On Thu, Nov 23, 2017 at 11:55:46AM +0100, Carsten Bormann wrote:
> Hi Ludwig,
> > I'm not sure what the RFC editors prefer as affiliation
> > (I've seen both):
> > --
> > E. Wahlstroem
> > -- OR
> > E. Wahlstroem
> > (no affiliation)
> > —
> I don’t know what the RFC editor
Reminder: there is only one week left in this WGLC.
On Wed, Nov 01, 2017 at 12:24:56PM -0500, Benjamin Kaduk wrote:
> This message begins a working group last call for
> draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC,
> ending at 23:59 PST on Wednesday 29
> -Original Message-
> From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Benjamin Kaduk
> Sent: 07 November 2017 16:49
> To: email@example.com
> Subject: [Ace] IETF 100 draft agenda posted
> Hi all,
> I just posted a draft agenda to the datatracker for our se
This message begins a working group last call for
draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC,
ending at 23:59 PST on Wednesday 29 November, 2017.
The current (-09) version of the document is available at:
On Wed, Nov 01, 2017 at 06:33:59PM +0100, Carsten Bormann wrote:
> Just wondering:
> Are you aware that this is a second WGLC? You didn’t mention that.
I was aware, sorry for not mentioning it. (The first WGLC was on the -04.)
> (And do we really need four weeks for a second WGLC? Even
I just posted a draft agenda to the datatracker for our sesion in
Singapore, included below for your convenience. Note that it is
still draft, i.e., might change some more.
Presenters, please send your slides to the chairs by Sunday the 12th
so that we can get them uploaded and confirm
On Mon, Nov 06, 2017 at 05:11:43PM +0100, Olaf Bergmann wrote:
> Dear chairs,
> we would like to request a 10 min timeslot for the ACE session at IETF
> 100 to present the current status of draft-ietf-ace-dtls-authorize. We
> have not yet decided on a presenter but at least one of the
On Fri, Dec 01, 2017 at 09:47:52AM +, Esko Dijk wrote:
> Dear all,
> Overall the document looks in good shape to go forward if the earlier
> mentioned issue of multiple values for "audience" (reported by Hannes) is
> addressed; and the below issue I see for Section 5. Other
On Wed, Jun 06, 2018 at 07:32:13PM -0400, Michael Richardson wrote:
> In draft-ietf-ace-coap-est, we would like to specify some mandatory to
> implement algorithms for DTLS.
> We write:
>The mandatory cipher suite for DTLS in EST-coaps is
On Tue, Jun 26, 2018 at 08:53:57AM +, Hannes Tschofenig wrote:
> I was wondering whether the situation is any different in Kerberos. If the
> KDC creates tickets with a session key included then it needs to make sure
> that it does not create the same symmetric key for different
> This begs the question why the collision of session keys is suddenly a
> problem in the ACE context when it wasn't a problem so far. Something must
> have changed.
> -----Original Message-
> From: Benjamin Kaduk [mailto:ka...
ntifier get recycle when
> users get retired or otherwise leave the system might be an option. Is this a
> more likely?
> As you see I am trying to find some examples of vulnerabilities in existing
> systems and I am having a hard time.
On Fri, Jun 22, 2018 at 01:36:16PM +, Hannes Tschofenig wrote:
> Hi Jim,
> > My problem is that if there are two different people with the same Key ID,
> either intentionally or unintentionally, then using the key ID to identify
> the key may allow the other person to masquerade as the
On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote:
> See my note just now proposing this text to Jim:
> "Likewise, if PoP keys are used for multiple different kinds of CWTs in an
> application and the PoP keys are identified by Key IDs, care must be taken to
> keep the keys for the
We're getting ready to send this to Kathleen for processing
(hopefully to finish before her term as AD does!), but there are a
few nits that should be fixed with a new rev before we actually push
We currently have an informational reference to RFC 5226, which has
On Thu, Feb 01, 2018 at 01:59:48PM +, Hannes Tschofenig wrote:
> Hi all,
> the Client Token is a new mechanism in the ACE-OAuth that aims to solve a
> scenario where the Client does not have connectivity to the Authorization
> Server to obtain an access token while the Resource Server
On Fri, Feb 09, 2018 at 09:04:45AM +0100, Ludwig Seitz wrote:
> On 2018-02-08 21:08, Benjamin Kaduk wrote:
> > Right, this seems to be the key point. If there's not any running
> > code and not going to be any, it's pretty likely that the spec (for
> > this
Can you remind me which parameters are being problematic in this regard? I
mostly only remember the ace discussions of keyid, recently, so I probably
lost track of some relevant bits.
On Thu, Jul 19, 2018 at 02:34:26PM +, Hannes Tschofenig wrote:
> Hi Ben, Hi Ekr,
I just (belatedly) posted a draft agenda to the datatracker
(https://datatracker.ietf.org/doc/agenda-101-ace/), also copied
below. Please holler if there are obvious bugs, you requested time
but didn't get a response, etc.
I know it's a little bit of short notice, but to the speakers:
On Mon, Mar 12, 2018 at 09:08:05AM +0100, peter van der Stok wrote:
> Hi Jim,
> thanks for the comments. See my reactions below.
> Jim Schaad schreef op 2018-03-10 22:15:
> > I agree with Hannes, this version of the document is much cleaner and
> > much
> > clearer. I think that it has solved
On Tue, Mar 13, 2018 at 09:44:37PM -0400, Michael Richardson wrote:
> Jim Schaad wrote:
> > In section 2 - There will be a problem in that the port format
> extension is
> > being eliminated in TLS 1.3 - We may want to divide this into a 1.2 and
On Mon, Feb 26, 2018 at 11:03:07AM -0800, Dan Romascanu wrote:
> 1. CWT is derived from JWT (RFC 7519) using CBOR rather than JSON for
> The rationale as explained in the document is related to efficiency for some
> IoT systems. The initial claims registry defined in Section 9.1 is
On Mon, Feb 26, 2018 at 11:19:04PM +0200, Dan Romascanu wrote:
> Hi Jim,
> Thank you for your answer and for addressing my comments.
> On item #2:
> On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad wrote:
> > > -Original Message-
> > > From:
On Tue, Feb 27, 2018 at 11:59:50AM +0200, Dan Romascanu wrote:
> See also my other notes.
> I believe that what the document tries to say is:
> Register R is divided into four different ranges R1, R2, R3, R4 (defining
> the value limits may be useful)
> Values in range R1 are
ms, as suggested by Kyle Rose.
> * Added guidance about the selection of the Designated Experts, as
> suggested by Benjamin Kaduk.
> * Acknowledged additional reviewers.
> The specification is available at:
> * https://tools.ietf.org/html/draft-ietf-ace-cbo
Mail list logo