Re: [Ace] Review Comments on -03
On Jul 16, 2018, at 08:26, Jim Schaad wrote: > > In the event of an unauthorized, the RS has the ability to return a URL to > the AS it knows about. If it returns coaps://AS/token, then this might be > thought of implying that one needs to use dtls to talk to the AS rather than > using OSCORE. The same might be true if you just returned coap://AS/token. > Once upon a time, I thought there was some work being done in the core group > that would help clean this up. It has not finished, nor have I seen much > about it recently. Right. We have no way to indicate with a coaps:// URI which kind of security parameters are expected (with https://, there is a default, but that is not always right either; I am not aware of any activity to solve that problem there). We could define a format for URI + security parameters. The question here was always what would be good, actionable hints that don’t also provide too much information disclosure. This is maybe a question that ACE and CoRE have in common. Grüße, Carsten ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Review Comments on -03
In the event of an unauthorized, the RS has the ability to return a URL to the AS it knows about. If it returns coaps://AS/token, then this might be thought of implying that one needs to use dtls to talk to the AS rather than using OSCORE. The same might be true if you just returned coap://AS/token. Once upon a time, I thought there was some work being done in the core group that would help clean this up. It has not finished, nor have I seen much about it recently. Jim > -Original Message- > From: Carsten Bormann > Sent: Monday, July 16, 2018 7:14 AM > To: Jim Schaad > Cc: draft-ietf-ace-dtls-author...@ietf.org; ace > Subject: Re: Review Comments on -03 > > Hi Jim, > > > On Jul 15, 2018, at 20:48, Jim Schaad wrote: > > > > * It is too bad that we don't have the generic coap schemas defined > > yet so that we can use that as part of the URL returned with an access > > denied response. > > Can you expand on that? What should we have defined? > > Grüße, Carsten ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] Review Comments on -03
Hi Jim, > On Jul 15, 2018, at 20:48, Jim Schaad wrote: > > * It is too bad that we don't have the generic coap schemas defined yet so > that we can use that as part of the URL returned with an access denied > response. Can you expand on that? What should we have defined? Grüße, Carsten ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace