Re: [Ace] FW: New Version Notification for draft-schaad-cnf-cwt-id-00.txt

Carsten Bormann <cabo@tzi.org> Mon, 22 October 2018 19:09 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C24E5130E4B for <ace@ietfa.amsl.com>; Mon, 22 Oct 2018 12:09:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJG1cNgPwPat for <ace@ietfa.amsl.com>; Mon, 22 Oct 2018 12:09:34 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FC7B130E5E for <ace@ietf.org>; Mon, 22 Oct 2018 12:09:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost2.informatik.uni-bremen.de [134.102.200.7]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id w9MJ9GU7016276; Mon, 22 Oct 2018 21:09:21 +0200 (CEST)
Received: from [192.168.217.114] (p54A6CA9F.dip0.t-ipconnect.de [84.166.202.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 42f5fg5fX7z1Bqf; Mon, 22 Oct 2018 21:09:15 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <028201d46a37$e7a7daf0$b6f790d0$@augustcellars.com>
Date: Mon, 22 Oct 2018 21:09:14 +0200
Cc: ace@ietf.org
X-Mao-Original-Outgoing-Id: 561928153.187759-8a958757b32b3b37a940224b95797060
Content-Transfer-Encoding: quoted-printable
Message-Id: <C3155723-1CB2-4E37-855A-2D0E041F9859@tzi.org>
References: <154023232135.6914.15880413602580970925.idtracker@ietfa.amsl.com> <028201d46a37$e7a7daf0$b6f790d0$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Msb2FYRVBJliaLvZ8RG8buqyQsM>
Subject: Re: [Ace] FW: New Version Notification for draft-schaad-cnf-cwt-id-00.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2018 19:09:38 -0000

On Oct 22, 2018, at 20:49, Jim Schaad <ietf@augustcellars.com> wrote:
> 
> I did not like the idea of using key identifiers when linking together CWTs for authorization purposes.  

Right, they are not very useful as they don’t say anything about the authorization information that is attached to that key in a specific CWT.

> As part of that discussion I came up with the idea of using the CWT identifier instead since that is going to be specific to an AS.  

Sounds better.  I would feel even better if I knew what exactly that scope “an AS” is (it is not represented in the CWT, so there is some misuse potential).

> This draft is a brief description of the idea and I would like to know how interested people would be in getting it finished.

Will read it after the frenzy…

Grüße, Carsten