The chairs believe that the set of documents dealing with the OAuth
framework for constrained environments is nearing the point that we should
be able to advance it to the IESG for publication. We therefore want to
have a full list of issues that need to be dealt with at the Bangkok
meeting.
The chairs believe that the set of documents dealing with the OAuth
framework for constrained environments is nearing the point that we should
be able to advance it to the IESG for publication. We therefore want to
have a full list of issues that need to be dealt with at the Bangkok
meeting.
The chairs believe that the set of documents dealing with the OAuth
framework for constrained environments is nearing the point that we should
be able to advance it to the IESG for publication. We therefore want to
have a full list of issues that need to be dealt with at the Bangkok
meeting.
> -Original Message-
> From: Michael Richardson
> Sent: Thursday, October 4, 2018 6:45 AM
> To: Jim Schaad
> Cc: ace@ietf.org
> Subject: Re: [Ace] JWT + OAuth Request
>
>
> Jim Schaad wrote:
> > The OAuth group discovered a problem with some t
> -Original Message-
> From: Ace On Behalf Of Michael Richardson
> Sent: Monday, September 24, 2018 9:27 AM
> To: consulta...@vanderstok.org
> Cc: Esko Dijk ; Panos Kampanakis (pkampana)
> ; ace@ietf.org
> Subject: Re: [Ace] ace-coap-est: unclear definition of /.well-known/est
URI
>
>
Yes I think that is correct. I’ll need to review final text at some point but
what you say below look right.
From: Panos Kampanakis (pkampana)
Sent: Thursday, September 13, 2018 1:29 PM
To: Jim Schaad ; consulta...@vanderstok.org
Cc: draft-ietf-ace-coap-...@ietf.org; 'ace'
Subject: RE
We are doing all of this in response to a draft? Why can you not fix the
draft and put the OAuth parameters in a sub map so there is no collisions?
Jim
> -Original Message-
> From: Mike Jones
> Sent: Tuesday, August 28, 2018 9:45 AM
> To: Ludwig Seitz ; Samuel Erdtman ;
> -Original Message-
> From: Ace On Behalf Of Ludwig Seitz
> Sent: Monday, August 27, 2018 12:52 AM
> To: ace@ietf.org
> Subject: [Ace] Parameter abbreviation number ranges for
draft-ietf-ace-oauth-
> authz
>
> Hello group,
>
> at IETF 102 there was a discussion about the numerical
Should be circumscribed not circumcised although the first does echo my
personal feelings.
Jim
> -Original Message-
> From: Ace On Behalf Of Jim Schaad
> Sent: Wednesday, July 18, 2018 6:13 PM
> To: ace@ietf.org
> Subject: [Ace] Text for KID in POP
>
> A
Add the following text to section 3.4.
WARNING: The use of a Key ID in a POP CWT needs to be carefully circumcised.
Where the Key ID is not a cryptographic value derived from the key or where
all of the parties involved are not validating the cryptographic derivation,
it is possible to get into
://AS/token. Once
upon a time, I thought there was some work being done in the core group that
would help clean this up. It has not finished, nor have I seen much about it
recently.
Jim
> -Original Message-
> From: Carsten Bormann
> Sent: Monday, July 16, 2018 7:14 AM
> To
* Section 2 - client - write rights and/or read rights. Unless you think
that write implies read in which case you should state that
* Section 2 - KDC - should also say what it does in the later parts -
* Section 2 - Dispatcher - If this is a bus, then you are not really
communicating with it
From: Peter van der Stok
Sent: Monday, July 9, 2018 1:01 AM
To: Jim Schaad
Cc: consulta...@vanderstok.org; draft-ietf-ace-coap-...@ietf.org; 'ace'
Subject: Re: [Ace] Review draft-ietf-ace-coap-est
* In section 4.1 I have a question about what you are using for payload content
From: Peter van der Stok
Sent: Wednesday, July 4, 2018 1:53 AM
To: Jim Schaad
Cc: draft-ietf-ace-coap-...@ietf.org; 'ace'
Subject: Re: [Ace] Review draft-ietf-ace-coap-est
Hi Jim,
Many thanks for the review. See our answers below.
* In section 4.1 I have a question about what you
* In section 4.1 I have a question about what you are using for payload
content encoding. Part of this might just be a question of how you plan to
move from ASN.1 to CBOR at some point in the future. I think that it would
necessitate doing new media-types in that event. You appear to be doing a
From: Samuel Erdtman
Sent: Wednesday, June 27, 2018 8:18 AM
To: Jim Schaad
Cc: Hannes Tschofenig ; Benjamin Kaduk
; Mike Jones ;
draft-ietf-ace-cwt-proof-of-possess...@ietf.org; ace@ietf.org
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
Jim
that they
should not be doing.
This is about an attack not about getting things to generally work right.
Jim
> -Original Message-
> From: Hannes Tschofenig
> Sent: Tuesday, June 26, 2018 6:09 PM
> To: Jim Schaad ; 'Benjamin Kaduk'
> ; 'Mike Jones'
> Cc: draft-ietf-ace-cw
No Ben, you are 100% correct. This is about identifiers and not session
keys.
> -Original Message-
> From: Benjamin Kaduk
> Sent: Tuesday, June 26, 2018 5:14 PM
> To: Hannes Tschofenig
> Cc: Mike Jones ; Jim Schaad
> ; draft-ietf-ace-cwt-proof-of-possess...@ietf.o
If you want a spot on the agenda please let the chairs know.
Please include topic/draft, presenter and a time request.
Jim
___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
We have received a request for early registration approval for the media
types in draft-ietf-ace-coap-est. As part of the input to the decision to
do this we need to know if there are any people who object to proceeding.
If you object please respond either to the list or to the chairs and
No not really, Hannes's language is much closer to what I am looking for. I
don't care if they are different kinds of CWTs. I care about impersonation.
> -Original Message-
> From: Mike Jones
> Sent: Friday, June 22, 2018 10:44 PM
> To: Jim Schaad ; Hannes Tschofenig
> ;
> -Original Message-
> From: Benjamin Kaduk
> Sent: Friday, June 22, 2018 10:44 PM
> To: Hannes Tschofenig
> Cc: Jim Schaad ; 'Mike Jones'
> ; draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org; ace@ietf.org
> Subject: Re: [Ace] Key IDs ... RE: WGLC on
That language works if you assume that there is only one CWT that an RS will
look to. If there are multiple CWTs then one needs coordination language
between them.
> -Original Message-
> From: Hannes Tschofenig
> Sent: Friday, June 22, 2018 6:36 AM
> To: Jim Schaad ;
I sent this review early by accident (I thought I was sending a different mail).
However a couple things below.
From: Samuel Erdtman
Sent: Thursday, June 21, 2018 8:15 AM
To: Jim Schaad
Cc: draft-ietf-ace-oauth-au...@ietf.org; ace
Subject: Re: [Ace] Review of draft-ietf-ace-oauth
That sounds like a good plan forward. Are you also going to need an early
registration on the multipart-core draft as well?
Jim
From: Peter van der Stok
Sent: Wednesday, June 20, 2018 3:07 AM
To: Carsten Bormann
Cc: Hannes Tschofenig ; core ;
ace@ietf.org; Jim Schaad ; r
Based on where I currently am, here is another review of the document.
1. In section 4 for Figure one: Is the term "RS Information" your term or
an OAuth term. When I see this I think of it as information for not about
the RS which I do not believe is the intent.
2. In section 5.1 - I am
> -Original Message-
> From: Ace On Behalf Of Michael Richardson
> Sent: Tuesday, June 19, 2018 7:33 AM
> To: core ; ace@ietf.org
> Subject: Re: [Ace] [core] Early media-type registration for EST over CoAP
>
>
> Carsten Bormann wrote:
> > On Jun 19, 2018, at 14:11, Carsten
We will go ahead and use a webex meeting for the interop event tomorrow
JOIN WEBEX MEETING
https://ietf.webex.com/ietf/j.php?MTID=m1e4d4e3b7a8f81354335d9be30dc3687
Meeting number (access code): 640 485 375 Host key: 770328 Meeting password:
DEGrDby3
JOIN BY PHONE
1-650-479-3208 Call-in toll
> -Original Message-
> From: Hannes Tschofenig <hannes.tschofe...@arm.com>
> Sent: Wednesday, May 23, 2018 12:55 PM
> To: Jim Schaad <i...@augustcellars.com>; draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org
> Cc: ace@ietf.org
> Subject: RE: [Ace]
I have removed items where the proposed solution is probably sufficient.
> -Original Message-
> From: Mike Jones <michael.jo...@microsoft.com>
> Sent: Sunday, May 20, 2018 4:34 AM
> To: Jim Schaad <i...@augustcellars.com>; draft-ietf-ace-cwt-proof-of-
> po
. It
would be nice to get those changes published.
Jim
> -Original Message-
> From: Ace <ace-boun...@ietf.org> On Behalf Of Ludwig Seitz
> Sent: Tuesday, May 15, 2018 6:47 AM
> To: ace@ietf.org
> Subject: Re: [Ace] OAuth-Authz Interop
>
> On 2018-05-07 18:44, Jim Sc
etf.org>
Subject: Re: [Ace] OAuth-Authz Interop
On 2018-05-08 08:57, Ludwig Seitz wrote:
> On 2018-05-07 18:44, Jim Schaad wrote:
>> I have been meaning to get this out for a while and have failed. A
>> doodle poll to setup an interop event for this work is at
>> &
I have been meaning to get this out for a while and have failed. A doodle
poll to setup an interop event for this work is at
https://doodle.com/poll/k27g9r26bghvnytu If you want to participate and none
of the times are good please let me know.
Things for testing:
1) DTLS profile w/ shared
I agree with Hannes, this version of the document is much cleaner and much
clearer. I think that it has solved most of the problems that I initially
had with the draft. It is not ready to progress as there are still sections
that are marked as TODO. But it is much closer to finishing that it
It might make more sense to prefix the JWT versions as not being what is
here.
Jim
> -Original Message-
> From: Mike Jones [mailto:michael.jo...@microsoft.com]
> Sent: Wednesday, March 7, 2018 9:47 PM
> To: Benjamin Kaduk ; Adam Roach
> Cc: The IESG
> -Original Message-
> From: Alexey Melnikov [mailto:aamelni...@fastmail.fm]
> Sent: Sunday, March 4, 2018 1:01 PM
> To: Jim Schaad <i...@augustcellars.com>; The IESG <i...@ietf.org>
> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org;
&g
IANA does ask for the expert review as part of the processing it does even for
standards track documents. This is because, in part, they are responsible for
doing the final number assignment. That is which number in the range is
actually used. The interesting question would be what happens
Please let the chairs know if you want a slot on the agenda for London.
Please give us an idea of what you think you need to cover, how long you
think it will take and who is doing the presentations.
For people doing the presentations, I would like to get slides during the
week of March 12th so
Looking at the mailing list, it appears that the working group thinks that
the document should be adopted. Peter, please republish the document as an
ACE working group document and I will then approve it.
Jim
___
Ace mailing list
Ace@ietf.org
From: Dan Romascanu [mailto:droma...@gmail.com]
Sent: Tuesday, February 27, 2018 2:23 PM
To: Jim Schaad <i...@augustcellars.com>
Cc: Benjamin Kaduk <ka...@mit.edu>; gen-art <gen-...@ietf.org>;
draft-ietf-ace-cbor-web-token@ietf.org; ietf <i...@ietf.org>; ace@ie
Kaduk <ka...@mit.edu>
Cc: Jim Schaad <i...@augustcellars.com>; gen-art <gen-...@ietf.org>;
draft-ietf-ace-cbor-web-token@ietf.org; ietf <i...@ietf.org>; ace@ietf.org
Subject: Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12
Hi,
See also my
From: Dan Romascanu [mailto:droma...@gmail.com]
Sent: Monday, February 26, 2018 1:19 PM
To: Jim Schaad <i...@augustcellars.com>
Cc: gen-art <gen-...@ietf.org>; ace@ietf.org; ietf <i...@ietf.org>;
draft-ietf-ace-cbor-web-token@ietf.org
Subject: Re: Genart telechat re
I have uploaded the minutes for the meeting. Please feel free to look at
them and send me comments.
Jim
___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
Esko,
Whether a generic encode would automatically skip over tags is going to
depend on the data model presented to the user by the parser. I have worked
with one where the tags are ignored by the data model unless the user
explicitly asks about them. I have worked with another where the
This was done because, in CBOR, there is a way to distinguish between a string
and a URL. This is lacking in JSON. I believe that the ability to not have to
determine this heuristically is a good thing.
Jim
From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman
Sent:
> -Original Message-
> From: Mike Jones [mailto:michael.jo...@microsoft.com]
> Sent: Friday, October 27, 2017 7:43 PM
> To: Jim Schaad <i...@augustcellars.com>; draft-ietf-ace-cwt-proof-of-
> possess...@ietf.org
> Cc: ace@ietf.org
> Subject: RE: Review
[mailto:cigdem.sen...@gmail.com]
Sent: Wednesday, October 25, 2017 2:19 PM
To: Jim Schaad <i...@augustcellars.com>
Cc: Ludwig Seitz <ludwig.se...@ri.se>; ace@ietf.org
Subject: Re: [Ace] Question about the response to an unauthorized request
UMA assumes that resource server
em
On Mon, Oct 23, 2017 at 2:38 PM, Ludwig Seitz <ludwig.se...@ri.se
<mailto:ludwig.se...@ri.se> > wrote:
Hello ACE,
Jim Schaad has brought up an interesting question [1] on
draft-ietf-ace-oauth-authz [2]:
Currently when a client makes an unauthorized request to a resou
heless, it may be useful to think how other groups approach similar
problems.
Best,
--Cigdem
On Mon, Oct 23, 2017 at 2:38 PM, Ludwig Seitz <ludwig.se...@ri.se
<mailto:ludwig.se...@ri.se> > wrote:
Hello ACE,
Jim Schaad has brought up an interesting question [1] on
dr
* I dislike the statement of what the specification claims to do. It will
be misread by many people who are not familiar with how you are defining the
word "presenter". If I intercept a CWT and present it to a validator, it
does not make a claim that I possess a specific POP key. Given what
Of Jim Schaad
Sent: Thursday, October 19, 2017 2:14 PM
To: 'Carsten Bormann' <c...@tzi.org>; 'Hannes Tschofenig'
<hannes.tschofe...@arm.com>
Cc: 'Mike Jones' <michael.jo...@microsoft.com>; ace@ietf.org
Subject: Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag
The type
palomb...@ericsson.com]
> Sent: Friday, October 20, 2017 6:21 AM
> To: Jim Schaad <i...@augustcellars.com>; draft-tiloca-ace-oscoap-
> join...@ietf.org; draft-palombini-ace-coap-pubsub-prof...@ietf.org
> Cc: ace@ietf.org
> Subject: RE: Comments on draft-tiloca-ace-oscoap-joinin
After the interim meeting, I read this document through in order to produce
a review. Instead you are going to get a meta-review.
I am having a hard to seeing why this document exists in its current form
and it is not some type of simple profile of the pub-sub security draft.
While I am not sure
ormann [mailto:c...@tzi.org]
> Sent: Thursday, October 19, 2017 1:32 PM
> To: Hannes Tschofenig <hannes.tschofe...@arm.com>
> Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad
> <i...@augustcellars.com>; ace@ietf.org
> Subject: Re: [Ace] draft-ietf-ace-cbor-web
After doing some reading elsewhere, I think it would be reasonable to
outline the version of security when the pub/sub agent can be trusted. This
makes a contrast with this model that people should understand.
Jim
___
Ace mailing list
Ace@ietf.org
Here are some comments on the draft.
1. Please change the title. It would be more appropriate to say that you
are "OSCOAP profile of the Authentication and Authorization for Constrained
Environments Framework". ( I will also be asking for a rename of that
document to add framework to highlight
Abstract - I am unclear how this is a profile of RFC 7800 rather than a
restatement of that document. In what way does this qualify as a profile?
Introduction - I do not understand the second half of the first sentence in
the introduction. It claims that the document is going to show how proof
Are the authors planning to do anything with the external data option that
is part of the COSE specification? I realize that this is not part of JWT
and thus including it would lead to a difference between the specifications,
but as I was working to try and get my CWT implementation the question
* Figure 7 makes no sense. This appears to be mapping a string to a keyed
object. I think however, that the error here is used as a value not a key.
* Is there a recommendation for behavior if a new item is posted to the
authz-info endpoint which has the same key id as a previous one? I can
See below.
Jim
From: Samuel Erdtman [mailto:sam...@erdtman.se]
Sent: Thursday, June 22, 2017 1:40 AM
To: Jim Schaad <i...@augustcellars.com>
Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace <ace@ietf.org>
Subject: Re: [Ace] I-D Action: draft-ietf-ace-cbor-web-token-05.txt
I have some comments on this draft that I have gotten from implementation
attempts.
Major Issues:
Section 2 talks about looking things up in the resource directory, but it
does not say what one would be looking for. Is this material which should
be in the generic document?
Section 2 - I see a
Comments on this version of the draft.
Section 7 - Step 6 & 7 - I do not know if it is legal to have a CWT CBOR tag at
this point
Section 7 - In Step 7 - it must be a valid CBOR map not just a valid CBOR
object.
Appendix A.3 - I was unable to reproduce the example. I assume that this means
and what is not
so important might be one way to get around some of these issue
Jim
-Original Message-
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Tuesday, May 16, 2017 3:58 PM
To: Carsten Bormann <c...@tzi.org>
Cc: Jim Schaad <i...@augustcellars.com>; Samuel E
To: Mike Jones <michael.jo...@microsoft.com>
Cc: Jim Schaad <i...@augustcellars.com>; Samuel Erdtman <sam...@erdtman.se>;
ace <Ace@ietf.org>
Subject: Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token
On May 16, 2017, at 00:16, Mike Jones <michael.jo...@microsoft.
Actually, I think both of those were Carsten not me
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Monday, May 15, 2017 3:17 PM
To: Jim Schaad <i...@augustcellars.com>; 'Samuel Erdtman' <sam...@erdtman.se>
Cc: 'ace' <Ace@ietf.org>
Subject: RE: [Ace] WGLC on d
It is correct that the tag can be added and subtracted at will w/o changing
anything.
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Monday, May 15, 2017 2:17 PM
To: Samuel Erdtman <sam...@erdtman.se>; Jim Schaad <i...@augustcellars.com>
Cc: ace <Ace@ietf.o
How is this draft supposed to interact with draft-gerdes-ace-dtls-authorize?
Jim
From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman
Sent: Friday, May 12, 2017 1:03 AM
To: ; ace
Cc: Ludwig Seitz
From: Samuel Erdtman [mailto:sam...@erdtman.se]
Sent: Sunday, May 14, 2017 3:40 AM
To: Jim Schaad <i...@augustcellars.com>
Cc: ace <Ace@ietf.org>
Subject: Re: [Ace] WGLC on draft-ietf-ace-cbor-web-token
Hi Jim,
Thanks for your review and comments, see some initial re
Not ready to ship.
* I find the text for NumericDate confusing and would suggest this is a
cleaner wording.
The "NumericDate" term has the same meaning, syntax and
Processing rules as the "NumericDate" term defined in Section 2 of
JWT [RFC7519], except that the CBOR numeric representation
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: Wednesday, April 5, 2017 6:02 PM
To: Samuel Erdtman <sam...@erdtman.se>; Jim Schaad <i...@augustcellars.com>
Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace <Ace@ietf.org>
Subject: RE: [Ace] Review of draft-ietf-
Some comments inline
From: Samuel Erdtman [mailto:sam...@erdtman.se]
Sent: Sunday, April 2, 2017 10:58 PM
To: Jim Schaad <i...@augustcellars.com>
Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace <Ace@ietf.org>
Subject: Re: [Ace] Review of draft-ietf-ace-cbor-web-token-0
It has been pointed out to me that I was incorrect when I thought that the TLA
for the WG was SET. It should be secevent.
Jim
From: Samuel Erdtman [mailto:sam...@erdtman.se]
Sent: Sunday, April 2, 2017 10:58 PM
To: Jim Schaad <i...@augustcellars.com>
Cc: draft-ietf-ace-cb
Given that it was stated that the authors believe that the document was
ready for publication, I decided to do another review pass.
1. Following the discussion in the SET WG meeting, I believe that it would
be reasonable to define some inputs for the external data fields to allow
for
of this
adoption call as a gating factor to produce such an update.
jim
> -Original Message-
> From: peter van der Stok [mailto:stokc...@xs4all.nl]
> Sent: Tuesday, March 7, 2017 12:33 AM
> To: Jim Schaad <i...@augustcellars.com>
> Cc: 'Kepeng Li' <kepeng@alibab
; <stokc...@xs4all.nl>
> Cc: Jim Schaad <i...@augustcellars.com>; 'Kepeng Li' <kepeng.lkp@alibaba-
> inc.com>; consulta...@vanderstok.org; Ace@ietf.org
> Subject: Re: [Ace] Call for adoption for draft-somaraju-ace-multicast-02
>
> Hi Derek
>
> we
After thinking about this for a long time, I will reluctantly state a
position.
I do not believe that the WG should adopt this document at least until such
a time as a version has been released which does a substantially better job
of restricting the scope of the problem to be solved. If the
In going through and starting to map out how an implementation would work, I
have started getting some questions.
1. What is the difference between scope and audience, and is there an
expected way that these values would relate to a CoAP URI? From OAuth, I
would have generally expected scope to
See Below
From: Somaraju Abhinav [mailto:abhinav.somar...@tridonic.com]
Sent: Monday, February 6, 2017 12:01 PM
To: Jim Schaad <i...@augustcellars.com>;
draft-somaraju-ace-multic...@tools.ietf.org
Cc: 'ace' <ace@ietf.org>
Subject: Re: [Ace] draft-somaraju-ace-multicast
See comments inline
From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Somaraju Abhinav
Sent: 02 February 2017 03:48
To: Jim Schaad <i...@augustcellars.com>;
draft-somaraju-ace-multic...@tools.ietf.org
Cc: 'ace' <ace@ietf.org>
Subject: Re: [Ace] draft-somaraju-ace-multicas
This may be a bit scatterbrained as I did this review in several sessions
and the thoughts might not be consistent.
1. In section #1, I would put in the fact that the derived key would only
be used for a period of time, after which a new ECDH key exchange would be
run again.
2. It is not
201 - 280 of 280 matches
Mail list logo