Re: [Ace] WGLC draft-ietf-ace-extend-dtls-authorize

Olaf Bergmann <bergmann@tzi.org> Mon, 07 March 2022 10:56 UTC

Return-Path: <bergmann@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F6FD3A08D2 for <ace@ietfa.amsl.com>; Mon, 7 Mar 2022 02:56:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V60ZjZlptniD for <ace@ietfa.amsl.com>; Mon, 7 Mar 2022 02:56:38 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [134.102.50.15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30C483A0940 for <ace@ietf.org>; Mon, 7 Mar 2022 02:56:38 -0800 (PST)
Received: from wangari.tzi.org (p5b36f4cd.dip0.t-ipconnect.de [91.54.244.205]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4KBwPb2t02zDCj6; Mon, 7 Mar 2022 11:56:35 +0100 (CET)
From: Olaf Bergmann <bergmann@tzi.org>
To: Marco Tiloca <marco.tiloca@ri.se>
Cc: Daniel Migault <mglt.ietf@gmail.com>, Ace Wg <ace@ietf.org>, Loganaden Velvindron <loganaden@gmail.com>
References: <164396483981.22307.17112641331652425403@ietfa.amsl.com> <CADZyTk=BKLPUBBp88c6W0baYjjfpgJb7R=p9H+XkZ_4YoRTGiQ@mail.gmail.com> <1c0c1db5-926f-31bc-10b6-7edc2f5da773@ri.se> <87h78wz6px.fsf@wangari> <8e507770-8438-9721-7e42-b0fcd5c08360@ri.se> <875yov12o0.fsf@wangari> <ee278ca2-87f0-0880-36b9-92780ad94f9e@ri.se> <87czj1diu6.fsf@wangari> <5596cea3-e8eb-2f29-835f-f06a21f76fc3@ri.se>
Date: Mon, 07 Mar 2022 11:56:31 +0100
In-Reply-To: <5596cea3-e8eb-2f29-835f-f06a21f76fc3@ri.se> (Marco Tiloca's message of "Fri, 4 Mar 2022 14:37:34 +0100")
Message-ID: <877d962fq8.fsf@wangari>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/2iM1PQQdgETignoojFT5kQC2oTY>
Subject: Re: [Ace] WGLC draft-ietf-ace-extend-dtls-authorize
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2022 10:56:52 -0000

Hi Marco,

On 2022-03-04, Marco Tiloca <marco.tiloca@ri.se> wrote:

> On 2022-03-04 13:04, Olaf Bergmann wrote:

> Maybe this text?
>
> "... as unsupported ACE profiles. If the Client is modified
> accordingly or it learns that the Resource Server has been, the Client
> may try to connect to the Resource Server using the transport layer
> security mechanism that was previously not mutually supported, as long
> as the access token is still valid."

I have added this text as suggested except for the last part, "as
long as the access token is still valid."

The reason I left this out is that if the software has changed it is
likely that the modified peer does not have the existing
token. Therefore, it would also be reasonable to retrieve a new
access token for the subsequent attempt.

Grüße
Olaf