Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Ludwig Seitz <ludwig.seitz@combitech.com> Wed, 09 June 2021 10:46 UTC

Return-Path: <ludwig.seitz@combitech.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 448913A0C5E; Wed, 9 Jun 2021 03:46:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=combitechcloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FaE_wIIwvIeu; Wed, 9 Jun 2021 03:46:02 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2088.outbound.protection.outlook.com [40.107.22.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D45B3A0C5B; Wed, 9 Jun 2021 03:46:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dUqL8SwFoWquGDMvslBVUUSskbBR5dytcg4onkCjZfxETzJNDvxv3denDLSfuvmSylYaAugwINGbY1in0yFXa2jbmCJNglS1i+GmQ7FfSiV0nUJJeq6FOmrcm9QGA6TxgCAzqdv/oablAyJF9HYZMFWy289sX5BxGNsfXw4fvI3bn9wGeiE+gOTDTehcLPTvMmJmtRcpUWuds9DHbinc9JlYLBPzQ3VdcS/tcSZQns88eRV/er1niqhav+oJzQxSW21Q4UonjuNtGTPokOafcEsL+y1NRwEEd6H0Dgq6Mp71jZJUif8xRD0wWeZOTCaxJ3sCdqeaW4gDEo8yS7j+Jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aIYPDqZO1YJ+kpw9pAQSHpoO6zHtUEvENDLDMg7eBnc=; b=fXB1D6eNlQ/7t0XrXB57/tyCLfUwvSll9nINe+qz+m7c3A2xTyqhiltIeWCeqz1itRjjvgIR9+z8eISya9alecAmtaIlCpxzU0ACuF5fQYGAxl6Y8oJjeVVWe995BQ4woUSU6cw+kbshIri9m7McrebT67nxcg4DGWPK2uzIY7Av7VRFQyP9lXdNS68HksRTJBjJK885IECq5dX1OTRuluc2viLskscntGeUp0n+yMsvcyU3LNhiOwvXDNkBoiF+XYd4Y0qkSWJQAgUPojyavh0wZBmjtjm++ErqCcNiNYa/ysGJaCOJ7GA1ejCvx6pvIOjaLL58SPG5SK0H1TMF6A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=combitech.com; dmarc=pass action=none header.from=combitech.com; dkim=pass header.d=combitech.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=combitechcloud.onmicrosoft.com; s=selector1-combitechcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aIYPDqZO1YJ+kpw9pAQSHpoO6zHtUEvENDLDMg7eBnc=; b=dpcu5bOHvRzDURx5lGHQlsUONloXhZxEkURiZty6iMMdK/Un/+U2OIVmHx0iiBUuD7FO42yCw7fNly2EhRAc52esTDzTdOVSWxaxYksVZk/GUtJQh+Xdu9Gh2hrXr3rvfHlD2vpNe4cvMuYq4iYCjxdxa49CkgSbJPsZ6dCiK4k=
Received: from AM0PR0302MB3363.eurprd03.prod.outlook.com (2603:10a6:208:c::21) by AM0PR03MB4676.eurprd03.prod.outlook.com (2603:10a6:208:bf::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.24; Wed, 9 Jun 2021 10:45:59 +0000
Received: from AM0PR0302MB3363.eurprd03.prod.outlook.com ([fe80::50c3:52c1:d1a8:ea87]) by AM0PR0302MB3363.eurprd03.prod.outlook.com ([fe80::50c3:52c1:d1a8:ea87%3]) with mapi id 15.20.4219.021; Wed, 9 Jun 2021 10:45:58 +0000
From: Ludwig Seitz <ludwig.seitz@combitech.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Francesca Palombini <francesca.palombini@ericsson.com>, Seitz Ludwig <ludwig.seitz@combitech.se>, The IESG <iesg@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
Thread-Index: AQHXXP8z1upufOVKmUeiNAajfIF22qsLfRbg
Date: Wed, 9 Jun 2021 10:45:58 +0000
Message-ID: <AM0PR0302MB3363C4C6DBD796E67986BD079E369@AM0PR0302MB3363.eurprd03.prod.outlook.com>
References: <161659738410.3239.3955409176349739508@ietfa.amsl.com> <5634f824f7b14878b5d7d1fdd3b2ed33@combitech.se> <EE1CBB56-8951-473C-A006-875D49BEE350@ericsson.com> <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org>
In-Reply-To: <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_Enabled=true; MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_SetDate=2021-06-09T10:45:56Z; MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_Method=Standard; MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_Name=Company Confidential; MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_SiteId=0d11ac4a-ef5e-423a-803b-e51aacfa43d6; MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_ActionId=f8eb8c3a-0d50-4dbd-b9c0-4e51e842b94e; MSIP_Label_71cffee6-aa30-4f5a-bbc3-434e7067f7b3_ContentBits=0
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=combitech.com;
x-originating-ip: [84.217.44.37]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 95b2d385-b364-41ab-028c-08d92b33c47f
x-ms-traffictypediagnostic: AM0PR03MB4676:
x-microsoft-antispam-prvs: <AM0PR03MB467675969443CD1DC60FD9319E369@AM0PR03MB4676.eurprd03.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aKM5EsWZw5vlWJZvlHtO+kbFB4zZEQ+kAPfwZOqU1idUkjkD6Z1Vc6KcUoMVWtIJS7jJR55Yoj8qMbm/gyPAw2sTqSs3S3Id9wxZ9hQ8+fjuwRO+4GEYQMG0bUuGeOyKOQm6rgwos2ii+5UwXnQHbam8cpWkl3lWwSe7Piqv32RYg01abGpNF73HsAosEkKxSm2A8IYqyNQaab6wve4JAJBx4gBfDnacDhJe5HmaUqkky5euZZB5Z4XEfMxmOL2H6ql6eXZTKPuJJdUZ+GkwG8n2M5VSGxRRqZ59s9oEHOzRmNv4Lp9CW0AwGm5sCUzxGZrGT468soIx46ptJUKGysJGl1JbfVl8ufNfQEpGxT99dft9xa1BiBpp2S1ipZ7mFUlsLcDBnXIroArt4OoNphE5l/4iw5wi/lGREiB9DM1AwIqhN5FgWYGF/o62vm+4OqEXYGqK6xi+66bTe4K54x8zPC0Tl8/PswYEfMvri+LyOhHZlsNDw24vAofExWH//6wtaV9BhZhN8xl2bm8UREawvwC2wv5Go/v2ffYCoffnuM+LNUFpRfm2G792tATg+1ZAXPPqQIXCj2ZOcCNPx3iyD36LgW0bPsjoAqjw+ZM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0302MB3363.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(376002)(136003)(39850400004)(346002)(7696005)(8936002)(478600001)(52536014)(86362001)(5660300002)(44832011)(33656002)(6506007)(71200400001)(6916009)(9686003)(76116006)(66556008)(66446008)(26005)(66946007)(64756008)(4326008)(83380400001)(55016002)(38100700002)(2906002)(54906003)(316002)(186003)(53546011)(122000001)(66476007)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?b2xpNVpQQktCSWczbkZ5bzJrTnhRbHNVdXdab0tkUXI4SExaQ2pTNkNjM0xP?= =?utf-8?B?MHRseEFtR2xkbUpkOEdoQWtrbGtxbXJTaG1FYkpaWGFMZGVyWDR0RDZnUlZ2?= =?utf-8?B?eW9OQk9wT1ZNbE93M1Y1N2VDVHJFbTZKbmp1NDRjUTBVUGU0VnU0R091R1U4?= =?utf-8?B?TllZTDI4Z0NCUmdvYTBrczhBQ1dqeFNTd2NUR0lnMXZ1UlZUY3ZiNnpkeUxu?= =?utf-8?B?YzAxeHZEam9ucU9Oc1NvMXVOclhpUDZFZWpiUUxiMWxlQVZndkgwcU5qUjJy?= =?utf-8?B?YWNZcGlMTG5hNkJvRVM2Z0MzRmpoTkV3N29WN09PRWpVc3N3bE9ta2hzdWtW?= =?utf-8?B?bmgzZSttdVltNjlJb3dOR05hRFlkRDVvc1RoS29aUmVzVGo0UzVBRzZTdmRm?= =?utf-8?B?clZaRk1YS2d1ZDFEZHJIc2szd0Rscis3QkFSdExmbjMwWFphN3RxZjl3dStx?= =?utf-8?B?RGlDWU5GWThOL245bnBneit1TEE1bnFQZzVmRHM1UEZuM2FNYW52UEh0VGZG?= =?utf-8?B?THNJU2JQcWpQTTdXZFFGTFpQQnRFWXd6ZGxZTnYxR3NKNE9OMnczNm1YVXlM?= =?utf-8?B?ODAwKzhXMGFhaGV5Zk5wWDdjTVBaTkxwbm14a2hQaC80cHpsM0M2ZEF5ZHQv?= =?utf-8?B?ZERtY0xQMy9YbmZRMnE4REZnYXB3cmpiNURFaFBmQ1VYeDVHWGRVK0xTNzdv?= =?utf-8?B?NlpwMHZCTmN0N3RkeGV6UHJMMlg1UmJLd25ZSjNFS1Jid0VubDlJamtTbzI4?= =?utf-8?B?RUxQNTZXZytiRE43UDZEZ1ErVVVYbjhTRGtHRFhhVm9GM1pBNC9wM29BOWdL?= =?utf-8?B?Q2VjbWh6K3dDSTVxakdCQkFjelNPV21uOFJ6RTNtYVFqL0ZLcEF1WUVXOEVx?= =?utf-8?B?M1BkT1dFdmJMb3JPM2FFUnZKSTQxVmg2ZWpmRHQxaWY3Tjd3YUkzT0pFNlhn?= =?utf-8?B?Vm4xR0o4RVF6UnIyTVZVVmQ4ZTA4WEFlTHB1cmIraDBtemJUUHcwSFcyc05Q?= =?utf-8?B?WWlGRlQxRWQwWXBqK3RoeWcyREY1WW5lODBLTlhQWExUd1pmaGpNWThjazhF?= =?utf-8?B?VU5LdklObm1XdC9vUTJCVUh2eUFUZDArcDRsOUhjWkVac3ptNVoxWVVmcjNW?= =?utf-8?B?a2dJM1lLdHV0MWZaNUtTUi8vQmpSdkQwaS94eWlKazhzckRGSnBXUmdLYktz?= =?utf-8?B?RFVCU1ZOeXBiS29rWm0yd3RwU3FSMGVlRldOd0p3R1BwVW84Sk1SVHFkUUY2?= =?utf-8?B?bndhYmNnUEpjQ3E3Y25RVGdvb2IrNW16dlRxTmR0Q1JveVJwckZJQzBzcWp5?= =?utf-8?B?bEE2eUtUMDlDRkRLbVlQVUtUT3Z1Y0NEK01yakx1UGJiNnVKRFJTeTdwTC9J?= =?utf-8?B?bS90RC94amw3MitqUmhIVmFyeUtZSXdFZnNQN2xZeitYMzZEdm9SUU9yQ3Rr?= =?utf-8?B?djU3U0tSUUFLK2g3U0NUdFEyWE5LNitkVmxpZ1haL3NFQ3VOWEdBaS9BSzVh?= =?utf-8?B?U1ZqNit2T2pRdk5OaWtJQzJhVU1neE45WVVDVk1MRjc4R1ExQ3R1QWFTc0ky?= =?utf-8?B?MnE4Z1dnVWdTdmYva0hrem5lZncwemxWT2J6alNPeEJ2RkV3V29qU05LcjUw?= =?utf-8?B?RXhvSnRjcGhuck52R1lnNWkzbWYxQ0hDeFdCTmh3U2YvNUxyb3UvZlN6TXZG?= =?utf-8?B?bWJiOVZCc3JOMWZEdXdudnMzVnJvYm5hUHZvYTVpUUp2T2lxMmtzenoybVVH?= =?utf-8?Q?nWrkjdvaQQ+gRG0frA=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: combitech.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0302MB3363.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 95b2d385-b364-41ab-028c-08d92b33c47f
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2021 10:45:58.8670 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0d11ac4a-ef5e-423a-803b-e51aacfa43d6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qbt+KRhMHuIx7Dyg3Xe+Yc9M8vrJKuH9/n6lnG0MamDPMLEy7Z6KNiqQPUv6V01s2mQd8XKy1aYitwDaZ0onrP/kTtrnG15mJ5qt1M4Q9LU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR03MB4676
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Q2gbCF6vU-6lm9vPI3F3jtoQPiA>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2021 10:46:08 -0000

Hello Carsten,

Can you clarify what exactly you consider is broken and why?

I was indeed trying to attach the 'when' to both arms (token encoding and protocol message payload encoding), but I don't have a strong opinion on this. If the WG can decide how this should be I will implement.

/Ludwig

-----Original Message-----
From: Carsten Bormann <cabo@tzi.org> 
Sent: den 9 juni 2021 09:15
To: Ludwig Seitz <ludwig.seitz@combitech.com>
Cc: Francesca Palombini <francesca.palombini@ericsson.com>om>; Seitz Ludwig <ludwig.seitz@combitech.se>se>; The IESG <iesg@ietf.org>rg>; art-ads@ietf.org; ace-chairs@ietf.org; draft-ietf-ace-oauth-authz@ietf.org; ace@ietf.org
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)


> In 2021-06-09, at 08:42, Ludwig Seitz <ludwig.seitz@combitech.com> wrote:
> 
> " ... size.  Self-contained tokens and protocol message payloads are encoded in CBOR when CoAP is used.”

This is not what the old NEW text says.

(The new NEW text attaches the “when” to both arms.)

The whole idea of attaching the representation choice to the protocol choice is broken, but if we pursue it, we at least need to make the logic clear.

(1) If you use CoAP, you use CBOR for protocol message payloads.
(2) Self-contained tokens use CBOR.
(3) No other hard limitations are implied, but of course CBOR is the format of choice to maximize interoperability, so deviations from that need to be justified.

Grüße, Carsten