Re: [Ace] Call for adoption of draft-palombini-ace-key-groupcomm

Benjamin Kaduk <kaduk@mit.edu> Mon, 21 January 2019 18:35 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D96FB130DC8 for <ace@ietfa.amsl.com>; Mon, 21 Jan 2019 10:35:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id deao4XRNfu03 for <ace@ietfa.amsl.com>; Mon, 21 Jan 2019 10:35:06 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780120.outbound.protection.outlook.com [40.107.78.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5F312894E for <ace@ietf.org>; Mon, 21 Jan 2019 10:35:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RBFXs8hOK1gpa6UmEdT9pN8+WDlx4dP8JWZgQUYxAhY=; b=fLsv0Rk2oTHFF0hUBTR0OemP+5aRfMH3N0EieYokR6wMxqUGl4zrZpYtAQKgIa6GQzQfjeASKEL1SuRoLNSfWFdBmFMu4gXd0wy4Xtv9XrTF9VEMf8ox/E78LjCf8J1R36rtr2vitIUM4zGTTrSoDezKqMTeITvr+QHnPQFshs8=
Received: from CY4PR01CA0016.prod.exchangelabs.com (2603:10b6:903:1f::26) by BYAPR01MB4981.prod.exchangelabs.com (2603:10b6:a03:79::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.27; Mon, 21 Jan 2019 18:35:04 +0000
Received: from BY2NAM03FT020.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::201) by CY4PR01CA0016.outlook.office365.com (2603:10b6:903:1f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.26 via Frontend Transport; Mon, 21 Jan 2019 18:35:04 +0000
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by BY2NAM03FT020.mail.protection.outlook.com (10.152.84.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.11 via Frontend Transport; Mon, 21 Jan 2019 18:35:02 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0LIYwfq030569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 21 Jan 2019 13:35:00 -0500
Date: Mon, 21 Jan 2019 12:34:58 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Jim Schaad <ietf@augustcellars.com>
CC: "'Panos Kampanakis (pkampana)'" <pkampana@cisco.com>, <ace@ietf.org>
Message-ID: <20190121183458.GH81907@kduck.mit.edu>
References: <359EC4B99E040048A7131E0F4E113AFC0184C52E29@marathon> <b1ce63f455f06bcfbc8cea04fbd655a1@bbhmail.nl> <ec88e41e364b4cafb416b276875bb92d@XCH-ALN-010.cisco.com> <000501d48db9$1c268660$54739320$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <000501d48db9$1c268660$54739320$@augustcellars.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(39860400002)(396003)(346002)(136003)(2980300002)(199004)(189003)(336012)(7696005)(6346003)(26005)(478600001)(26826003)(186003)(76176011)(23726003)(126002)(97756001)(33656002)(229853002)(86362001)(956004)(75432002)(476003)(104016004)(106466001)(2906002)(6916009)(88552002)(426003)(446003)(4326008)(47776003)(11346002)(53416004)(58126008)(93886005)(486006)(4744005)(1076003)(6246003)(246002)(8936002)(46406003)(316002)(50466002)(786003)(54906003)(16586007)(55016002)(305945005)(106002)(8676002)(356004)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR01MB4981; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; BY2NAM03FT020; 1:kVsE5wlfk8A1x+mX1A+sOGKqybiRqIejTgKLZreUflrK0iAhkOgxuLx8PH2cdu7kYU4rqiV+ZxNhbbGJKgw59UoocBR/h6plc8bxsWsgHOzGjyJvj6KS9qAjnwgV4Ew7LCriRUB4UklPkr64MKxm0Ejz4rFT6H7Rx0TqcD+vISk=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4b0d1cbc-0feb-44b9-7403-08d67fcf28dd
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:BYAPR01MB4981;
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4981; 3:ntqYdVbMy9WL8vAY6F3oZGGKg7YleLEVNBb3D4yvw0a+KMRySbCJRFlGFfiNxihHE06PXUtXQz7QhoLTcySBkQMNZ3i7b5l6lj4ClhYaADDq9yCmzT1GwzxTlNVbEF5Od8NRsGzJK1IZK5H+lOBCpeW2QJ2kTleclAuNsHWIkt0OaJZnQRHJtPREmSyoa5ORtbuCSnczOxUl80WZw8o0lw7mO/PLMZnSxqhihEZGOPLMxLKRPQLDYPagfCy0aHj2BrbmdbR9J+lasWerM3O16hIti7ZryuiNBVHK2fhOqYpufWSrr8h03h563AGMkTH3trTyf7NDcFcwSiNjCOOyN9q24hBoYdLdSKgIBKOKyD1F+eMoe+FCqi7x8/Q4oKSC; 25:dcFnS6ydY6rS8YhSB2fIQTrWrQqFo+1QszmiOeWGTGPsvoVWxMWcVwj1Qux68+auOx1XrfxhIUryKO7MGiOmWDEaY6ZT07TFQ3mj4yN/WoFHzIS6u8RasU899WPHkzv1hbZV+h/j8WRG7vm+EghcwQVz5qX23SS76I7QS0dsjUeFo6D+wzfMZqBdmhO93w28/Z+CLoYRwgpaxD0uzNzq16IHIBGufPQy9j1r6syf+izEi6prWBCKj6qzm+gAV0HRx4l14w6UZDOL7lFN0JAnNrW+G1FDgXev5wEnE4HfSiyjQMruZQLymRzFMlCgiEtqvAolJykc40gTU5r8Wpq6Bw==
X-MS-TrafficTypeDiagnostic: BYAPR01MB4981:
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4981; 31:KmaPElOF7MrGxfD4dDLHTK6W0xB4g31u3ZwLcrXhTKBgkKQxfna4H52PlNEcquGjrHBkvtrrBcx4UJMt8bdoMS7TOIkDXLGYC3h8OY7URL5pzSraZM30FOHOruMcurs8RauE+MYlcq+feZfUtrswXvnQ+4aIQO+6gCUV5ufGnMv0PhxDd+PG4bgYkQyzNXzmypNC7MUKFfddwP1lxRq6oVXpbsw2Z5sY4StcjQK4pX4=; 20:w0K9cNYaszY9Uhcnb3XrJldlp+iiQUpByYExo2ng723YAK4DKBp1OpYbj5imd7nVfQfb/s4Lw0iR6rAxCRs2xXUw8/ATQDN30nnP72BdO7RXQ3pxazyRyJ4TSPVpbCav3EQOZqzDH/2MUZ3TomaRbC79L1pHNTtLcveA9FEKx51h+ZcrHUkQFds+TxPBUwLh7/oL1ix3PIyt3Ce72BZ+oSCvWCTML4F4rpHr+FtAOCL9scl4v7rPfTsUwdUMUfaMDiWlpdL8Q9JjoI7PdmYwB/pyhyfD2YRoRRQAYKmMXU3VOE3aJ3rF4TMGc6ZCZnAONJsmSeOJzHpeWGBhP+vvo9CtbXUvdinFpVIE4RaxGGnjAtttw0CK/RGzx8RL8lCCYK3FQTomUn+TDEJfM9G5WZPQ8jYdngfa13ZI9DQOba6y8Slg0SZ9jEYDvy/j+ToFmi55eChWCDzq7AK/OjxKDeUzBGm8DC6BQ89KWBxAfUanD3qQNdKPxWNSb70aUVYR50nPdCyY0oxp4u3yfFq7BFRVWOyW/jvp+ZEdMlxtDtjq1A29/KZ5rUU93OyTMqF6cJv+G7zycGfxd7hJkViIIXV1zAcL4lXxjc/hMmEquRY=
X-Microsoft-Antispam-PRVS: <BYAPR01MB4981ED2A0580D3A8191BC1D0A09F0@BYAPR01MB4981.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4981; 4:dTycMziOPbgpfs6XwZx1LH2L58SUqAJftNdMGTZlpcMBgZ9P2f8FlvM8x9s1z5SQ7GD8AuajV8JQ5rdro7ax1QnAZrwq9bVPIehxLPP+GucYTADQX8jydfgwvijQxsFb+cIdTb7MhxRp4U6cLf+2RVzLiN7TS38d7EXaboK6tRNC0nkLJrH5gHxq0IzdwKP42Mcx7p1RXImgQfEMVDf7Qn/iRUlcKDFeKFKcJ3tl+KeylbHR3t2a3eIpsbNQu76j5HdCl7PSMTVwQLA5Q6kcWRWBL1i2nsZwbr6kR6N6WTBtq4wGSumhMHDnNaqP5XN6
X-Forefront-PRVS: 0924C6A0D5
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BYAPR01MB4981; 23:u5uR/nh5Rp7RyNeQ+CYWWDiPbMsZoxZh+mUH4cemP?= =?us-ascii?Q?IJcg3XyGm7NbLIoR9NJl2HJ1N2U9t/Dm8hDjm4mpjCMBN5cyk1WyWMrdG2Hi?= =?us-ascii?Q?jIeQfcdzj9tHJjAYHtib2mhoOQ6SKckUWzoVTZbSuaO2MISzBkNoLjEhUoDD?= =?us-ascii?Q?5OvZXQ9d6fle8y3bX81krpq0PoYVz7hFd2bEhcgsgZGYFluntFhp0fcHamdN?= =?us-ascii?Q?rrmnhlkzcl0eMh2HLqwzMWnZhtUdCFJuYktYnqCH52MivwJ2C41Syx7ih3xf?= =?us-ascii?Q?5CscB9bmmzBc9tHHm+nYJL8ymtoWA4jXQFePYhhbNBHqDI/YQr+FxyKXv3Tf?= =?us-ascii?Q?5Mdt0Yh5PvR4w9Ft/coqSXSPVyQlq726XlYILpN/D1FG5qvUILjMaUYoK+7E?= =?us-ascii?Q?vHm4BCAJddwfnSBdLXGZcdDITSS150131auDAibcwkZtrAGIiu2vpBOlhW5a?= =?us-ascii?Q?I7zNird8vsaHaHAc4Ia6CuJ5ZWQ/hhpl9xfeHlby5d++Qat21HoQbm1zIPCS?= =?us-ascii?Q?tbeN9+y23PgF/YFFVhPz3+aQ9Z43wj4IeTHRS+dySKWzchH3WBxRhjHnWHTQ?= =?us-ascii?Q?OMPbH97oLOY8RSgnVbpbndzpC95+W7YI3iogrulH0xjE/ufqvbmuMrPds/EC?= =?us-ascii?Q?OWk5i16bU5ftiW1b7JVPV+LNZPIKi0TFG7IXoUN2asFxazUqTPZNgggipC5L?= =?us-ascii?Q?JtacGCRwyW7/nkpUuf6dahpbddOALWN2L29JR5iF2bXB6pdOK+Z6P/fYBuJg?= =?us-ascii?Q?RUvgG0F0mj1yaHSyOT1+NGXDpiGJqQh0iMa0gq6kYx1ueVrkVph4Ref/lxGo?= =?us-ascii?Q?vIFf+d7RcHAicNkDmyLHgVo+4kq62nzV5vCNFeszVGdojQHQG+wXH0Qr8nXG?= =?us-ascii?Q?9+lX9ntGfTczj5YrvGNynPI1eKDU4PlLWQMvroNN/lfyDUihapFpXijPvU43?= =?us-ascii?Q?s82Lzjbs3jD4OmI3wp49Z4rByZw/5N9O6YviKP5oBai00rjdTFpM1dMMDrC6?= =?us-ascii?Q?1VsEjyIspzryREwpRIugiTUWmeZAyIb+8MRrJQ3VCypsboyFy92q5v2T9ka/?= =?us-ascii?Q?0C+HKNnXYKcWfhVbAidQUhOlpKLKRg2mSZMLm3kNGwDeHQopw0iogVCAN2iP?= =?us-ascii?Q?BQowQBVUDqtYOgwErOq5qykKCrcK+Xh/SXR/P8hoPUrkrXrYMt1tg5Bxqgg9?= =?us-ascii?Q?ftmaAS1E3C5q3k8iT1tnOcNxoXCQeEoKJ7uEax0BK1m+PumPB0btl6WBQ=3D?= =?us-ascii?Q?=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: rYUhB84p4SPIj7XHLgVxyDiUVzWY87o3obT1b4LQlCElvR4QJc5hebed4qLPfWuO2luB2QnpAM6ZwbPByisyhtyNc700ZYt9Msc+uDgnzvk76XPIzDBvmyneQ1cTkFoym/4qp2BriXmzDkvxCOaG+v09ofy//1vwdhWSqukBZI2cmMUCW0eOoCBwyQlq/L25j4RdexpcMo8VGeTvfCwhg1h1qkOn2YOL+wnA81f/+rFKZnrLx/qvx9CRcw8V6+n5gZjPihJnb76YJPLz998zIRYqbhI9wm9w7JUp+A4wGTqbBXPBljWBRQvbZPpg+5INiwYse3ICGEK8/39RL4JqJF6rGVBMTbhRonO45rXF77ZfiqO262VyuOXzuNqEBsxZ8FqNGCFFOUH93iOAbT7v8zN3uNRTlwNRUhrTdapUe0c=
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4981; 6:PiDj/PGcIEisVKgpWjAJBT3a5/oi5yNfcrIov/Fjocne1bwkBTYdWBJJtTYmva8Wn0PsaBi9uvOQiTFVDFjCjXw3lmn+nsPfVnln7lpb6OTc9wItylQVTQyMcD1JH6QTRRu48qcqlkiXWI/B1pKuioomPak9lptfhMvTozEjAlTwI3UKJOElkk4Vwq9W+/2Kfk92v2dyxUMJHKUjBymB6TB1e1CWO0vBkfbKGHQo9dPk/H/zzCxEKaMDEIcpQsrHP5vMCp9I/FLAXkrhxLOYrGUaEo+nZkWwPjNsqO2Gfub80KISadhqevTURY0B6HIfzMHuv7K+l/jn+CvsT7uWH2IdsKQ02iQU5KNqTmRdAAFXUiJnkwC5prNVGHSB3V9SnJicL+gj4ue9mMC6vHjgeHU/xR4TtBEV675lfZzdkYeczkdmaWSuzPYcELhQq3L2tdJtmwQAUUoR1nVTuYzKNg==; 5:HsEBO/hbgl+m95Xkq68Q0h3ZCpe5KxfHJlse5ps7UkIIU+F1hxEQM6LPoNkDslqcJ8dRxlkIUjhlw8SW6CIN7qON9pU9NNNxBw4CjFBR2CuTV3SN8CXDAfO6KTg6/Xx5Gt5X+kWxZeh9AVtjBuq9b0Am3XO4EQIgada9XDa8wEUVvZZROUH5ZSh32mreNBRNhaRtiS9HN8PxtQHE89QKfA==; 7:qqU8CA2avjADCKC/HhV5x+0JIzJVSIQg+TN+vXVDF5AKRZz8taHhOpdJLGNoA/UlMrX3JWIutBF2bhqMrMMQzasfkCakx35f8RWWWtC5cCkZKx+pcSh+cxa+ZFAnR/J4wze5jXqhVWcY1AipSxt9gQ==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2019 18:35:02.4281 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b0d1cbc-0feb-44b9-7403-08d67fcf28dd
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR01MB4981
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/SJWvkCEgn3pCcpV9OIcc9uMqZG4>
Subject: Re: [Ace] Call for adoption of draft-palombini-ace-key-groupcomm
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 18:35:09 -0000

On Thu, Dec 06, 2018 at 03:12:04PM -0800, Jim Schaad wrote:
> I have not looked in detail at the mls protocol documents, but from what I remember they have more or less skipped the entire AAA question of having a central authorizer and made it so that any entity which is currently active has the ability to add or remove anybody else.
> 
>  
> 
> That is not currently an authorization model that I think is currently in scope for ACE.  If I am wrong about my assumptions it would be interesting to know.

My understanding agrees that the MLS design is not a good fit for the
constraints here.

-Ben