IETF Logo Mail Archive

Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sun, 18 February 2018 17:19 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 737211201F2 for <ace@ietfa.amsl.com>; Sun, 18 Feb 2018 09:19:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yawDFPbk8Dl for <ace@ietfa.amsl.com>; Sun, 18 Feb 2018 09:19:30 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0051.outbound.protection.outlook.com [104.47.0.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBDF41200B9 for <ace@ietf.org>; Sun, 18 Feb 2018 09:19:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=AFxBNpWjY4YB4DWlKRV6u59Kz4xa36tt8+qOyCYm9NU=; b=qngiqXbTR2NP4mwZZClo48WSL6+wUh7qfe2CtlG29GSwqngCBoZ2vfGlnz/n8JiUo+93tuDeWvdXdI6ddb1qotsYYmsWL++64matw+t8eEhJshExK4rjScU+xWDTlIHpyPofnITBSKYqzvkSvGpT8Bqx4+j/NK07+WBNEdVYjv4=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB1473.eurprd08.prod.outlook.com (10.168.5.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Sun, 18 Feb 2018 17:19:25 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::7954:44ac:aab4:bc2c]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::7954:44ac:aab4:bc2c%14]) with mapi id 15.20.0506.021; Sun, 18 Feb 2018 17:19:25 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: ace <ace@ietf.org>
Thread-Topic: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark
Thread-Index: AQHTqM6IxAS77gQkjk+VU/b7JuvkYaOqWx3wgAAC+4CAAAASYIAACCQAgAAAMaA=
Date: Sun, 18 Feb 2018 17:19:25 +0000
Message-ID: <AM4PR0801MB27066AE1501BFA5D972137BAFAC90@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <A5100B3E-DBA2-4FBF-9AE4-8E54CE161BCB@tzi.org> <AM4PR0801MB2706F84DFA48E37BBED4C512FAC90@AM4PR0801MB2706.eurprd08.prod.outlook.com> <05040BBB-5E6E-4569-8F8C-944CA04BBA3C@tzi.org> <AM4PR0801MB270639E05AEB6201860503A4FAC90@AM4PR0801MB2706.eurprd08.prod.outlook.com> <4EEA7253-4C7B-423A-8A3F-B0C9D798A257@tzi.org>
In-Reply-To: <4EEA7253-4C7B-423A-8A3F-B0C9D798A257@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.122.50]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB1473; 7:WrgarpbHR+90lRrHsV9mUXHzeOD14EAnnhUduc/QsRc6VbM3xdtiO3EiXV15vGcjaggmuhEpTN0f2GhE7qbOg+mGrzZ9QSsns0FOjVu6Cg+OVkkRCHodZTT2Un7ZX1sVpWdXXgH/wWwKDGr5zzsNZfaBYsQnllZxC8iHqoD21nrFog3JmqM5SoOg0UzYwXiXJ8fM3SJKAcMuwqCLToJnlautqezcbSfQl8jbgBJMYMoPzGXhQA7SednBJgUd5VlH
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d3ca5672-5403-4924-ef0d-08d576f3c250
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB1473;
x-ms-traffictypediagnostic: AM4PR0801MB1473:
x-microsoft-antispam-prvs: <AM4PR0801MB1473214CA6F629D29D3B80F0FAC90@AM4PR0801MB1473.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001056)(6040501)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(6041288)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:AM4PR0801MB1473; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB1473;
x-forefront-prvs: 058707456E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(376002)(39380400002)(396003)(346002)(366004)(189003)(199004)(13464003)(40434004)(86362001)(14454004)(105586002)(5660300001)(229853002)(478600001)(2900100001)(66066001)(93886005)(68736007)(3280700002)(2950100002)(6916009)(81166006)(3660700001)(33656002)(72206003)(316002)(97736004)(81156014)(8676002)(25786009)(9686003)(53936002)(106356001)(6116002)(55016002)(6246003)(8936002)(6436002)(3846002)(99286004)(102836004)(26005)(2906002)(59450400001)(7696005)(76176011)(6506007)(53546011)(305945005)(74316002)(5250100002)(4326008)(5890100001)(186003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB1473; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: LuNPNjTKQPzAJGLxAj6zjGM6prVQAhpND6PH2eIq9Y1CJFLV/rpMENgAko9VFYcZnjJpQzL+LLPngFQu/5F53QUleTVBDutw0po2Ab/gZVAxmGjJ3ny3iDQ5ziLQL8pil9CPI1UIJQn75lpnA8GOZn4AUXuo0tMSnRxEZ5GvGi4=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d3ca5672-5403-4924-ef0d-08d576f3c250
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2018 17:19:25.1382 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB1473
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/XwQ8iBR6rX_D9DlMOSMC69uzHdM>
Subject: Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Feb 2018 17:19:33 -0000

Hi Carsten

It seems that I have misunderstood you. If you are not talking about the initial provisioning then all we need to do is to clarify. Looking at Appendix B it appears that some text needs improvement.

Ciao
Hannes

-----Original Message-----
From: Carsten Bormann [mailto:cabo@tzi.org]
Sent: 18 February 2018 18:15
To: Hannes Tschofenig
Cc: ace
Subject: Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark

On Feb 18, 2018, at 08:52, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>
> Hi Carsten,
>
> The challenge is that there is not a single way used in deployments. Some of the techniques fall outside the scope of the IETF (such as the manufacturing-related interactions), link layer specific approaches (such as a Blueooth Smart App), or Secure Element-based concepts.
>
> Note that related solutions, such as ZeroTouch, ANIMA, EST, also leave this initial provisioning undefined.

But this is not about initial provisioning (CAM-C), this is about C talking to an RS.
If there are only intra-silo ways in ACE to get this going, we should clearly document this.
Also, we need to clearly state what we believe needs to be achieved in that intra-silo step so the ACE protocol can rely on the security properties achieved there.

> I am not saying that nothing should be standardized but it will be difficult to recruit the appropriate expertise and to get the relevant companies to participate.

The IETF is generally most successful when it works on building blocks that then can be picked up by implementers and other SDOs (that pickup process then serves as another layer of quality control for us).  I don’t know why we have to be shy about this specific area for building blocks.

Grüße, Carsten

>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Carsten Bormann [mailto:cabo@tzi.org]
> Sent: 18 February 2018 17:45
> To: Hannes Tschofenig
> Cc: ace
> Subject: Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark
>
> On Feb 18, 2018, at 08:35, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>>
>> Hi Carsten,
>>
>> We should maybe add that this information is provisioned either during manufacturing, via a commissioning tool or some other mechanisms. Not sure whether this will indeed add more but it might be useful to know.
>
> For a protocol that is meant to be interoperable, there need to be standard (if not MTI) ways of getting this done.
> At least we need to have a defined interface between CAM (“commissioning tool”) and C for letting C know what was agreed about how to address AS and which RSes it should be used for.
>
> Grüße, Carsten
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email