Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09
Carsten Bormann <cabo@tzi.org> Tue, 30 June 2020 18:36 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2D6C3A0C99; Tue, 30 Jun 2020 11:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dZ-8810HxLHU; Tue, 30 Jun 2020 11:35:59 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F1283A0C95; Tue, 30 Jun 2020 11:35:58 -0700 (PDT)
Received: from [172.16.42.112] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 49xCjT3RxszyT7; Tue, 30 Jun 2020 20:35:57 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <87mu4kl8pw.fsf@wangari>
Date: Tue, 30 Jun 2020 20:35:56 +0200
Cc: Ace Wg <ace@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, draft-ietf-ace-dtls-authorize.all@ietf.org
X-Mao-Original-Outgoing-Id: 615234956.9434561-8edbf34e147e4b4574e462c0e444d6c7
Content-Transfer-Encoding: quoted-printable
Message-Id: <8E863F96-241D-477F-97C1-BCBD6742452D@tzi.org>
References: <20200102234020.GI35479@kduck.mit.edu> <87pnca9gyx.fsf@wangari> <20200429011210.GC27494@kduck.mit.edu> <87mu6bn6zy.fsf@wangari> <20200527234227.GD58497@kduck.mit.edu> <87r1uczgyq.fsf@wangari> <20200629224537.GX58278@kduck.mit.edu> <87mu4konya.fsf@wangari> <DB603021-7A82-4A30-BE07-C2D913E1C32F@tzi.org> <87mu4kl8pw.fsf@wangari>
To: Olaf Bergmann <bergmann@tzi.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/KdnDNTaGe11SOnqGchwhy56lQuc>
Subject: Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 18:36:02 -0000
>>
>> I would generally prefer to avoid the need for deterministic/canonical
>> encoding — is there really a need to re-encode the token?
>
> There is no need to re-encode the token, and I do not expect that this
> would happen if the authorization server has used a finite length.
So would we be better off with:
info = [
type : tstr,
L : uint,
access_token: bytes
]
Where access_token is the token in original encoding? No need to re-encode the token then.
> I am more than happy to get rid of the ordering constraints on CBOR maps
> but I am not sure about referencing the -bis. Can we do that at this
> stage?
Both documents are in IESG processing, specifically:
dtls-authorize: AD Evaluation::External Party
7049bis: Publication Requested
Potential emergency escape: reference Section 10 of rfc8152bis-struct (which is even further along at IESG Evaluation::Revised I-D Needed).
> Note: Up to now, we could even do without a normative reference to RFC 7049.
Yes, but that’s cheating (indirect normative reference through 8610).
Grüße, Carsten
- [Ace] AD review of draft-ietf-ace-dtls-authorize-… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Carsten Bormann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Carsten Bormann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Benjamin Kaduk
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Jim Schaad
- Re: [Ace] AD review of draft-ietf-ace-dtls-author… Olaf Bergmann