[Ace] ACE@IETF106 - agenda items and presentations
Hi, The ACE WG is meeting at the IETF 106 Tuesday November 19 15:20-16:50 . Please let us know if there are topic you would like to present by Wednesday November 6. Slides are expected to be uploaded by Sunday November 17. Please remember the draft deadline is Monday November 4 https://datatracker.ietf.org/meeting/106/important-dates/ Yours, Jim and Daniel ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] I-D Action: draft-ietf-ace-cwt-proof-of-possession-11.txt
This version addresses the remaining IESG review comment by Mirja Kühlewind, which removes the language about contacting the IESG should the Designated Experts not act on IANA registrations in a timely way, per a decision by the IESG on today's telechat. -- Mike -Original Message- From: Ace On Behalf Of internet-dra...@ietf.org Sent: Thursday, October 31, 2019 7:44 AM To: i-d-annou...@ietf.org Cc: ace@ietf.org Subject: [Ace] I-D Action: draft-ietf-ace-cwt-proof-of-possession-11.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF. Title : Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) Authors : Michael B. Jones Ludwig Seitz Göran Selander Samuel Erdtman Hannes Tschofenig Filename: draft-ietf-ace-cwt-proof-of-possession-11.txt Pages : 16 Date: 2019-10-31 Abstract: This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder- of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs). The IETF datatracker status page for this draft is: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-cwt-proof-of-possession%2Fdata=02%7C01%7CMichael.Jones%40microsoft.com%7C6fe566449c1b4805cee708d75e10ba0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637081298248386929sdata=cElMuuONfQiYsRqMjJs4wMHUtsvanpy6%2F1hWGvY7FN0%3Dreserved=0 There are also htmlized versions available at: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-ace-cwt-proof-of-possession-11data=02%7C01%7CMichael.Jones%40microsoft.com%7C6fe566449c1b4805cee708d75e10ba0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637081298248386929sdata=8253o%2BDZTDVf4HeuoYu%2BbpHR91CQrswnV%2FsCfGQ95Es%3Dreserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-ace-cwt-proof-of-possession-11data=02%7C01%7CMichael.Jones%40microsoft.com%7C6fe566449c1b4805cee708d75e10ba0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637081298248386929sdata=cJ%2B7qAhU78Vr1sXrcTzQNSEojTo8VbZS%2FimuNyX2CCs%3Dreserved=0 A diff from the previous version is available at: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-ace-cwt-proof-of-possession-11data=02%7C01%7CMichael.Jones%40microsoft.com%7C6fe566449c1b4805cee708d75e10ba0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637081298248386929sdata=M%2BkS9bx%2BIgswYIDwiLo31elWcakFKG9Wni2VrKVyVUA%3Dreserved=0 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Ace mailing list Ace@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Facedata=02%7C01%7CMichael.Jones%40microsoft.com%7C6fe566449c1b4805cee708d75e10ba0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637081298248386929sdata=cVK4RObuN77arf0SyvC6thrDdprjgReHirSFx2pwMso%3Dreserved=0 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)
Per the decision on the telechat, I have published -11, which removes the IESG appeal language in favor of direct appeal to the IESG. See https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-11#section-7. Please update the document status accordingly. Thank you, -- Mike -Original Message- From: Mike Jones Sent: Wednesday, October 30, 2019 5:48 PM To: Benjamin Kaduk Cc: Roman D. Danyliw ; ace-cha...@ietf.org; Mirja Kuehlewind ; The IESG ; ace@ietf.org; draft-ietf-ace-cwt-proof-of-possess...@ietf.org; Barry Leiba Subject: RE: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT) Thanks for the clarification, Ben. I'm fine with this going either way (appeal to IESG or appeal to IANA). Just drop me a note after the issue is discussed on the telechat and I'll turn around a new draft right away tomorrow, if requested. Later, -- Mike -Original Message- From: Ace On Behalf Of Benjamin Kaduk Sent: Wednesday, October 30, 2019 5:29 PM To: Mike Jones Cc: Roman D. Danyliw ; ace-cha...@ietf.org; Mirja Kuehlewind ; The IESG ; ace@ietf.org; draft-ietf-ace-cwt-proof-of-possess...@ietf.org; Barry Leiba Subject: Re: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT) Just to be clear, IANA raising the issue to the IESG is described in Section 5.3 of RFC 8126, which would be the default expectations if an individual document/registry did not give other instructions. -Ben On Thu, Oct 31, 2019 at 12:13:58AM +, Mike Jones wrote: > I'm in the process of creating -10, which addresses the IESG comments other > than Mirja's. I'm reluctant to change the registration instructions, as they > are currently identical to those for CWTs (and many other specifications > going back to at least RFC 6749, modulo the name of the mailing list). That > said, if the IESG *really* wants to change the party to appeal to in the case > of non-action from the Designated Experts from the IESG to IANA, I'm amenable > to also making that change tomorrow, immediately following the telechat, so > we can send the spec on to the RFC Editor. Let me know what you decide. > > Thanks again, > -- Mike > > -Original Message- > From: Barry Leiba > Sent: Monday, October 28, 2019 2:00 PM > To: Mike Jones > Cc: Mirja Kuehlewind ; Benjamin Kaduk > ; Roman D. Danyliw ; ace-cha...@ietf.org; > The IESG ; ace@ietf.org; > draft-ietf-ace-cwt-proof-of-possess...@ietf.org > Subject: Re: [Ace] Mirja Kühlewind's No Objection on > draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT) > > The issue isn't using a mailing list. The issue is the instructions to IANA > about how to do management and tracking, stuff that they do just fine without > working groups trying -- will all good intentions -- to tell them how. > > The fact that there are a lot of RFCs that do it just says that working > groups do this frequently, and most ADs don't notice or don't care. And the > reality is that IANA will manage the registration process how they do it, > accommodating reasonable special instructions when they can. The point is > that documents shouldn't be giving special instructions unless there really > is something special needed for a particular reason. > > Barry > > On Mon, Oct 28, 2019 at 12:19 PM Mike Jones > wrote: > > > > The practice of using a mailing list for registration requests to enable > > public visibility of them goes back at least to .well-known URI > > registrations > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc5785data=02%7C01%7CMichael.Jones%40microsoft.com%7C0b217822fdab454c213408d75d995cec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637080785592172015sdata=dvBR4fRzp1xSMcqXyaSa68Px7AJs3alwwTPJVH4YyMA%3Dreserved=0 > > by Mark Nottingham in April 2010. OAuth 2.0 followed this practice in RFC > > 6749, as did the JOSE specs and JWT in RFCs 7515-19. The rest is history, > > as they say. > > > > -- Mike > > > > -Original Message- > > From: Mirja Kuehlewind > > Sent: Monday, October 28, 2019 8:54 AM > > To: Benjamin Kaduk > > Cc: Barry Leiba ; Roman D. Danyliw > > ; ace-cha...@ietf.org; The IESG ; > > ace@ietf.org; draft-ietf-ace-cwt-proof-of-possess...@ietf.org > > Subject: Re: [Ace] Mirja Kühlewind's No Objection on > > draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT) > > > > These are all quite recents examples, so maybe the procedures are changing > > at the moment. I guess we as the IESG should be aware and figure out what > > the right procedure actually should be here. > > > > > On 28. Oct 2019, at 16:31, Benjamin Kaduk wrote: > > > > > > On Fri, Oct 25, 2019 at 12:31:42PM
[Ace] I-D Action: draft-ietf-ace-cwt-proof-of-possession-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF. Title : Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) Authors : Michael B. Jones Ludwig Seitz Göran Selander Samuel Erdtman Hannes Tschofenig Filename: draft-ietf-ace-cwt-proof-of-possession-11.txt Pages : 16 Date: 2019-10-31 Abstract: This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder- of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-cwt-proof-of-possession/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-11 https://datatracker.ietf.org/doc/html/draft-ietf-ace-cwt-proof-of-possession-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-cwt-proof-of-possession-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace