Re: [Ace] Security of the Communication Between C and RS
Ludwig Seitz <ludwig.seitz@ri.se> Wed, 19 December 2018 13:23 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B276130E4D for <ace@ietfa.amsl.com>; Wed, 19 Dec 2018 05:23:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFoCTtlYI0dl for <ace@ietfa.amsl.com>; Wed, 19 Dec 2018 05:23:55 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0625.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe02::625]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC206130E3A for <ace@ietf.org>; Wed, 19 Dec 2018 05:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-ri-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RSkuAedyzNqVMioMt6UKk3LH3WE9Mn9MgUy3HPopJZw=; b=CGTRu1AzJND3jqu8jVR28xKdgbi1EbsPQKY2o4QcZXk+TgyrJ9lRwvY8H/O7ZO1G4/5Fl2hgvzzKGEooUo4asnQP9TZoBl7VNjxHzofmH4K4CJyJaCntP0jPJKxEnmmkNClmb/1Mrjn8IV6iUXcsVSGLeyWe9cE65gHjp8hMS0s=
Received: from VI1P18901CA0005.EURP189.PROD.OUTLOOK.COM (2603:10a6:801::15) by VI1P18901MB0109.EURP189.PROD.OUTLOOK.COM (2603:10a6:801:f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.22; Wed, 19 Dec 2018 13:23:52 +0000
Received: from VE1EUR02FT054.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e06::200) by VI1P18901CA0005.outlook.office365.com (2603:10a6:801::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.19 via Frontend Transport; Wed, 19 Dec 2018 13:23:52 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by VE1EUR02FT054.mail.protection.outlook.com (10.152.13.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.1446.11 via Frontend Transport; Wed, 19 Dec 2018 13:23:52 +0000
Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Wed, 19 Dec 2018 14:23:51 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Stefanie Gerdes <gerdes@tzi.de>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
References: <154322421294.8323.8505315870685563404.idtracker@ietfa.amsl.com> <945fbebe-659f-ac72-3ab6-8e05447e7c92@ri.se> <1c5b81f3-50ce-be68-bec3-68ce2ff15b43@tzi.de> <4ae4eccd-68bf-18ef-f909-142f8172eca1@ri.se> <81ba3ab4-a9ce-a6fd-fbe6-c36a6fbbd9a5@tzi.de> <VI1PR0801MB2112E04F9FD7412350995417FAA20@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b994af16-9bb8-4386-e7d2-321e453417fc@ri.se> <VI1PR0801MB21124D7C11F3A1F49DCA9A2CFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <VI1PR0801MB21126DDCCA251EEB8DB21DAAFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <dff54c41-9598-8f77-83ec-f4494703d923@tzi.de> <VI1PR0801MB21125D384A3DE6BD90AEDB74FABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b79ea204-0d7d-3968-6ea5-cd33d5502380@tzi.de> <VI1PR0801MB2112F215E8DF2E8AC34F217FFABE0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <e42032d6-ad15-26d2-cdbb-aaa34900d1ad@tzi.de> <9f35177f-30d4-817e-dfc3-9a54903ab023@ri.se> <VI1PR0801MB2112BA2A400D660DC32B7293FABE0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <f441528a-aba4-8556-0493-2e12a38e4133@ri.se>
Date: Wed, 19 Dec 2018 14:23:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <VI1PR0801MB2112BA2A400D660DC32B7293FABE0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-1.sp.se (10.100.0.161) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(136003)(346002)(39860400002)(396003)(376002)(2980300002)(199004)(189003)(97736004)(93886005)(31686004)(50466002)(22746007)(104016004)(68736007)(14444005)(81166006)(15650500001)(486006)(36756003)(8676002)(44832011)(81156014)(22756006)(2501003)(305945005)(2906002)(5660300001)(64126003)(229853002)(476003)(126002)(69596002)(2616005)(7736002)(65826007)(8936002)(47776003)(23676004)(2486003)(230700001)(33896004)(86362001)(76176011)(65956001)(65806001)(336012)(74482002)(26005)(386003)(53546011)(3846002)(356004)(77096007)(67846002)(117156002)(16526019)(6116002)(186003)(508600001)(106466001)(16576012)(106002)(110136005)(58126008)(53936002)(6246003)(31696002)(316002)(446003)(11346002)(40036005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1P18901MB0109; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; VE1EUR02FT054; 1:+9m16vF+X3ILPd7qInzs5TmDFifpSUT1lYJ21jiH+x6UOJXhifc1gbG4Xw05+n3cFjx+WyAPASt4hFHwXYYP2jblSM8Cs5MAhRcbeTwYxBT6kUUHr8jcO/gxOlZKw6Su
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f751fdc5-3ff1-4de7-eda8-08d665b5383d
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4608076)(2017052603328)(7153060)(7193020); SRVR:VI1P18901MB0109;
X-Microsoft-Exchange-Diagnostics: 1; VI1P18901MB0109; 3:pVrGtbXx4o32sOrHA1MW0Xp3xLixX1aQwIyBUxPyCiU2OCGDyAMAWmOsgzf8NzHQFFBDWWJy+tGVMqbA5VyoVoly1lzwp8tnmAS67cYjEv23ODLG78gpZVTATJI5r4zbKTsEZl3SqvYWIJlmPqpIGgS4GZWHScBjDqxyopV5jCaT4EOycU3tuZnxazDuOfRj+v1I8bshgtFGLn3Uzl4Thmk3BOKKOWfkpCTysdtSTUDTd5OlItq0SHULz/8fF1VxxBxRlnqWcjhNW7aSjwalcz/sODM3WMZUucU83ygCK3ebAaMKdL8XB9hsym/jUmYBhb3aOy7Ij80Pqnrp/imbGHxCk8OicVpcIa7MB1Fl37o=; 25:TBXljbwp8stwfGHX+Ch86U9L162Wol+VcOMmSPMiFTdn5cd+VsWciz9v+TQRn7O+fCueUfgqRWPyngP3amMgcILm7XaofiFVSqC555wqAwk5RPvMpoaYaliZ9gR8n2m5shszMZdoInZopmLPcpX2R78lpxRwAnY3CFMyfCAgQEOcGtpHDxRX5b1powcb3yuj3lPI9R6aWx/HRkcJ6axSjXXBeF6kqX3aIF/0uHj66rna8xPH4aMc/WKCtgv9uffpEQENoKPTMm6FgmmctXP7QzMfEV1ha3ebvlz/nsFC9eHm065UEiOyhRkEyjOFyIDChjaE5QwJFH9Xdz8YunRlRA==
X-MS-TrafficTypeDiagnostic: VI1P18901MB0109:
X-Microsoft-Exchange-Diagnostics: 1; VI1P18901MB0109; 31:kVIsBQay8XWJMR0FJTT/vy8rIzQrIJwz203UlKs5lDjM92k4UIEoxoSf2w43sy0ufI1qjexnV8wwQwCDAlt8lvBADoLOszdg5kej9IzIAf92QL47M3ISA9rBm9A4Nu8S5QMaPA/3VGaKq2xEKuylb9go0L6AkdKArcLHVOLiNjjydbJPjRTBXL0e6TvrBgwIGNvb98GhzuDPPkWx4kOhRVb9XdbGm/rjlxRtzHJ3oaw=; 20:VwLHdFLNlaFLZZ8iz+TYjAkj4UWrPDDF4qke+yztr1gSU5QZJwUzb5NjDsVZETzGBKWEGeO9iNNCp+Z0oaQB2Xg5Xqbx16prEP0EirfdAuzHlWeoHz27UYGuK7UwQgU4RnokWbNgxl9FyL1eOFB/WcNtksuP0qF7fj01GbD55FB1dhHb6Pe58ZX8dtLkXkyajW1/RA6RnV6LWACoxzn6rrqwritQSJFmof3WQ5UE4KpfDKInAb0QUhl/ES3HclMG; 4:ptLbLbqj0LuTRj6xp+nvawVZuwZ+1D5B0IEuTBL/y5mPCsMxRiUeG/MbEKxDGyjoZPx07j6O2l7S9dqaal9KSMeNlOX9KGcy0jM0FjA+p272qnckwgZw0NnE9oFGQkCupce6E6xL8QhoMEyWk9pl0Eifun3ND5CsvnN796d54BBAy2JRrwDRc1xstJJuHaC29Uvw27xipD/EFMLNSZIHTeHmuxTBy7JfmpHKd+iaTzFQoGmx7CtrvVrmbHe80poO0qfwSMU0d6vbEp4SdYCacw==
X-Microsoft-Antispam-PRVS: <VI1P18901MB0109050FD28F3855844AB6B382BE0@VI1P18901MB0109.EURP189.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(3230021)(999002)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93004095)(3231475)(944501520)(52105112)(148016)(149066)(150057)(6041310)(20161123558120)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:VI1P18901MB0109; BCL:0; PCL:0; RULEID:; SRVR:VI1P18901MB0109;
X-Forefront-PRVS: 0891BC3F3D
X-Microsoft-Exchange-Diagnostics: 1;VI1P18901MB0109;23:stIstrqqqVcfpRMHGy5hjN/QoKdEmhqCEWvge0dwswAZC/Vxa/4xBZvA64cODxf1YhB/7PnQRXE73nwdDOJJp5Kk9xEa/O4k/VcQKyIl76Nnh1aYUllHVDj9naFVyoudj8myrbHwHZWa3B1GU/+DspD+ib5G+3uf9DhXUA6e/Y9EG7g7jgt6MbNfT9WOd91VB6GgpRZvGRCneh21qMENkh0eyTJSVCIFySqDxtf2JekLQj4tyt1eda7rnxuQ6bgflTi31UgmlSniIqtde/pZb1SqZLi04wDBlr1UF093VGvuy/3dkKQkQ/zJaah23f5258ttShBjdiQ1mflF7AREuQQbo3YYYgSi01ZWfe8TR4hxl2UHhLrh5Go22uGuM6IajMZtMrIj4w4KkMTvaDFgA0WD1+FqK2Q3IezDtgXFvL7pb4F9HZce4fVcONqIrMQJ5Vf3W5lMxeNhEypgbLOsXiZKguEnaOpJ9LkOb0NVv0d9nfB3SDBVD4XQ75vKgOtukWZKasNLYtuddyvISnR9ZkOOJxsIGz5zw/00oBY3j7RTNBRCYi704w9pWPer1Qh4ud7kKOrQd4hFAazquuA7AhuCrJnyAOAU6O+11oLWnQMe6YW0vsJz6QLrj23lDz2KvMCF+E6aDtxWK98ouwh5M92OPSerTiUEtt0wHQiJkxwVTjtD03Kk8F/+LWrj4SjmTm5QY1xr8Y4oosawVAUbyiVZA1/P/aMy9D8JDOmkOShkgWAz/ZhZY8xcAtFbmGgW/kThlN33ETUlg1m9LU0/KbWCBVzwSYqy21PFwBBbM92hChPRLRTPLIofIH5jCgaabeOJZO8QARk2NgOLOc5igPE8C+qULno55CEirjfgxMWQ97aaCZFMvsmx9In/pATFuqvc0G+k5XMwDSQwpDirX2BuwlpnGCojSsvaNlfls5tEJP3UWBeBXA50GRoyyKfOv05wYXhtfHVfSngIL2tASK1PANHA6VpKs8mgv6VikpRn7CVBFk18D+lyJ+CWI+jaqOUwcb0mZKz6y8PIXZ8OmFMODWEYQEk/2nbEhokoxNJ9CR732seTY9wLHNCB26KXqKp6ZGK0A0wrfnAOrE8PyYKqkGyZ29yK5sIbz92HEmIqUqjDV60AB43Cbs8h7WKAqIdoHSYIjQ2tg8BRgJK/Y0VD8lr4DYPKi54U7HfkSsZYWY8QByiiCnSExVQ/LSx+r+3SqrneY24GhgoefGKc+jf5tTpKdJWGc4jeAq2UE9+zIHHZDaWsqn9VedRyiaBmM4AFBO4jQP0WgWv3H8uqObdnQhF8YY/YSN7q4PJEt6a12t4D28RqEV53glMtTwz6XJtpsD6HheZgsr/vVE2fWVFApAmriss/sWIqlKlpeuLKSHVu+L/kfCPsY22nk+OBXGx1ZfEQdyiWz1b6LS4pQ6sObCj22vxt6x4iv3gA/XkGH7dUPnpuWbQnSzq8igvpzTEbZn9ZZNUCC6NxcJquIPvpwBChV71Te+eSnVF9lhQKL6qZt5T2EqxUOaiUmVkapbLC79i2tzIMxp74/qq3I7xertw9dt5mTARBB+8HkWg=
X-Microsoft-Antispam-Message-Info: bMdMP+q3yIiaorK5D7kDf64b/wR62EiFwp6B9EKesNZOKxp3YYYE4J7XmJUj5+s4+JEnrSDYEDZokyI3/gd3GtzOekSAg/EInVS3K3UK8Xtp5tZVIiWVVJlQ08zmBKfQ/0NWCgMKl3rl1IG+1MI4wr2nA6CU39g45H4by1CrR7JpedXY/v4cOX3b5P+pdBidEcOOQk36qwmfIyWeNh+Z4RHWVZGZnH6HIJz9Nb0SkPcKa8zWC4RWgGyWREKwNmLFxMmSLDRQRfPYHyPGq2wAEKhPFe1P67zitPQZ2BjaBNPQtDFKAyoRX8hVmxY+Zq9U
X-Microsoft-Exchange-Diagnostics: 1; VI1P18901MB0109; 6:zlkVKLMZ5fBlm4vtGZah2k9jGmwcm56xzlBtdWwc9RSvvKv94PlHLSVAn5hk8c6sFW1O01uNv8ccEXEldkV7iiAk+H/xewwFMs6OG8OoeWpawVR+L5obD42M6tzcKhfBxrbvUh2KESiH9ra8ijohgGYCIHPvMhuMNq6rRsVZwYfVbuH0Q32psWrLy5PaOtrXgQe+tTW5q9Nnt5qF3YNmc20IvSEJX+5vRridS0O+D+QIpEVo0YJjiwv91fJjf7022gW40hDbZFFZFgWfhveOXVLfV6XInoDAzjf+rVk/9aMBUgsbB/9+ON2YOS9/MUXwF+xOt1K2MVmFTEZ0REn7EsD5CBGaXRJdRa7M3bBuZKdgjUKTVOpx+VxW9VNiSC6xb7RnQWOEFj1GSmE1dU028l/rMW0au6MsQvhBmn0zKwEVOGg1mvbb7okIgYj7aZicIBW5iANhqvaPvlcoFb14wA==; 5:agLY50YNbQo7rirXVypJag9o8evCLU9I0JB6UD+DhnYInuWBX7dMrnd01erXfVmoVutfV6MUp7zv1+w7USbPCLBOsGVcvth6yixQbwT6WtIEaXvMR4xfNGjb56PHzJ5V+Z7E2zWj7qjCkMq3y6ZQKP54g5SXn5mgqPremAKq/kI=; 7:7ThnNg7KBD7xEvfutr4tSXuS0p4VkICEonBWe0MPNKugvj/UkLfG2eIsqw6tjlBZJ2LS+EA/6GBGFhxXYG5IO7xQXMy2uAr0kSc92yeYTUT7t2hbtG8aeV4Jj0g+9qexUxnTDDdKM6oMSY/JiaCC2A==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2018 13:23:52.5166 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f751fdc5-3ff1-4de7-eda8-08d665b5383d
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P18901MB0109
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/V49xwpH3XN5vL35YD5XrBBFSb08>
Subject: Re: [Ace] Security of the Communication Between C and RS
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 13:24:08 -0000
On 19/12/2018 14:04, Hannes Tschofenig wrote: > Thanks, Ludwig. The list of steps below help me to understand the concern. > > ---- > > > 1.) C obtains token and pop-key from AS > 2.) C transmits token to RS and sets up secure communication (e.g. > DTLS-PSK) using the pop-key > 3.) C sends secure requests to the RS > 4.) token expires, an attacker manages to get hold of the pop-key > 5.) C continues to send requests containing sensitive information to the RS , attacker can now read the messages and spoof positive responses from the RS. C never notices that the token is invalid and that it is actually talking to the attacker. > > ---- > > In step (4) you tie the expiry of the token to the attacker getting > hold of the key. What happens if the attacker gets hold of the pop > key before the token expires? If it is detected the AS would revoke the token. Then the client _could_ use client introspection to get that information. Note that this is what the CMU people are looking at. > Additionally, if you use DTLS/TLS just > having the PoP key still requires the attacker to run a new DTLS/TLS > handshake with the RS. If the pop-key was used as a basis for doing a DTLS-PSK handshake, the attacker should be able to hijack the connection and impersonate either party. > It would also be useful to know where the > attacker got the PoP key from and how you can even detect the > compromise. That is a different story entirely. You could imagine the case of an RS improperly deleting an expired token and the associated pop-key, and then being subject to a physical attack that recovers that information. > > Additionally, there is the question why the RS wouldn't stop > communicating if the token expired since it has that information. The RS would indeed stop, but since the token is opaque to the client, it has no way of knowing that the token has expired, and our clever attacker is using the pop-key to impersonate the RS and maintain the illusion that the connection is still alive an running. > Normally, the idea is that the RS has a protected resource and the > client wants to access it. That's why the RS is asking the client to > send a token that gives it access. > Yes but say e.g. that the RS is a message broker and the client is a publisher, writing sensitive data to the RS. I think Steffi's point definitely warrants text in the security considerations, outlining how a client could detect that a token has expired. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
- [Ace] Fwd: New Version Notification for draft-iet… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Overwriting Tokens Ludwig Seitz
- Re: [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Overwriting Tokens Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- [Ace] Token (In)Security Stefanie Gerdes
- [Ace] Security of the Communication Between C and… Stefanie Gerdes
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Jim Schaad
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Sebastian Echeverria
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Benjamin Kaduk