[Ace] Comments on ace key groupcomm -01
Jim Schaad <ietf@augustcellars.com> Fri, 13 July 2018 18:38 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D416E130F1E; Fri, 13 Jul 2018 11:38:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4aH_DR_WTjOK; Fri, 13 Jul 2018 11:38:39 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F981130E6A; Fri, 13 Jul 2018 11:38:39 -0700 (PDT)
Received: from Jude (107.18.132.214) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 13 Jul 2018 11:35:06 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-palombini-ace-coap-pubsub-profile@ietf.org
CC: 'ace' <ace@ietf.org>
Date: Fri, 13 Jul 2018 14:38:28 -0400
Message-ID: <013e01d41ad8$b2ce7540$186b5fc0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdQaKsDewY+WehuqT9eenvy1Jp1rRw==
Content-Language: en-us
X-Originating-IP: [107.18.132.214]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/IgXv1K7Cc_EKzT_2hPhIkMfwIcA>
Subject: [Ace] Comments on ace key groupcomm -01
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2018 18:38:42 -0000
* Section 2 - client - write rights and/or read rights. Unless you think that write implies read in which case you should state that * Section 2 - KDC - should also say what it does in the later parts - * Section 2 - Dispatcher - If this is a bus, then you are not really communicating with it securely. Anybody can write on it, but people will just ignore what comes out the other end. * Section 3- A brief description of all of the operations would be appreciated. * Section 3.1 - Can I get authorization for multiple items at a single time? * Section 3.1 - Does it make sense to allow for multiple audiences to be on a single KDC? * Section 4.x - cnf - text does not allow for key identifier * Section X.X - Define a new cnf method to hold the OSCORE context parameters - should it be a normal COSE_Key or something new just to makes sure that it is different. * Section 3.X - I am not sure if write or POST is a better answer for what the role being requested is. * Section 4 - Should one talk about the ability to use OBSERVE as part of key distribution? * Section 4.x - I am having a hard time trying to figure out the difference between a group and a topic. The text does not always seem to distinguish these well. * Seciton 4.1 - POP on client key esp if bound to an identity (Note using it to access the KDC is one POP) * Section 4.2 - why not use the exp field from OAUTH in the response * Question - does somebody talk about doing key derivation for a new kid showing up and by the way where is the gid * Seciton 4.2 - if you are using profile, then you should return it * Introduction - introduce the concept of a key management protocol and point to some. Give some basic properties expected from one. * Section 5.2 - What is the message to leave - can I leave one scope but not another? Can I just give up a role? * Seciton 6.1 - assumes scopes are unique across all audiences. Or assumes that I look up the correct token - should have an argument about why this is possible so that people can implement it right * Comment somewhere about getting strike zones setup correctly for a newly seen sender of messages. Ptr to OSCORE? Jim
- [Ace] Comments on ace key groupcomm -01 Jim Schaad
- Re: [Ace] Comments on ace key groupcomm -01 Francesca Palombini