On 13/12/2018 15:42, Stefanie Gerdes wrote:
Hi Ludwig,
On 12/12/2018 10:47 AM, Ludwig Seitz wrote:
The value of checking the iss field is indeed limited, but if present I
feel it MUST be checked.
The text does say that the RS must check the integrity of the token (see
5.8.1.1.)
"Since the
Hi Ludwig,
On 12/12/2018 10:47 AM, Ludwig Seitz wrote:
> The value of checking the iss field is indeed limited, but if present I
> feel it MUST be checked.
>
> The text does say that the RS must check the integrity of the token (see
> 5.8.1.1.)
>
> "Since the cryptographic wrapper of the token
On 12/12/2018 10:27, Stefanie Gerdes wrote:
Hi Jim,
thank you for your quick response.
On 12/11/2018 09:38 PM, Jim Schaad wrote:
C may receive keying material for the communication with RS from AS.
Unfortunately, the AS does not inform C how long the keying material is
valid. C
therefore
On 11/12/2018 21:38, Jim Schaad wrote:
-Original Message-
From: Ace On Behalf Of Stefanie Gerdes
Sent: Tuesday, December 11, 2018 4:11 AM
To: Ludwig Seitz ; ace@ietf.org
Subject: Re: [Ace] Fwd: New Version Notification for
draft-ietf-ace-oauth-authz-
17.txt and draft-ietf-ace-oauth
Hi Jim,
thank you for your quick response.
On 12/11/2018 09:38 PM, Jim Schaad wrote:
>>
>> C may receive keying material for the communication with RS from AS.
>> Unfortunately, the AS does not inform C how long the keying material is
> valid. C
>> therefore may use outdated keying material for
Hi,
I looked through the document again. Many issues have been fixed, but I
still have some comments:
I still think that Section 5.8.1, in particular 5.8.1.1 should point out
that RS must check the integrity of the token und validate that it stems
from an authorized AS. Checking the iss field
Ludwig,
It looks good. A couple of additional things that have occurred to me.
(Always a problem when on reads drafts again and again.)
1. I don't really have a problem with figure 6, but I don't know if we want
to more correctly reflect what an OSCORE message would look like in this
location.