Hi ACE,
Sadly I couldn't attend the interim meeting yesterday. Did the WG decide on how
to proceed with regard to John's comment?
/Ludwig
> -Original Message-
> From: John Mattsson
> Sent: den 7 september 2020 14:11
> To: ace@ietf.org; Seitz Ludwig
> Subject: Re: AS discovery in draft
I'm sorry that I missed today's meeting.
I guess this wasn't on the agenda in the end?
Göran Selander wrote:
> But you are right that the draft is not just a new ACE profile. The
> voucher concept fits into ANIMA, but is carried as an ACE access
> token. It also makes use of the auxi
-Original Message-
From: Ace On Behalf Of John Mattsson
Sent: Saturday, September 5, 2020 5:51 AM
To: ace@ietf.org
Subject: [Ace] Review of draft-ietf-ace-oscore-profile
Major comment
---
- Asignment of OSCORE Sender and Recipient IDs
I think the specified mechanism
Hi,
Just want to acknowledge, as was discussed in the WG meeting today, that the
major comment below is alternatively a possible -bis update. I think this is
good functionality, and even though related problem statements have been
discussed before, this solution has not. And although the change
Hi John,
C must not communicate with an AS which it doesn't trust. As stated in
section 6.5, "the client MUST be able to determine whether an AS has the
authority to issue access tokens for a certain RS." The client would
therefore notice if RS or an attacker tries to trick C into
communicating wi
Hi,
Rereading Section 6.4 again I think the discussion on Denial-of-Service /
amplification attacks in Section 6.4 clearly needs more work.
- "However a compromised RS may use this to perform a denial of service against
a specific AS"
Any attacker (not just a compromised RS) on the path beween
Hi John,
On 09/07/2020 12:45 PM, John Mattsson wrote:
>
> The mechanism is not presented as an error message when the client in good
> faith tries to access a resource. It is presented as something C do
> intentionally to dicsover the AS. In the description in the draft, C is
> clearly aware
Hi John,
please see inline for remarks in addition to Ludwig's response.
John Mattsson writes:
> I just reviewed draft-ietf-ace-oscore-profile. This made me wonder
> about the AS discovery mechanism in the ACE framework. Why is this
> particular discovery mechanism given so much attention? Of a
Hi Ludwig,
The problem I have is that the current mechanism is presented as a generic
discovery mechanism and that none of the disadvantages are mentioned in section
5.1.
"A generic procedure is described in Section 5.1"
The mechanism is not presented as an error message when the client in goo