Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag

2017-10-20 Thread Samuel Erdtman
PM > > To: Hannes Tschofenig <hannes.tschofe...@arm.com> > > Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad > > <i...@augustcellars.com>; ace@ietf.org > > Subject: Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag > > > > On Oct 19

Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag

2017-10-19 Thread Jim Schaad
ormann [mailto:c...@tzi.org] > Sent: Thursday, October 19, 2017 1:32 PM > To: Hannes Tschofenig <hannes.tschofe...@arm.com> > Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad > <i...@augustcellars.com>; ace@ietf.org > Subject: Re: [Ace] draft-ietf-ace-cbor-web

Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag

2017-10-19 Thread Mike Jones
. -- Mike -Original Message- From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Carsten Bormann Sent: Thursday, October 19, 2017 10:05 AM To: Jim Schaad <i...@augustcellars.com> Cc: Hannes Tschofenig <hannes.tschofe...@arm.com>; ace@ietf.org Subject: Re: [Ace] draft-ietf-

Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag

2017-10-19 Thread Carsten Bormann
On Oct 19, 2017, at 18:41, Jim Schaad wrote: > > • I already know that this is going to be a CWT so I save a byte. > • I don’t know so I waste a tag byte in that case. Right. In REST protocols, we usually have a media type, so we don’t need the CBOR Tag.

Re: [Ace] draft-ietf-ace-cbor-web-token-08 / draft-ietf-ace-cwt-proof-of-possession

2017-10-02 Thread Samuel Erdtman
Hi Hannes, This is how I think it should be done. There are two keys that needs to be identified, the key to verify the CWT and the key to use for the DTLS handshake. When it comes to verifying the CWT, it is the AS key that should be used. I don´t think it is unreasonable to assume that the AS

Re: [Ace] draft-ietf-ace-cbor-web-token

2017-06-26 Thread Samuel Erdtman
We have no plans to use external data in CWT. As you pointed out it would move us further form JWT something that we have actively tried to avoid. On Mon, Jun 26, 2017 at 8:57 AM Jim Schaad wrote: > Are the authors planning to do anything with the external data option

[Ace] draft-ietf-ace-cbor-web-token

2017-06-26 Thread Jim Schaad
Are the authors planning to do anything with the external data option that is part of the COSE specification? I realize that this is not part of JWT and thus including it would lead to a difference between the specifications, but as I was working to try and get my CWT implementation the question