Re: [Ace] Roman Danyliw's No Objection on draft-ietf-ace-aif-06: (with COMMENT)
Carsten Bormann <cabo@tzi.org> Thu, 10 March 2022 01:44 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCE643A0D0D; Wed, 9 Mar 2022 17:44:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRRWCiVEhSdS; Wed, 9 Mar 2022 17:44:30 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [134.102.50.15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F06733A0D05; Wed, 9 Mar 2022 17:44:26 -0800 (PST)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de [80.137.173.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4KDX131K4wzDCdY; Thu, 10 Mar 2022 02:44:23 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <164678977434.27480.7900243065531239477@ietfa.amsl.com>
Date: Thu, 10 Mar 2022 02:44:22 +0100
Cc: The IESG <iesg@ietf.org>, draft-ietf-ace-aif@ietf.org, ace-chairs@ietf.org, Ace Wg <ace@ietf.org>, loganaden@gmail.com
X-Mao-Original-Outgoing-Id: 668569462.670246-deba7277c742534b107c6a3d6bca40da
Content-Transfer-Encoding: quoted-printable
Message-Id: <D14E522E-8C19-4435-96E5-3D5D4D23B85F@tzi.org>
References: <164678977434.27480.7900243065531239477@ietfa.amsl.com>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/0p5IUeqUIawNFdTXHicbMU9TIX4>
Subject: Re: [Ace] Roman Danyliw's No Objection on draft-ietf-ace-aif-06: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 01:44:33 -0000
Hi Roman, Thank you for your thoughts. I’m currently collecting updates into https://github.com/cabo/ace-aif until the ID submission opens again. > On 2022-03-09, at 02:36, Roman Danyliw via Datatracker <noreply@ietf.org> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-ace-aif-06: No Objection […] > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ** Section 5.2. > The registration policy is Specification required [RFC8126]. The > designated expert will engage with the submitter to ascertain the > requirements of this document are addressed. > > To help the DE, is there a way to be clearer on what requirements need to be > satisfied? Is it the bulleted list in the SecCons? Section 4? DE instructions are good, but may be a bit tedious in this document. I’m not sure the DE will be able to assess the level of quality to which the seccons bullets are realized (which is not only hard in general, but here also requires knowledge of the application context), so I reduced this to a more abstract formulation. RFC 6838 also poses requirements on the names allocated, which probably should be further limited by some common-sense thinking. Addressed in https://github.com/cabo/ace-aif/commit/18fe26e > ** Section 6. I was under the impression that AIF didn’t have an explicit > requirement to use CoAP. For example, draft-ietf-ace-mqtt-tls-profile appears > to use the information model but isn’t restricted to CoAP. Therefore, is it > more accurate to say: > > OLD > The security considerations of [RFC7252] apply > > NEW > When AIF is used with CoAP, the security considerations of [RFC7252] apply. It’s a bit more complicated, as Section 11.1 of those is applicable to many other configurations. Fixed in https://github.com/cabo/ace-aif/commit/5e24927 Grüße, Carsten
- [Ace] Roman Danyliw's No Objection on draft-ietf-… Roman Danyliw via Datatracker
- Re: [Ace] Roman Danyliw's No Objection on draft-i… Carsten Bormann