Hi,
I am fine with Daniel's change to the DTLS profile (which wants to add
motivation on why the DTLS profile is RECOMMENDED), and prefer Göran's
formulation to the Ace framework.
I had to think about it and figured out where the different interpretations
come from, and hence what needs to be clarified:
"Profiles MUST specify a communication security protocol that provides
the features required above."
Russ reads this sentence as: one (and only one) protocol MUST be specified *and
used* between Client and AS.
I (and others) read this sentence as: (at least) one protocol fulfilling the
security requirements MUST be specified in the profile. (and as a consequence:
One and only one of these protocols specified in the profile MUST be used
between client and AS)
I think Göran's modification clarifies the above, but hopefully Russ can let us
know how to make his even clearer.
Francesca
On 11/02/2021, 12:35, "Stefanie Gerdes" <ger...@tzi.de> wrote:
On 02/11/2021 04:26 AM, Daniel Migault wrote:
>
> OLD: section 6.2
> "Profiles MUST specify how communication security according
> to the requirements in Section 5 is provided."
> NEW:
> section 6.2 is focused on security but the security requirements are
> provided in section 5. We may simply remove this sentence.
>
> OLD section 5.
> "Profiles MUST specify a communication security protocol that provides
> the features required above."
> NEW:
> Profiles MUST provide some recommendation on protocols used to establish
> these communications.
> These communications MUST meet these security requirements. As
> communications meeting these requirements may be established in multiple
> ways, profiles MUST provide some recommendations as to favor
> interoperability. In most cases the recommendations aim at limiting the
> number of libraries the client has to support.
>
The reason that this requirement on the profiles was included in the
framework is that the framework itself does not specify how
communication security is provided. For the security of the solution it
is important that the profiles fill this gap. I think that it is
important to emphasize this security requirement. I therefore prefer
Goeran's proposals:
Proposal 1 (Section 6.2):
OLD
"Profiles MUST specify how communication security according
to the requirements in Section 5 is provided."
NEW
"The requirements for communication security of profiles are specified
in Section 5."
Proposal 2 (Section 5):
OLD
"Profiles MUST specify a communication security protocol that provides
the features required above."
NEW
"Profiles MUST specify at least one communication security protocol that
provides the features required above."
Viele Grüße
Steffi
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
