Re: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)
Göran Selander <goran.selander@ericsson.com> Fri, 03 July 2020 07:11 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BF13A0DBD for <ace@ietfa.amsl.com>; Fri, 3 Jul 2020 00:11:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmR1nMW9Cg-m for <ace@ietfa.amsl.com>; Fri, 3 Jul 2020 00:11:27 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2066.outbound.protection.outlook.com [40.107.20.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E9703A0DB4 for <ace@ietf.org>; Fri, 3 Jul 2020 00:11:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fCu58QC8wjHYXIUqtCW78fhkCL0PC97lOycpx5JchQ4cLX91XAvOFOU2CuzhUSPQAjDpM0dFCQrP68totKNEsOfFeboIyB+4sj2+IoBSLjvp6jZGEzc/r+nJFc9tWuzNGFnRSwELZqLDkWp/IGoo0vwtDRnKuFT6qe6XzFmOPDieOVHGFHawEDvM6omr4g1yj0mqDwH8iQ27lJdiXn4boZ4uQ+RScv+rF66Xd920zNIkcdJ8QaoPPNtfrrPHlXUxM0Fogo10wAht5MOToUu6VE534yaoXFO0yCYjTqkY2DEizQs421mL7CBrtRAUl8jfWbmRuQxsWmtKdUfe98zbBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s8qvGTfcBgMlPObUXEByi6xUzhgI2RaOCO8HTGPW6NE=; b=fCEPgo5ifrPkHwd64bSUd0sPRn427oExdRf+FMxmsrqTYsskAx6w3+nCGWbREKG4Z9R19+1+eTffFQ/1GLkQe/Zu88rIHChC+BuVOTq9M9YbMFCFNbb2OK4EvLcm+n9knQvRxAeYlQMWLllnee4Cths5Ur9KnH3SUnWQXHtgIdH1WAB/9z4Tcvz8lYlYAJ6hDuHJDs3sBjMfs5tA+JVWFDNo8LMAcr/Q33PlDsGqf1HED1bMGY0oXO/KdQ1B5IhnnqzmSgbHc9aJrua3Ygk1v4/yMpzCXM94b6qvIvm8PnOvMMohFLffLvawbaX6cwO/AaOeCY0Z3Hc8pxQrC0yIug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s8qvGTfcBgMlPObUXEByi6xUzhgI2RaOCO8HTGPW6NE=; b=mVd/SZ7bWPCrhMNqdAe+pa8talerwP0Ato+KyP3BxbymqUMCL1HcCT+wr/wIcxsRjh2VudEV32iPrCgCSNizQ4QOwrF50fThc9K639zDuF0K2KqiFgYN5Af4vSiTSkwVGUAG3w0G4jQufHdJEBiu+sdVhhlqZiman2vrAtYskAA=
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com (2603:10a6:208:1e::21) by AM0PR07MB6260.eurprd07.prod.outlook.com (2603:10a6:20b:15a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.10; Fri, 3 Jul 2020 07:11:25 +0000
Received: from AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e]) by AM0PR0702MB3665.eurprd07.prod.outlook.com ([fe80::75ea:232a:4132:452e%4]) with mapi id 15.20.3153.028; Fri, 3 Jul 2020 07:11:25 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)
Thread-Index: AQHWUQcOALKntCrXyUOckpzNX7iTSKj1kcsA
Date: Fri, 03 Jul 2020 07:11:24 +0000
Message-ID: <0402CE8F-001C-4333-8C64-662B1C13E6F0@ericsson.com>
References: <CADZyTknUKEazjkfQvC_r0_bzEvuYwHMTP1pF_-HYVL6y15_DUw@mail.gmail.com> <20200703065558.GA559393@hephaistos.amsuess.com>
In-Reply-To: <20200703065558.GA559393@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.251.145.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d12a6999-73a3-4e21-60aa-08d81f204c2d
x-ms-traffictypediagnostic: AM0PR07MB6260:
x-microsoft-antispam-prvs: <AM0PR07MB62606248755D27541EC19661F46A0@AM0PR07MB6260.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 045315E1EE
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: plTjQrj+w8pSIrTPVyW7G+x0wzcL2VzXPwr+vDR97QCg0nzvohkKHX9ExDeswv+PN/NWsBpubqbWVageCL7d2Jbj2S8SU/Fz8ES2CC9DQqatkhld1IKs2sGn2+IG/FQmSbMWqnocJjpB78z72huin4fDT+xIbb4uN5kEYfv4IF8I8xXIqFHuSJaVM6tKUbewiY9zeX+M2I0T0p/Fb0mRT4XeJO7DveUpNkPIf/sL5WSxnQCi3veAJbkkCn5+/6k1rdKVrtqcdFVBmfFTjLAEVUYCaom2nQvEW25GBrGCWyt734MAVMEa0aCg9k2bvE/TkobPCqW5K/nQvU5gsldPaQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3665.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(366004)(136003)(346002)(396003)(376002)(478600001)(33656002)(66556008)(186003)(5660300002)(66476007)(2616005)(83380400001)(91956017)(66574015)(76116006)(66946007)(6486002)(71200400001)(316002)(8676002)(8936002)(64756008)(85182001)(86362001)(6916009)(6506007)(6512007)(2906002)(66446008)(85202003)(26005)(36756003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: NOWnuMBTCiRkNzcXCrLCPTq23w8vD74WlIFCc/l3czlLfFEQtbZ7awrArlGZMOT1wl+BtQxNw/6i9j1rJOkysZBUyw6E15hMUyFPVXx7kMu9xK6q8qC3GslItPzm49Zo3oObeDXiDw7xDMEoz6xVeVzfWura78V8Jh6FjTlZu2o84TJYl2/tEMBgTObwsXBiRv6NXer2AfxR7QkGbzuRPkVVurv6AeGyw1GUoi3T/wzWW31CHJVUXzBLAzMbXidWWZJoUrnIbINw9YRonyMsiFhgBOW8oHOQ/wbrkHoKVH1OfEpJsWFViA79rOxZVTcWOzP4GG7ty7z/B33Et1+yKhQZwkqP3+/HyWIRZf8A0fXr/VdW7GDhzyJABRE+BVDD1xkNGwvIFSs1rtLD4jes/8d+qZ7KWjab5DrKr3xNttYk284XfTbUmBD4m9Hkx1JS0tFcZNY4/c34Ar9uePuA56q0mGj8Rb7zRFM2xxlfA0V6dsNI5zb/wYBqzYZhMnGv
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <794F979D03E0B6448F30E9596A63F47C@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3665.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d12a6999-73a3-4e21-60aa-08d81f204c2d
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2020 07:11:24.9922 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E+WpzNfWEblotD5ewiMMcBdcOT57CSQN5oATQdw/I76i+EtLKgC+YjO5UGpqV6+ddkn7CpXFISyEooBCRZEZNBwXqCnQcTmyWlVlHvW33y4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6260
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/7HxhLP7EP4boa0GEx9yoeJ5rRYw>
Subject: Re: [Ace] Call for adoption draft-tiloca-ace-oscore-gm-admin (with some review items)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2020 07:11:29 -0000
> I've read through draft-tiloca-ace-oscore-gm-admin. Its value is in that > it fixes a gap in the set of current drafts on the topic: > Without (something like) this, group deployment applications need > application specific group managers, and as the GM is not trivial to > implement, I'd expect that they would bundle the GM with their > on-at-deployment-time tools rather than ship a constrained and > well-specified always-on GM that's just managed by their deployment > tools -- leading to much more error prone deployments that can't > leverage OSCORE group communication in full. +1 I support adoption. Göran On 2020-07-03, 08:56, "Ace on behalf of Christian Amsüss" <ace-bounces@ietf.org on behalf of christian@amsuess.com> wrote: Hello ACE, I've read through draft-tiloca-ace-oscore-gm-admin. Its value is in that it fixes a gap in the set of current drafts on the topic: Without (something like) this, group deployment applications need application specific group managers, and as the GM is not trivial to implement, I'd expect that they would bundle the GM with their on-at-deployment-time tools rather than ship a constrained and well-specified always-on GM that's just managed by their deployment tools -- leading to much more error prone deployments that can't leverage OSCORE group communication in full. I don't quite see myself in a position to advocate adoption in this WG I haven't actively contributed to before, but I do support this document being processed somewhere in the IETF. Best regards Christian PS: Small by-catch issues for the authors: The pct-encoded names in the group name sound odd to me. What do those names have to do with URI components? The "is fixed" and "is a default name" terminology around resources is probably confusing to people who don't know ahead of time what it's supposed to mean; moreover, demanding that the URI be fixed is a pretty harsh requirement for something that may move around in the network; furthermore, while an I-D should avoid creating URI aliasing, it shouldn't rule out that the server may do that either. (And if it supports different transports, right now it needs to). Later in 2.5.3, it even sounds like the path is prescribed. Other than this being an ACE document, is there a particular reason "Getting Access to the Group Manager" is prescribed to use ACE? The whole 2.1 section sounds quite repetitive when read in the context of ACE, and unnecessary when different methods are employed. Maybe if there were talk about different admins and whether they may change each other's groups that'd be conveniently be expressed in terms of ACE scopes (not sure), but as of now it isn't. Why is "Update a Group Configuration" a PUT and not a PATCH? It does not replace the resource, it just modifies it. -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [Ace] Call for adoption draft-tiloca-ace-oscore-g… Daniel Migault
- Re: [Ace] Call for adoption draft-tiloca-ace-osco… Francesca Palombini
- Re: [Ace] Call for adoption draft-tiloca-ace-osco… Christian Amsüss
- Re: [Ace] Call for adoption draft-tiloca-ace-osco… Göran Selander
- Re: [Ace] Call for adoption draft-tiloca-ace-osco… Marco Tiloca
- Re: [Ace] Call for adoption draft-tiloca-ace-osco… Daniel Migault