Re: [Ace] [EXTERNAL] Francesca Palombini's No Objection on draft-ietf-ace-oauth-params-13: (with COMMENT)
Seitz Ludwig <ludwig.seitz@combitech.se> Thu, 25 March 2021 07:22 UTC
Return-Path: <ludwig.seitz@combitech.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09AE03A138D; Thu, 25 Mar 2021 00:22:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Og5OsTU_256Y; Thu, 25 Mar 2021 00:22:25 -0700 (PDT)
Received: from weald2.air.saab.se (weald2.air.saab.se [136.163.212.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFF83A138A; Thu, 25 Mar 2021 00:22:22 -0700 (PDT)
Received: from mailhub1.air.saab.se ([136.163.213.4]) by weald2.air.saab.se (8.14.7/8.14.7) with ESMTP id 12P7MGgi010052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 25 Mar 2021 08:22:16 +0100
Received: from corpappl17774.corp.saab.se (corpappl17774.corp.saab.se [10.12.196.81]) by mailhub1.air.saab.se (8.13.8/8.13.8) with ESMTP id 12P7LmTj026005 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Thu, 25 Mar 2021 08:21:48 +0100
Received: from corpappl17773.corp.saab.se (10.12.196.80) by corpappl17774.corp.saab.se (10.12.196.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 25 Mar 2021 08:21:48 +0100
Received: from corpappl17773.corp.saab.se ([fe80::20a9:e9fa:54a3:2afd]) by corpappl17773.corp.saab.se ([fe80::20a9:e9fa:54a3:2afd%17]) with mapi id 15.02.0792.010; Thu, 25 Mar 2021 08:21:48 +0100
From: Seitz Ludwig <ludwig.seitz@combitech.se>
To: Francesca Palombini <francesca.palombini@ericsson.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-ace-oauth-params@ietf.org" <draft-ietf-ace-oauth-params@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [EXTERNAL] Francesca Palombini's No Objection on draft-ietf-ace-oauth-params-13: (with COMMENT)
Thread-Index: AQHXIMEDsv9Qyn6GdEqltCTL1QBcBqqUSoyA
Date: Thu, 25 Mar 2021 07:21:48 +0000
Message-ID: <2a4a0298f646400d9843f13ddf4f4f2b@combitech.se>
References: <161659911162.32056.3549884311217842987@ietfa.amsl.com>
In-Reply-To: <161659911162.32056.3549884311217842987@ietfa.amsl.com>
Accept-Language: en-SE, sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [136.163.101.122]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Saab-MailScanner-Information: Please contact the ISP for more information
X-Saab-MailScanner-ID: 12P7LmTj026005
X-Saab-MailScanner: Found to be clean
X-Saab-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=1.594, required 5, HELO_NO_DOMAIN 0.00, KAM_ASCII_DIVIDERS 0.80, RDNS_NONE 0.79)
X-Saab-MailScanner-SpamScore: s
X-Saab-MailScanner-From: ludwig.seitz@combitech.se
X-Saab-MailScanner-Watermark: 1617261709.17471@Q/XfGaY3J4USeqWdbKLVPA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/5S5FcLlU8iR_tPCLnyB61ne1yck>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's No Objection on draft-ietf-ace-oauth-params-13: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 07:22:28 -0000
Hello Francesca, Thank you for your review. I have some comments inline. /Ludwig > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for this document. A couple of minor comments below. > > Francesca > > 1. ----- > > better symmetric keys than a constrained client. The AS MUST > verify that the client really is in possession of the > corresponding key. Values of this parameter follow the syntax and > > FP: I think it would have been helpful to give some details about how this is > done "by verifying the signature ..." or a reference to where this is described. > I believe this would expand the scope of this document in a way I'd rather leave to the profiles. The AS can verify possession of a key in various ways, some of which may be provided by the security protocol used between the client and the AS, which in turn would be defined in the profiles. Would you be ok with the following addendum: "Profiles of [framework] using this specification MUST define the proof-of-possession method used by the AS, if they allow clients to request the use of asymmetric keys as proof-of-possession key."? > 2. ----- > > parameters. An RS MUST reject a proof-of-possession using such a > key. > > FP: Is any error message supposed to be sent in such a case? I suggest to update to add a 4.00 (Bad Request) here.
- [Ace] Francesca Palombini's No Objection on draft… Francesca Palombini via Datatracker
- Re: [Ace] [EXTERNAL] Francesca Palombini's No Obj… Seitz Ludwig
- Re: [Ace] [EXTERNAL] Francesca Palombini's No Obj… Francesca Palombini