Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06

[elwynd <elwynd@folly.org.uk>]

Sent from Samsung tablet.
-------- Original message --------From: Ludwig Seitz <ludwig_seitz@gmx.de> Date: 07/01/2020  19:52  (GMT+00:00) To: elwynd <elwynd@folly.org.uk>, gen-art@ietf.org Cc: last-call@ietf.org, draft-ietf-ace-oauth-params.all@ietf.org, ace@ietf.org Subject: Re: [Gen-art] [Ace] Genart last call review of
  draft-ietf-ace-oauth-params-06 On 2019-12-22 19:27, elwynd wrote:> Hi, Ludwig.>> Having had another look at section 3.1 of> draft-ietf-ace-cwt-proof-of-possession, technically the rules about> which keys have to be present are not part of the syntax of the cnf> claim.  The point can be covered by changing '"syntax of the 'cnf' claim"> to "syntax and semantics of the 'cnf' claim"> in each case.>> However, the second look threw up another point:  Figure 2 in s3.2 gives> a Symetric key example  - I think this should use an Encrypted_COSE_Key> (or Encrypted_COSE_Key0) as described in section 3.3 of> draft-ietf-ace-cwt-proof-of-possession.>> Otherwise I think we are done.>> Eventually we will get to Christmas!>> Cheers,> Elwyn>>Hello Elwyn,I hope you had a merry Christmas and a happy new year's eve.I have updated the draft to -10, fixing the phrasing to your suggestionfrom the first paragraph above in various places (and an issue that cameup during IANA review).Given my argument for not having the encrypted COSE_Key in figure 2 Ileft that part as it was. Please indicate whether this is acceptablewith the given explanation.Regards,LudwigHi, Ludwig.Yes, we had a pleasant festive season - Hope yours was good also.The -10 draft looks good.  Regarding the symmetric key in s3. 2/Figure 2, I think it would be worth adding a sentence to point out that one might have to use the encrypted form per proof-of-posession draft if the overall message was not encrypted (as in it is in the oauth usage).Cheers,Elwyn