Hi, Thanks for the feed back Francesca. We have discussed this issue during the interim meeting, so I would encourage Olaf and Stefanie to propose some text that reflected the discussion before pinging Russ.
Yours, Daniel On Thu, Feb 11, 2021 at 10:02 AM Francesca Palombini < francesca.palomb...@ericsson.com> wrote: > Hi, > > I am fine with Daniel's change to the DTLS profile (which wants to add > motivation on why the DTLS profile is RECOMMENDED), and prefer Göran's > formulation to the Ace framework. > > I had to think about it and figured out where the different > interpretations come from, and hence what needs to be clarified: > > "Profiles MUST specify a communication security protocol that provides > the features required above." > > Russ reads this sentence as: one (and only one) protocol MUST be specified > *and used* between Client and AS. > I (and others) read this sentence as: (at least) one protocol fulfilling > the security requirements MUST be specified in the profile. (and as a > consequence: One and only one of these protocols specified in the profile > MUST be used between client and AS) > > I think Göran's modification clarifies the above, but hopefully Russ can > let us know how to make his even clearer. > > Francesca > > On 11/02/2021, 12:35, "Stefanie Gerdes" <ger...@tzi.de> wrote: > > > On 02/11/2021 04:26 AM, Daniel Migault wrote: > > > > > OLD: section 6.2 > > "Profiles MUST specify how communication security according > > to the requirements in Section 5 is provided." > > NEW: > > section 6.2 is focused on security but the security requirements are > > provided in section 5. We may simply remove this sentence. > > > > OLD section 5. > > "Profiles MUST specify a communication security protocol that > provides > > the features required above." > > NEW: > > Profiles MUST provide some recommendation on protocols used to > establish > > these communications. > > These communications MUST meet these security requirements. As > > communications meeting these requirements may be established in > multiple > > ways, profiles MUST provide some recommendations as to favor > > interoperability. In most cases the recommendations aim at limiting > the > > number of libraries the client has to support. > > > > The reason that this requirement on the profiles was included in the > framework is that the framework itself does not specify how > communication security is provided. For the security of the solution it > is important that the profiles fill this gap. I think that it is > important to emphasize this security requirement. I therefore prefer > Goeran's proposals: > > Proposal 1 (Section 6.2): > OLD > "Profiles MUST specify how communication security according > to the requirements in Section 5 is provided." > NEW > "The requirements for communication security of profiles are specified > in Section 5." > > Proposal 2 (Section 5): > OLD > "Profiles MUST specify a communication security protocol that provides > the features required above." > NEW > "Profiles MUST specify at least one communication security protocol > that > provides the features required above." > > > Viele Grüße > Steffi > > -- Daniel Migault Ericsson
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
