Re: [Ace] Protocol Action: 'Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)' to Proposed Standard (draft-ietf-ace-dtls-authorize-18.txt)
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 04 November 2021 17:56 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34A443A11CB for <ace@ietfa.amsl.com>; Thu, 4 Nov 2021 10:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8G01ZDxaZki for <ace@ietfa.amsl.com>; Thu, 4 Nov 2021 10:56:01 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 122423A11C5 for <ace@ietf.org>; Thu, 4 Nov 2021 10:56:00 -0700 (PDT)
Received: from dooku.sandelman.ca (cpe788a207f397a-cmbc4dfb96bb50.sdns.net.rogers.com [174.116.121.43]) by relay.sandelman.ca (Postfix) with ESMTPS id 908851F4A2 for <ace@ietf.org>; Thu, 4 Nov 2021 17:55:57 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 9C52F1A02ED; Thu, 4 Nov 2021 13:55:56 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "ace@ietf.org" <ace@ietf.org>
In-reply-to: <HE1PR0701MB305019E7D9893F29E83A16FB898D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <HE1PR0701MB305019E7D9893F29E83A16FB898D9@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Comments: In-reply-to John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> message dated "Thu, 04 Nov 2021 14:08:16 -0000."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 04 Nov 2021 13:55:56 -0400
Message-ID: <170629.1636048556@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Ibn4vRCmfFmrY-Px-4wpLEMV6CE>
Subject: Re: [Ace] Protocol Action: 'Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)' to Proposed Standard (draft-ietf-ace-dtls-authorize-18.txt)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 17:56:06 -0000
We are really some years away from *DTLS* from being ubiquitously available in libraries. Even for those that have some of it, it doesn't all work that well. And it might not be available in FIPS certified libraries yet. In RFC8995, we wrote (section 5.1) after IESG review: Use of TLS 1.3 (or newer) is encouraged. TLS 1.2 or newer is REQUIRED on the pledge side. Encourage 1.3. Tolerate 1.2. This does cause some policy bifuration because of the different ways in which ciphers are named/negotiated, but that should not be a problem in practice. The CCM-8/MTI for CoAPS is really the bigger problem that we need to resolve. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Ace] Protocol Action: 'Datagram Transport Layer … The IESG
- Re: [Ace] Protocol Action: 'Datagram Transport La… John Mattsson
- Re: [Ace] Protocol Action: 'Datagram Transport La… Carsten Bormann
- Re: [Ace] Protocol Action: 'Datagram Transport La… John Mattsson
- Re: [Ace] Protocol Action: 'Datagram Transport La… Carsten Bormann
- Re: [Ace] Protocol Action: 'Datagram Transport La… Michael Richardson