Re: [Ace] WGLC draft-ietf-ace-revoked-token-notification-04.txt

Sorry for slow answers on that one, holiday time here in Sweden. Please remove me as a co-author as I will not be able to significantly contribute. /Ludwig From: Ace On Behalf Of Ludwig Seitz Sent: den 14 mars 2023 16:13 To: Ace Wg Subject: Re: [Ace] WGLC draft-ietf-ace-revoked-token

Re: [Ace] WGLC draft-ietf-ace-revoked-token-notification-04.txt

tion and Authorization for Constrained Environments (ACE) WG of the IETF. Title : Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework Authors : Marco Tiloca Ludwig Seitz

Re: [Ace] ACE status

Hello Daniel, Could you also give us an update on draft-ietf-ace-oauth-authz and the related profile drafts? (I have only noticed they are sitting in the RFC-Editor’s queue for some time). Regards, Ludwig From: Ace On Behalf Of Daniel Migault Sent: den 23 december 2021 02:09 To: Ace Wg Subje

Re: [Ace] WG Adoption Call for bergmann-ace-extend-dtls-authorize

+1 for adoption. /Ludwig From: Ace On Behalf Of Daniel Migault Sent: den 9 november 2021 17:35 To: Ace Wg Subject: [Ace] WG Adoption Call for bergmann-ace-extend-dtls-authorize Hi, This email starts a 2 week Working Group Adoption Call for -bergmann-ace-extend-dtls-authorize [1]. Please prov

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-46.txt

Tschofenig ; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-46.txt A new version of I-D, draft-ietf-ace-oauth-authz-46.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository

[Ace] Progressing draft-ietf-ace-oauth-authz

g the Base64url encoding of the original byte string payload. Does the working group or the OAuth designated expert have any objections (or suggestions) to this approach? Regards, Ludwig -- Ludwig Seitz Infrastructure Security Analyst Combitech AB Djäknegatan 31 . SE-211 35 Malmö . Sweden Phone:

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-params-16.txt

Hello ACE, This update fixes some nits discovered during the review of the IANA actions. /Ludwig -Original Message- From: internet-dra...@ietf.org Sent: den 8 september 2021 08:34 To: Ludwig Seitz Subject: New Version Notification for draft-ietf-ace-oauth-params-16.txt A new

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-45.txt

; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-45.txt A new version of I-D, draft-ietf-ace-oauth-authz-45.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name:

Re: [Ace] New Version Notification for draft-ietf-ace-oauth-authz-44.txt

; Hannes Tschofenig ; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-44.txt A new version of I-D, draft-ietf-ace-oauth-authz-44.txt has been successfully submitted by Ludwig Seitz and posted to the IETF reposit

Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz

Hello ACE, Since I haven’t heard an objection, I will go forward and add this to the draft. Regards, Ludwig From: Daniel Migault Sent: den 17 augusti 2021 17:25 To: Ludwig Seitz Cc: ace@ietf.org Subject: Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz Thanks Ludwig

[Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz

esponding text would go into the list of additional parameters in section 5.9.2 and be something along the lines of: "cti OPTIONAL. The CWT ID parameter has the same meaning and processing rules as the "jti" parameter defined in section 3.1.2. of [RFC 7662] except that the value

[Ace] Nits in draft-ietf-ace-oauth-authz

For those interested, the other nits are: 1. Inconsistent IANA tables where some had the column "Original Specification" and some didn't for the CBOR abbreviation mappings, 2. An obsolete reference that needed to be updated in an IANA entry). /Ludwig -- Ludwig Seitz Infrastructure S

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-43.txt

final text proposal!) /Ludwig -Original Message- From: internet-dra...@ietf.org Sent: den 10 juli 2021 21:51 To: Erik Wahlstroem ; Goeran Selander ; Hannes Tschofenig ; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Olaf's compromise text looks OK to me. If no one objects I'll submit this later today. /Ludwig Sent from my smartphone Olaf Bergmann wrote >Hi Carsten, Ludwig, > >I think removing the discussed is not an option as the whole discussion >was about "something needs to be said" but not

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

I can remove the text entirely, since we don't seem to agree on the details. Would that be acceptable? /Ludwig Sent from my smartphone Carsten Bormann wrote >How do we get this done before Monday’s I-D deadline? > >On 2021-07-06, at 08:22, Ludwig Seitz wrote

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

n with the RS. The security of a profile MUST NOT depend on the assumption that this profile is used in all steps of the authorization flow (C-AS, C-RS, RS-AS). /Ludwig -Original Message- From: Francesca Palombini Sent: den 5 juli 2021 18:59 To: Carsten Bormann Cc: Ludwig Seitz ; Dani

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

will implement. /Ludwig -Original Message- From: Carsten Bormann Sent: den 9 juni 2021 09:15 To: Ludwig Seitz Cc: Francesca Palombini ; Seitz Ludwig ; The IESG ; art-...@ietf.org; ace-cha...@ietf.org; draft-ietf-ace-oauth-au...@ietf.org; ace@ietf.org Subject: Re: [Ace] [EXTERNAL] France

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-42.txt

; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-42.txt A new version of I-D, draft-ietf-ace-oauth-authz-42.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Hello Francesca, Comments inline. Update will be posted shortly. /Ludwig -Original Message- From: Francesca Palombini Sent: den 10 maj 2021 20:42 To: Seitz Ludwig ; The IESG Cc: art-...@ietf.org; ace-cha...@ietf.org; draft-ietf-ace-oauth-au...@ietf.org; ace@ietf.org Subject: Re: [EXT

Re: [Ace] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

On 2020-02-26 00:58, Amanda Baber via RT wrote: Ludwig, Hannes, Can you confirm that you can make the CBOR Web Token Claim change requested below? We also have Chuck Mortimore listed as an expert for this registry, but our message to his Salesforce address bounced. Best regards, Amanda Baber

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

On 2020-01-23 22:31, Brian Campbell wrote: Apologies, I forgot to reply-all at some earlier point and dropped the mailing lists and other cc's off the thread. Added back now. And also apologies because I think I need to recuse myself from the DE responsibility on the JWT registry request here. I

Re: [Ace] I-D Action: draft-ietf-ace-oauth-params-12.txt

Authorization in Constrained Environments (ACE) Author : Ludwig Seitz Filename: draft-ietf-ace-oauth-params-12.txt Pages : 11 Date: 2020-02-01 Abstract: This specification defines new parameters and encodings for the OAuth

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-31.txt

cation and Authorization for Constrained Environments WG of the IETF. Title : Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth) Authors : Ludwig Seitz Goera

Re: [Ace] [Jwt-reg-review] Requested review for IANA registration in draft-ietf-ace-oauth-authz

On 2020-01-13 22:01, Brian Campbell wrote: Thanks for the updates Lugwig, Section 6.6. does propose one mitigation for the unbounded memory growth problem. However, it relies on the AS to do pretty specific things with the content of other claims for it to even be possible for an RS to perform t

Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06

On 2019-12-22 19:27, elwynd wrote: Hi, Ludwig. Having had another look at section 3.1 of draft-ietf-ace-cwt-proof-of-possession, technically the rules about which keys have to be present are not part of the syntax of the cnf claim.  The point can be covered by changing '"syntax of the 'cnf' clai

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

On 2019-12-23 22:32, Brian Campbell wrote: The OAuth Token Introspection Response registry already has an entry for "cnf", which makes the first request in https://tools.ietf.org/html/draft-iet

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-params-06

Hello Elwyn, I have now submitted -09 to fix the minor issues and nits, which I forgot in my -08. Comments inline. Regards, Ludwig On 2019-12-14 23:46, Elwyn Davies via Datatracker wrote: Minor issues: ss3.1, 3.2 and 4.1:  The COSE_Key type 'EC' used in several kty fields is not defined. 

Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06

On 2019-12-19 21:23, elwynd wrote: Hi, Ludwig. Thanks for the prompt response. Regarding he major issue, I understand what the intention of the split was, but as far as early implementations are concerned, there is no such thing as a 'minimal breakage'; unless there is some cunning mechanism in

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-authz

Hello CWT registry reviewers, the IESG-designated experts for the CWT claims registry have asked me to send a review request to you about the claims registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.13 Thank you in advance for you review comments. Regards, L

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-authz

Hello JWT registry reviewers, the IESG-designated experts for the JWT claims registry have asked me to send a review request to you about the claims registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.12 Thank you in advance for you review comments. Regards, L

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-authz

Hello OAuth registry reviewers, the IESG-designated experts for the OAuth parameters registry have asked me to send a review request to you about the OAuth parameters registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.2 and here: https://tools.ietf.org/html/dr

Re: [Ace] FW: [IANA #1157486] Last Call: (Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)) to Proposed

From: Sabrina Tanamal via RT Subject: [IANA #1157486] Last Call: (Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)) to Proposed Standard (BEGIN IANA COMMENTS) IESG/Authors/WG Chairs: The IANA Functions Operator has completed its r

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

Hello OAuth registry reviewers, the IESG-designated experts for the OAuth parameters registry have asked me to send a review request to you about the OAuth parameters registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.3 and the OAuth introspection response par

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

Hello CWT registry reviewers, the IESG-designated experts for the CWT claims registry have asked me to send a review request to you about the "rs_cnf" claim registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.2 Thank you in advance for you review comments. Re

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

Hello JWT registry reviewers, the IESG-designated experts for the JWT claims registry have asked me to send a review request to you about the "rs_cnf" claim registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.1 Thank you in advance for you review comments. Reg

Re: [Ace] I-D Action: draft-ietf-ace-oauth-params-07.txt

Environments WG of the IETF. Title : Additional OAuth Parameters for Authorization in Constrained Environments (ACE) Author : Ludwig Seitz Filename: draft-ietf-ace-oauth-params-07.txt Pages : 13 Date: 2019-12-17

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-params-06

Hello Elwyn, thank you for your review. Comments inline. /Ludwig On 2019-12-14 23:46, Elwyn Davies via Datatracker wrote: Reviewer: Elwyn Davies Review result: Not Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-29.txt

Authorization for Constrained Environments WG of the IETF. Title : Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth) Authors : Ludwig Seitz Goeran Selander

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-authz-27

On 2019-12-12 21:44, Stewart Bryant via Datatracker wrote: Abstract This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE- OAuth. The framework is based on a set of building blocks including OAuth 2.0 SB

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-authz-27

On 2019-12-12 21:44, Stewart Bryant via Datatracker wrote: Reviewer: Stewart Bryant Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat th

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-28.txt

: Ludwig Seitz Goeran Selander Erik Wahlstroem Samuel Erdtman Hannes Tschofenig Filename: draft-ietf-ace-oauth-authz-28.txt Pages : 87 Date

Re: [Ace] Secdir last call review of draft-ietf-ace-oauth-authz-27

On 2019-12-08 19:18, Stephen Kent via Datatracker wrote: Reviewer: Stephen Kent Review result: Has Issues SECDIR review of draft-ietf-ace-oauth-authz-27 The summary of the review is almost ready, but needs some revisions. I have reviewed this document as part of the security directorate's ongo

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

Hi Ben, replies inline. /Ludwig From: Benjamin Kaduk Sent: Tuesday, November 26, 2019 12:04 AM To: Ludwig Seitz Cc: ace@ietf.org Subject: Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt Hi Ludwig, On Thu, Nov 21, 2019 at 03:16:03AM +0100

Re: [Ace] comment on draft-ietf-ace-oauth-authz-26

rsday, November 21, 2019 10:27 AM To: Daniel Migault Cc: Ludwig Seitz; ace@ietf.org Subject: Re: [Ace] comment on draft-ietf-ace-oauth-authz-26 Hello, Ludwig, I agree that the current draft describes specifically for when CBOR is used. When CBOR is not used, I have read it as it will act simil

Re: [Ace] comment on draft-ietf-ace-oauth-authz-26

ding the error code "incompatible_profiles" defined in Figure 10. """ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

decided to remove the text describing that option. This still leaves us with the two other options, so the problem is still covered. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

n Wed, Nov 13, 2019 at 01:55:44PM +0100, Ludwig Seitz wrote: On 10/11/2019 04:28, Benjamin Kaduk wrote: 16.) Section 3.2 One application of COSE is OSCORE [I-D.ietf-core-object-security], which provides end-to-end confidentiality, integrity and replay protection, and a secure bi

Re: [Ace] Mail regarding draft-tiloca-ace-revoked-token-notification-00

h would of course depend on the charset. Side-note: Do we want/need to cater for such a weird corner-case? Who in their right mind would use JSON in a CoAP message? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Des

Re: [Ace] AD review of draft-ietf-ace-oauth-params-05

registry established in section 8.11. of [I-D.ietf-ace-oauth-authz]. Similarly, this has been renamed to "OAuth Token Introspection Response CBOR Mappings". Fixed. Section 11.1 It's not entirely clear that RFC 7252 needs to be a normative reference; we don't do much with CoAP directly in this document. Agree. I moved it. Appendix A We might want to wordsmith this some if it's to be kept for the final RFC (depending on what the OAuth work looks like at that point). I'm not sure that there are any useful changes to make to it right now, though. It seems the OAuth draft I'm talking about here is not going anywhere fast. We might consider removing this in the final edition. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

doc/downref/ as an "acceptable downref", so we don't even have to do that, in this case. Ok I made RFC 4949 normative, I didn't know about the "acceptable downref" arrangement with the secretariat. If you want to get a new revision up to make these last

Re: [Ace] ACE@IETF106 - agenda items and presentations

). /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-25.txt

...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-25.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name: draft-ietf-ace-oauth-authz Revision

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

as GET and POST. Future profiles using protocols that do not support these verbs MUST specify how the corresponding protocol messages are transmitted instead. " In the Overview section where we mention alternate transport protocols. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

On 15/10/2019 16:07, Ludwig Seitz wrote: 78.) Section 6.1 I think we should have a little bit more discussion about what attacks are possible even when a client hard-codes a list of trustworthy ASes, e.g., when a device in one AS's purview is compromised and tries to get the client to

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

Hello Ben, thank you for your thorough review. I have taken the liberty to add numbers to your comments in order to refer to them in a easier way. I have fixed 93 your 113 and there are 20 left where I am asking for clarifications. These are: 6.), 12.), 16.), 19.), 34.), 39.), 41.), 45.),

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

On 01/10/2019 05:13, Benjamin Kaduk wrote: On Fri, Sep 27, 2019 at 03:22:45AM -0700, Jim Schaad wrote: -Original Message- From: Ludwig Seitz Sent: Friday, September 27, 2019 12:03 AM To: Benjamin Kaduk ; draft-ietf-ace-oauth-authz@ietf.org Cc: ace@ietf.org Subject: Re: AD

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

pted the AEAD integrity check (and decryption) is necessarily the first processing step. Any ideas how to resolve this gracefully (i.e. without adding a large amount of text) are most welcome. Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7

Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

.    Thanks all,    -- Mike *From:* Samuel Erdtman *Sent:* Wednesday, September 25, 2019 12:18 AM *To:* Ludwig Seitz *Cc:* Mike Jones ; Benjamin Kaduk ; draft-ietf-ace-cwt-proof-of-possession@ietf.org

Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

On 25/09/2019 02:23, Mike Jones wrote: I'm fine with us making both of the proposed changes. Thanks, -- Mike +1 -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptogr

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

such an implementation yet. So far everybody is combining the two AS roles into a single system. If you are ever in the second case, I would argue that you are better off using asymmetric keys all the way around. I can see this use case. That rules out my option 1. of removing this construct.

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

n prior to granting approval, or are they limited to denying registration of values with poor security properties or insufficient documentation thereof? I'm too unfamiliar with the designated expert system to provide a good answer on this one. Can one of my co-authors chip in here? Issue cre

Re: [Ace] Keeping the same key identifier for groups

hat's my A) traffic in group Z, now you also want authorization to "write" messages to group Z (that's my B). What I'm saying is you should get a new CWT that says "read+write on Z" (and not a separate one that says "write on Z" to combine with the f

Re: [Ace] Keeping the same key identifier for groups

that the latter one should supersede the previous ones. Example: If you have a CWT authorizing A for audience Z and you now also need authorization B for audience Z, you should request a CWT for A+B for audience Z, that replaces your previous one. /Ludwig -- Ludwig Seitz, PhD Security Lab, RIS

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

On 12/08/2019 23:59, Carsten Bormann wrote: On Aug 12, 2019, at 14:08, Ludwig Seitz wrote: As far as I gather from the comments (especially from Carsten), we'd solve this by referencing section 6 of RFC 7049. I will consult with my co-authors, but I think this is the right solution.

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

, [JWS]) and RFC-number tags (e.g., [RFC7800]) for the referenced RFCs. I'm more inclined to have RFC number tags (makes it easier to look them up without going via the bibliography), but it's mostly a matter of taste. Do you think we should use one or the other consist

[Ace] Review of draft-ietf-ace-key-groupcomm-oscore

t; This is incorrect use of requirements language. This 'MAY' can not be tested and the arguments for claiming conformance to this requirement would be quite diffuse. I suggest to require maintaining the Sender IDs. Why should the GM change them in the first place? Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

[Ace] Review of draft-ietf-ace-key-groupcomm

iviledge) and not just stop using them. == 6. "Then, if it wants to continue participating in the group communication, the node has to request new updated keying material to the KDC." should be "... keying material from the KDC." == Sections 8. and 9. Would be nice if

Re: [Ace] Transporting different types of cnf objects - CBOR vs JSON

good use case for transporting JOSE keys in CBOR, but if such a case turns up, I would agree that touching the encoding as little as possible is a good idea (=option 1 or 2). /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic

Re: [Ace] Comments on draft-ietf-ace-mqtt-tls-profile

/Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] draft-ietf-ace-mqtt-tls-profile connections

are not exactly "constrained-friendly", would it make sense to look at that as well to define a "MQTT-SN-over-DTLS-based" profile? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cry

Re: [Ace] Adoption call for draft-sengul-ace-mqtt-tls-profile

nsor networks, and thus ACE would be very much less relevant if we didn't work on a solution for MQTT as well. Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature __

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-24.txt

/Ludwig Forwarded Message Subject: New Version Notification for draft-ietf-ace-oauth-authz-24.txt Date: Wed, 27 Mar 2019 02:16:23 -0700 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new vers

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-params-05.txt

-ace-oauth-params-05.txt Date: Mon, 25 Mar 2019 08:54:18 -0700 From: internet-dra...@ietf.org To: Ludwig Seitz A new version of I-D, draft-ietf-ace-oauth-params-05.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name: draft-ietf-ace-oauth-params

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-23.txt

08:53:03 -0700 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-23.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name:

Re: [Ace] Call for IETF 104 agenda items

On 11/03/2019 23:24, Jim Schaad wrote: Call Number 2 for agenda items. If you don't ask you will not be on the agenda. Jim I'd like another 5 minutes to present draft-secheverria-ace-client-disadvantaged-00 /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-22.txt

arded Message Subject: New Version Notification for draft-ietf-ace-oauth-authz-22.txt Date: Tue, 5 Mar 2019 01:52:31 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-aut

Re: [Ace] draft-ietf-ace-oauth-authz

you were going for. Sorry for the slow uptake, and you are indeed right. I will go through the mapping IANA sections and redue the applicable policies to "expert review required" and "private use" based on the number ranges. /Ludwig -- Lud

Re: [Ace] Call for IETF 104 agenda items

/agenda/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace Hello, I would like 15 minutes to present and discuss the changes in draft-ietf-oauth-authz and draft-ietf-oauth-params /Ludwig -- Ludwig Seitz, PhD Security Lab

Re: [Ace] draft-ietf-ace-oauth-authz

could still allow this. IANA would still have the DE approve the assignment. Ok so you mean not having "specification required" for -65536 to -257 and 256 to 65535 and not having "standards action" for -256 to 255 would be ok? Note that this would be different from the po

Re: [Ace] Comment about error responses in draft-ietf-ace-oauth-authz-21

all can be provided. The intent was that these error messages should only be sent when the access token is POSTed to the authz-info endpoint. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature

Re: [Ace] draft-ietf-ace-oauth-authz

8. This document has an IPR disclosure on it. If anybody has any problems with the current disclosure then they need to speak up now. Processing ... The changes are currently only in the github version, I will upload a new version of the draft soon. /Ludwig -- Ludwig Seitz, PhD Security La

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-21.txt

t-ietf-ace-oauth-authz-21.txt Date: Thu, 14 Feb 2019 01:27:00 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-21.txt has been successfully submitted by Ludwig Seitz and

[Ace] Unresolved issue blocking progress for draft-ietf-ace-oauth-authz

Hello all, I would like to call the group's attention to this message of mine (it was probably drowned out in the shepherd's review thread): On 31/01/2019 10:40, Ludwig Seitz wrote: Hello, we have an unresolved review comment by Steffi that got lost in the holiday seaso

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-20.txt

Hello ACE, I've updated both draft-ietf-ace-oauth-authz and draft-ietf-ace-oauth-params to replace the "req_aud" parameter with the equivalent "audience" parameter (not to be confused with "aud") from draft-ietf-oauth-token-exchange. /Ludwig -- Ludwig

Re: [Ace] Resource, Audience, and req_aud

's comment was a go-ahead with chair hat on. I'm in the process of making the necessary updates to both draft-ietf-ace-oauth-params and draft-ietf-ace-oauth-authz. Expect an update in the next 10 minutes. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 s

Re: [Ace] Resource, Audience, and req_aud

or less the same semantics) seems reasonable to me. Do the chairs think that this would unduly delay the progress of draft-ietf-ace-oauth-params? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature

Re: [Ace] Resource, Audience, and req_aud

t, but I'd like the parameter to be aligned with the JWT "aud" claim as well and currently "resource" is URI while "aud" is StringOrURI. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smi

Re: [Ace] [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

owever the audience claim is defined to be "StringOrURI" so if someone defines an audience identified by a String that is not an URI how does a client ask for that with the resource parameter? Or in short: Why don't you make your resource parameter mirror the "aud" claim?

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-19.txt

Message Subject: New Version Notification for draft-ietf-ace-oauth-authz-19.txt Date: Thu, 31 Jan 2019 04:45:55 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth

Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

oceed here. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

On 30/01/2019 19:23, Jim Schaad wrote: -Original Message- From: Ludwig Seitz Sent: Wednesday, January 30, 2019 12:38 AM To: Jim Schaad ; draft-ietf-ace-oauth- au...@ietf.org Cc: ace@ietf.org Subject: Re: Shepard review for draft-ietf-ace-oauth-authz Thank you Jim, I'll upl

Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

these should have the JWT Claim name filled in? It would seem that all of them should. If not a comment about this is needed. Fixed. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Shepard review comments on draft-ietf-ace-oauth-params

. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-params-02.txt

Subject: New Version Notification for draft-ietf-ace-oauth-params-02.txt Date: Tue, 29 Jan 2019 00:59:05 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz A new version of I-D, draft-ietf-ace-oauth-params-02.txt has been successfully submitted by Ludwig Seitz and posted to the IETF

Re: [Ace] [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

For example my intent was to use "aud" and "req_aud" for group identifiers ("temperatureSensorGroup4711") and other non-uri strings (hash-of-public-key), which I cannot do with "resource". We therefore decided to keep the "req_aud" parameter in d

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-18.txt

-ace-oauth-authz-18.txt Date: Thu, 17 Jan 2019 06:45:56 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-18.txt has been successfully submitted by Ludwig Seitz and

Re: [Ace] Token (In)Security

? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Security of the Communication Between C and RS

my example was perhaps not ideal, since it has an even bigger breach as precondition. So under what conditions would an attacker get access to a pop-key of an expired token? Steffi any ideas? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70

Re: [Ace] Security of the Communication Between C and RS

ng how a client could detect that a token has expired. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Security of the Communication Between C and RS

parameter. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

  1   2   3   >