On Mon, Apr 29, 2019 at 09:53:01AM -0700, Jim Schaad wrote:
>
>
> > -Original Message-
> > From: Carsten Bormann
> > Sent: Monday, April 29, 2019 9:41 AM
> > To: Felipe Gasper
> > Cc: Benjamin Kaduk ; Roman Danyliw ;
> > Daniel Migault ; erdt.
On Mon, Apr 29, 2019 at 12:03:57PM -0400, Felipe Gasper wrote:
>
> > On Apr 29, 2019, at 12:00 PM, Benjamin Kaduk wrote:
> >
> > On Mon, Apr 29, 2019 at 08:55:53AM -0700, RFC Errata System wrote:
> >> The following errata report has been submitted for RFC8
On Mon, Apr 29, 2019 at 08:55:53AM -0700, RFC Errata System wrote:
> The following errata report has been submitted for RFC8392,
> "CBOR Web Token (CWT)".
>
> --
> You may review the report below and at:
> http://www.rfc-editor.org/errata/eid5710
>
> --
Hi all,
As Roman will be stepping down as co-chair to take up the mantle of
Security AD, I would like to introduce Daniel Migault as the incoming ACE
co-chair. Please give Daniel a warm welcome!
I'd also like to take this opportunity to thank Roman for his time as
co-chair, as he's helped steer
On Sun, Mar 10, 2019 at 10:17:35AM -0700, Jim Schaad wrote:
>
>
> > -Original Message-
> > From: Benjamin Kaduk
> > Sent: Sunday, March 10, 2019 10:10 AM
> > To: Göran Selander
> > Cc: Jim Schaad ; draft-ietf-ace-dtls-
> > author...@ietf.o
On Fri, Mar 08, 2019 at 04:01:26PM +, Göran Selander wrote:
>
> On 2019-03-03, 02:44, "Jim Schaad" wrote:
>
> I am responding to the review below in regards to the most recent version
> -06.
>
> > -Original Message-
> > > Section 3.3 - Figure 4 - Where is the '
On Fri, Feb 22, 2019 at 09:00:05PM +, Panos Kampanakis (pkampana) wrote:
> Hi Klaus,
>
> Thanks for the thorough review.
>
> All your issues identified are tracked here
> https://github.com/SanKumar2015/EST-coaps/issues?utf8=%E2%9C%93&q=is%3Aissue+%22Klaus+WGLC%22
> . We tried to address a
On Thu, Feb 07, 2019 at 02:28:02PM -0700, Brian Campbell wrote:
>
> The token-exchange draft defines both the "resource" and "audience"
> parameters for use in the context of a
> "urn:ietf:params:oauth:grant-type:token-exchange" grant type request to the
> token endpoint. There is a lot of overlap
On Wed, Jan 30, 2019 at 09:37:45AM +0100, Ludwig Seitz wrote:
>
> On 30/01/2019 07:01, Jim Schaad wrote:
> > ** IANA Section Issues
> >
> > 1. None of the new registries appear to have any guidance for the DEs to
> > use when approving items.
>
> Is it acceptable to add a single guidance se
On Thu, Dec 20, 2018 at 09:11:24AM +, Hannes Tschofenig wrote:
>
> -Original Message-
> From: Ludwig Seitz
> Sent: Donnerstag, 20. Dezember 2018 08:40
> To: Jim Schaad ; Hannes Tschofenig
> ; 'Stefanie Gerdes' ; ace@ietf.org
> Subject: Re: [Ace] Security of the Communication Between
On Thu, Dec 06, 2018 at 03:12:04PM -0800, Jim Schaad wrote:
> I have not looked in detail at the mls protocol documents, but from what I
> remember they have more or less skipped the entire AAA question of having a
> central authorizer and made it so that any entity which is currently active
> h
On Fri, Jan 18, 2019 at 11:54:58AM -0500, Richard Barnes wrote:
> Let me provide some additional context. When the chairs and ADs discussed
> this in BKK, it seemed pretty clear that EDHOC is not within the current
> charter of ACE — after all, ACE is targeted at authentication and
> authorizat
[with no hats]
On Mon, Nov 12, 2018 at 04:21:55PM +0100, Ludwig Seitz wrote:
> Hello ACE,
>
> I wanted to post a resume of the in room discussions from the IETF 103
> meeting, related to draft-ietf-ace-oauth-authz, for those who missed
> them and those who want to further comment (sorry for the
On Mon, Nov 05, 2018 at 09:16:54AM +0700, Michael Richardson wrote:
>
> Benjamin Kaduk wrote:
> >> John Mattsson wrote: > of negotiation is
> >> still needed. The current plan for the next version > is to introduce
> >> cipher suites a
On Sat, Nov 03, 2018 at 05:51:55AM +0700, Michael Richardson wrote:
>
> John Mattsson wrote:
> > of negotiation is still needed. The current plan for the next version
> > is to introduce cipher suites and to let the cipher suite with value 0
> > indicate that algorithms have been nego
On Fri, Nov 02, 2018 at 02:55:54PM +, John Mattsson wrote:
> Hi Benjamin, Salvador
>
> While DTLS 1.3 have done a very good job of lowering the overhead of the
> record layer when application data is sent (see e.g.
> https://tools.ietf.org/html/draft-ietf-lwig-security-protocol-comparison-01
On Fri, Nov 02, 2018 at 11:31:16AM +, John Mattsson wrote:
> Hi,
>
> We recently submitted
> https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-00, which build
> on research done by Research Institutes of Sweden, Royal Institute of
> Technology in Stockholm, and Nexus:
>
> https:
Hi Salvador,
On Wed, Oct 31, 2018 at 10:12:54AM +0100, Salvador Pérez wrote:
> Hello authors of EDHOC,
>
> we have implemented a previous version of EDHOC
> (draft-selander-ace-cose-ecdhe) and want to share some experiences.
>
> Our work so far has focused on implementation and evaluati
Just one minor note -- this is a great discussion to see happening!
On Tue, Oct 23, 2018 at 04:43:14PM +0200, Ludwig Seitz wrote:
>
> On 22/10/2018 21:09, Jim Schaad wrote:
> > * Section 5.8.2 - If the RS is going to do introspection, can it send some
> > type of "Server Busy - try again in xxx"
Hi Hannes,
Can you remind me which parameters are being problematic in this regard? I
mostly only remember the ace discussions of keyid, recently, so I probably
lost track of some relevant bits.
Thanks,
Ben
On Thu, Jul 19, 2018 at 02:34:26PM +, Hannes Tschofenig wrote:
> Hi Ben, Hi Ekr,
>
s identifier get recycle when
> users get retired or otherwise leave the system might be an option. Is this a
> more likely?
>
> As you see I am trying to find some examples of vulnerabilities in existing
> systems and I am having a hard time.
>
> Ciao
> Hannes
>
&g
ion, Ben.
>
> This begs the question why the collision of session keys is suddenly a
> problem in the ACE context when it wasn't a problem so far. Something must
> have changed.
>
> Ciao
> Hannes
>
>
> -Original Message-
> From: Benjamin Kaduk [ma
On Tue, Jun 26, 2018 at 08:53:57AM +, Hannes Tschofenig wrote:
> Ben,
>
> I was wondering whether the situation is any different in Kerberos. If the
> KDC creates tickets with a session key included then it needs to make sure
> that it does not create the same symmetric key for different usa
On Fri, Jun 22, 2018 at 08:48:35PM +, Mike Jones wrote:
> See my note just now proposing this text to Jim:
>
> "Likewise, if PoP keys are used for multiple different kinds of CWTs in an
> application and the PoP keys are identified by Key IDs, care must be taken to
> keep the keys for the di
On Fri, Jun 22, 2018 at 01:36:16PM +, Hannes Tschofenig wrote:
> Hi Jim,
>
>
> > My problem is that if there are two different people with the same Key ID,
> either intentionally or unintentionally, then using the key ID to identify
> the key may allow the other person to masquerade as the fi
On Wed, Jun 06, 2018 at 07:32:13PM -0400, Michael Richardson wrote:
>
> In draft-ietf-ace-coap-est, we would like to specify some mandatory to
> implement algorithms for DTLS.
>
> We write:
>The mandatory cipher suite for DTLS in EST-coaps is
>TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 defined in
On Tue, Mar 13, 2018 at 09:44:37PM -0400, Michael Richardson wrote:
>
> Jim Schaad wrote:
> > In section 2 - There will be a problem in that the port format
> extension is
> > being eliminated in TLS 1.3 - We may want to divide this into a 1.2 and
> 1.3
> > section for clarity.
>
>
Hi all,
I just (belatedly) posted a draft agenda to the datatracker
(https://datatracker.ietf.org/doc/agenda-101-ace/), also copied
below. Please holler if there are obvious bugs, you requested time
but didn't get a response, etc.
I know it's a little bit of short notice, but to the speakers:
pl
On Mon, Mar 12, 2018 at 09:08:05AM +0100, peter van der Stok wrote:
> Hi Jim,
>
> thanks for the comments. See my reactions below.
> Jim Schaad schreef op 2018-03-10 22:15:
> > I agree with Hannes, this version of the document is much cleaner and
> > much
> > clearer. I think that it has solved
Hi Adam,
With my shepherd hat...
On Wed, Mar 07, 2018 at 04:05:32PM -0800, Adam Roach wrote:
>
> Thanks to the WG, chairs, and
>
> §3.1.1:
>
> > The "iss" (issuer) claim has the same meaning and processing rules as
> > the "iss" claim defined in Section 4.1.1 of [RFC7519], except that
> > t
ms, as suggested by Kyle Rose.
> * Added guidance about the selection of the Designated Experts, as
> suggested by Benjamin Kaduk.
> * Acknowledged additional reviewers.
>
> The specification is available at:
>
> * https://tools.ietf.org/html/draft-ietf-ace-cbor-w
Hi all,
The NomComm has selected me as the next Security AD, so I will need
to step down as ace co-chair at the London meeting.
I do not want to ask Jim to take on the entire WG-chairing burden
himself, so we are seeking candidates to replace me as his co-chair.
The final decision will be made by
On Tue, Feb 27, 2018 at 11:59:50AM +0200, Dan Romascanu wrote:
> Hi,
>
> See also my other notes.
>
> I believe that what the document tries to say is:
>
> Register R is divided into four different ranges R1, R2, R3, R4 (defining
> the value limits may be useful)
>
> Values in range R1 are allo
On Mon, Feb 26, 2018 at 11:03:07AM -0800, Dan Romascanu wrote:
>
> 1. CWT is derived from JWT (RFC 7519) using CBOR rather than JSON for
> encoding.
> The rationale as explained in the document is related to efficiency for some
> IoT systems. The initial claims registry defined in Section 9.1 is
On Mon, Feb 26, 2018 at 11:19:04PM +0200, Dan Romascanu wrote:
> Hi Jim,
>
> Thank you for your answer and for addressing my comments.
>
> On item #2:
>
>
>
> On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad wrote:
>
> >
> >
> > > -Original Message-
> > > From: Dan Romascanu [mailto:drom
On Fri, Feb 09, 2018 at 09:04:45AM +0100, Ludwig Seitz wrote:
> On 2018-02-08 21:08, Benjamin Kaduk wrote:
> >
> > Right, this seems to be the key point. If there's not any running
> > code and not going to be any, it's pretty likely that the spec (for
> &g
On Thu, Feb 08, 2018 at 12:44:39PM +, Hannes Tschofenig wrote:
> Hi Göran,
>
> I believe there are new data points on this topic since the time the
> requirements & use case draft was published. A lot of use cases were written
> down and not all of them are still being considered by the folk
Hi all,
We're getting ready to send this to Kathleen for processing
(hopefully to finish before her term as AD does!), but there are a
few nits that should be fixed with a new rev before we actually push
the button.
We currently have an informational reference to RFC 5226, which has
since been re
On Thu, Feb 01, 2018 at 01:59:48PM +, Hannes Tschofenig wrote:
> Hi all,
>
> the Client Token is a new mechanism in the ACE-OAuth that aims to solve a
> scenario where the Client does not have connectivity to the Authorization
> Server to obtain an access token while the Resource Server does
Hi Esko,
On Fri, Dec 01, 2017 at 09:47:52AM +, Esko Dijk wrote:
> Dear all,
>
> Overall the document looks in good shape to go forward if the earlier
> mentioned issue of multiple values for "audience" (reported by Hannes) is
> addressed; and the below issue I see for Section 5. Other comme
On Thu, Nov 23, 2017 at 11:55:46AM +0100, Carsten Bormann wrote:
> Hi Ludwig,
>
> > I'm not sure what the RFC editors prefer as affiliation
> > (I've seen both):
> >
> > --
> > E. Wahlstroem
> >
> > -- OR
> > E. Wahlstroem
> > (no affiliation)
> > —
>
> I don’t know what the RFC editor prefers
Reminder: there is only one week left in this WGLC.
-Ben
On Wed, Nov 01, 2017 at 12:24:56PM -0500, Benjamin Kaduk wrote:
> This message begins a working group last call for
> draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC,
> ending at 23:59 PST on Wednesday 29
>
>
> -Original Message-
> From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Benjamin Kaduk
> Sent: 07 November 2017 16:49
> To: ace@ietf.org
> Subject: [Ace] IETF 100 draft agenda posted
>
> Hi all,
>
> I just posted a draft agenda to the datatracker
Hi all,
I just posted a draft agenda to the datatracker for our sesion in
Singapore, included below for your convenience. Note that it is
still draft, i.e., might change some more.
Presenters, please send your slides to the chairs by Sunday the 12th
so that we can get them uploaded and confirm t
Hi Olaf,
On Mon, Nov 06, 2017 at 05:11:43PM +0100, Olaf Bergmann wrote:
> Dear chairs,
>
> we would like to request a 10 min timeslot for the ACE session at IETF
> 100 to present the current status of draft-ietf-ace-dtls-authorize. We
> have not yet decided on a presenter but at least one of the
Hi Ludwig,
On Thu, Nov 02, 2017 at 01:04:36PM +0100, Ludwig Seitz wrote:
> Hello ACE chairs,
>
> I'd like to request a ~15 minute slot to present the updates to
> draft-ietf-ace-oauth-authz at IETF 100. Currently the plan is to present
> remote, but I have backup on site in case there is networ
On Wed, Nov 01, 2017 at 06:33:59PM +0100, Carsten Bormann wrote:
> Just wondering:
>
> Are you aware that this is a second WGLC? You didn’t mention that.
I was aware, sorry for not mentioning it. (The first WGLC was on the -04.)
> (And do we really need four weeks for a second WGLC? Even fact
On Wed, Nov 01, 2017 at 12:24:55PM -0500, Benjamin Kaduk wrote:
> This message begins a working group last call for
> draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC,
> ending at 23:59 PST on Wednesday 29 November, 2017.
>
> The current (-09) version of
This message begins a working group last call for
draft-ietf-ace-cbor-web-token for submission as a Standards-Track RFC,
ending at 23:59 PST on Wednesday 29 November, 2017.
The current (-09) version of the document is available at:
https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-09 .
Th
101 - 149 of 149 matches
Mail list logo
