Hello Murray, Thank you for your review. Our thinking was as Ben explained. In the draft, we used MUST/MUST NOT for the behaviour that affected security, and SHOULD for desired behaviour.
Would the following revision make it more clear: "The Broker MUST NOT forward messages to unauthorized subscribers and SHOULD inform them of authorisation failure. The only way to inform the client, in this case, would be sending a DISCONNECT packet. Therefore, the Broker SHOULD send a DISCONNECT packet with the reason code '0x87 (Not authorized)'. " Jean Mahoney's comments have been addressed in the following, and there is one clarification left that we are working on. https://github.com/ace-wg/mqtt-tls-profile/pull/102 https://github.com/ace-wg/mqtt-tls-profile/pull/102/commits/75ac0c0a86812f359471a63f6b481b0b80482b97 I thought I should respond to these comments fast and will fix your other two comments asap. Kind regards, --Cigdem On Thu, 10 Mar 2022 at 06:37, Benjamin Kaduk <ka...@mit.edu> wrote: > On Wed, Mar 09, 2022 at 10:35:01PM -0800, Murray Kucherawy via Datatracker > wrote: > > Murray Kucherawy has entered the following ballot position for > > draft-ietf-ace-mqtt-tls-profile-15: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > This should be quick to resolve. In Section 3.2: > > > > The Broker MUST NOT forward messages to unauthorized subscribers. > > There is no way to inform the Clients with invalid tokens that an > > authorization error has occurred other than sending a DISCONNECT > > packet. Therefore, the Broker SHOULD send a DISCONNECT packet with > > the reason code '0x87 (Not authorized)'. > > > > This seems like a contradiction. How is that SHOULD not a MUST? > > I suppose you could also be less informative and just drop the transport > connection with no DISCONNECT (or simply hold it open while passing no > traffic). > I think that's what I had in mind when I reviewed this with the SHOULD. > > -Ben >
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace