote: > > Jim Schaad wrote: > > In section 2 - There will be a problem in that the port format > extension is > > being eliminated in TLS 1.3 - We may want to divide this into a 1.2 and > 1.3 > >

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

2018-02-26 Thread Benjamin Kaduk
On Mon, Feb 26, 2018 at 11:03:07AM -0800, Dan Romascanu wrote: > > 1. CWT is derived from JWT (RFC 7519) using CBOR rather than JSON for > encoding. > The rationale as explained in the document is related to efficiency for some > IoT systems. The initial claims registry defined in Section 9.1 is

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

2018-02-26 Thread Benjamin Kaduk
On Mon, Feb 26, 2018 at 11:19:04PM +0200, Dan Romascanu wrote: > Hi Jim, > > Thank you for your answer and for addressing my comments. > > On item #2: > > > > On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad wrote: > > > > > > > > -Original Message- > > > From:

Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12

2018-02-27 Thread Benjamin Kaduk
On Tue, Feb 27, 2018 at 11:59:50AM +0200, Dan Romascanu wrote: > Hi, > > See also my other notes. > > I believe that what the document tries to say is: > > Register R is divided into four different ranges R1, R2, R3, R4 (defining > the value limits may be useful) > > Values in range R1 are

Re: [Ace] CBOR Web Token (CWT) draft addressing IETF last call comments

2018-03-05 Thread Benjamin Kaduk
ms, as suggested by Kyle Rose. > * Added guidance about the selection of the Designated Experts, as > suggested by Benjamin Kaduk. > * Acknowledged additional reviewers. > > The specification is available at: > > * https://tools.ietf.org/html/draft-ietf-ace-cbo