[Ace] Fwd: New Version Notification for draft-tiloca-ace-group-oscore-profile-05.txt
Marco Tiloca <marco.tiloca@ri.se> Thu, 25 February 2021 12:50 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37BD63A1968 for <ace@ietfa.amsl.com>; Thu, 25 Feb 2021 04:50:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUXBoelsev_R for <ace@ietfa.amsl.com>; Thu, 25 Feb 2021 04:50:17 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2073.outbound.protection.outlook.com [40.107.21.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D84913A1965 for <ace@ietf.org>; Thu, 25 Feb 2021 04:50:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eXPnxg23Y7O2m6CmYPL/bFtwqhtgLJ6emi/PKq2wgX0HZGP/N6EvA9+dk6KmC1L/mI8ho0u3zjBK3krm4CZl4VRUcY70jN7Ssw8x4JPc/m7WnxWfagn3U7GO3BvE3FsP8mxLZEBVWWP7W88dkdizSmkMZDd3DbkXLfzHkZpcoxYe81N0a8yDQQaTkJgeoItwPdgMhgXlVMcflEB8oqinginaP6qm9IhcUy/WLepnuEigpLngyL+olM0PrBsXr2DHyCIWIFq8P8Yg1JC0OnjVjKWJpJB/xW21CREEsHqgffaZ7OqvNZ1ZCLgX8avOl03BFRXZll1lBvxoTc63PxlEhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qD+ftj/CJ47iaal6zJDPmCW8YWOcL1ZdiLHXGnhNKGg=; b=DrWSkzKuXrQNhgEAq1GJeex2vEXVGwNAeta/elAesyfPZtY5NZaTOp4LXlpaFgXbr/riTA51pWpUXhq/S0NUdYUUDJVFKlfEEcy7f4Rwa01AWPxvogqC9r9Kb0SyEfKbg2SkRBtJqxlGsClqfLo2dGBKbEV8tUdSXQx92oCT8MahyiU5aNY6k9bXmNNVnVz1/mZ00c7a3b6Lk/1BK89ZGxk9sCYz6vHDFIHHVqtEMWWMB1kHM8cddQHh1Uf/UrtUMAiaN/Nk7xLjKKDTUVq/gvADnOYOm/dx+/q5brE1CsERRzJ/lc06bE5LXeob/oFMtGHvEI9UetARfkd1gQ64ew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qD+ftj/CJ47iaal6zJDPmCW8YWOcL1ZdiLHXGnhNKGg=; b=QatplvAhx16QjQQcYgOfS/1ftyrJyVgAixpoeFhKek1Gt+WKBloQO2U6QCAKJcZ/dVSVZbHMqzStMKFC922leSYKU11C1df0r1Dz8h63MxrP5yauqr6IEIS1RLwAbjoZJ8v0ppPKG7LDS0GgAsZ5MDkMrqRdesJ8mNWjZiOcRPg=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB8P189MB0935.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:165::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Thu, 25 Feb 2021 12:50:13 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::1df7:be0c:4934:88bf]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::1df7:be0c:4934:88bf%9]) with mapi id 15.20.3890.020; Thu, 25 Feb 2021 12:50:13 +0000
References: <161401371803.2832.14603346145501209049@ietfa.amsl.com>
To: Ace Wg <ace@ietf.org>
From: Marco Tiloca <marco.tiloca@ri.se>
X-Forwarded-Message-Id: <161401371803.2832.14603346145501209049@ietfa.amsl.com>
Message-ID: <ca2acd2c-c0b7-48e5-7c83-34eb1279ed51@ri.se>
Date: Thu, 25 Feb 2021 13:50:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
In-Reply-To: <161401371803.2832.14603346145501209049@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="mu2fClMMwXSnXnFNSqpPCAVWMmvnCxZkO"
X-Originating-IP: [185.236.42.111]
X-ClientProxiedBy: HE1PR0301CA0001.eurprd03.prod.outlook.com (2603:10a6:3:76::11) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.0.6] (185.236.42.111) by HE1PR0301CA0001.eurprd03.prod.outlook.com (2603:10a6:3:76::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Thu, 25 Feb 2021 12:50:12 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3f1f8288-89d6-4662-00b2-08d8d98be482
X-MS-TrafficTypeDiagnostic: DB8P189MB0935:
X-Microsoft-Antispam-PRVS: <DB8P189MB093571CF890F823143E79A0B999E9@DB8P189MB0935.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:2449;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: oTnhc4EwT0X3ZpSwRQtRVlaquweF9nxY3Ci5PWXJQAP/IuMEwD9KJhPxDVoUb1Vlk13zBQ+w6F3Jc7p3TfXTd+LjHcNyJ0uOgKA47+1VVnDp5WhiuTd5zt7EFH8IjtrZziudCOjSnZx5q++ntb/uVv98PJXqL1txzoSL0SD9ZAxjpchy6jZvXr/1Wpb4Y7C1p9nsZmAiFQv7Sx0XipIgrcyYeJPR8BDHLcjU3gMOOaJ5KBnfczCUc/UPtPKVh26HjaIVE9aE40wNODybL4IjcsGr1rbhatg3rF7zA9AnvQKz1ffSbtanfNyyt/s1gIShlMza8WKqozBk6r9aNUtszYvDRG3IU805uSvg/xpo+PYJYUu4MFi3e7RMhdKUu7ocSpNhGXBzBBavLjJsMRe1OU0CufO1PtUNF+7SvurLzE4IeyvrH4J75Z0ybyOLgavPAgop9o44Fk3agHGzuomo9aG/XouD7FZDRAue8MdRlI1PKNVgQNFLTGJontU3heVJex0Pk6yVii3iGdmiIKiZM2VH3kYQlg9kUc15wjnorZJ3fTI/sm0ajZuVgNFTsDI5IVmLN4WuE95TVFOaA1v/p2QqwC0sYXlCqSxN8womm8A33nHp2j56TAkY4FHwdbSvdCvYr+EHr+wbX6wjk6eHCVfpzvf2cSNpkR+NgRl1o8kkmjZAtM42stiQiY+Xvsfm
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(376002)(39860400002)(136003)(396003)(956004)(316002)(66556008)(8936002)(15650500001)(478600001)(2616005)(966005)(66476007)(44832011)(21480400003)(66946007)(26005)(31686004)(5660300002)(66574015)(36756003)(2906002)(16576012)(8676002)(6486002)(30864003)(186003)(86362001)(16526019)(33964004)(31696002)(52116002)(45080400002)(235185007)(83380400001)(6916009)(166002)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: UL90tawbRdHZthO6QOgt21obJNYmiVNeaF7XP2qSc3ghxQiV/WIrN4eQkOKve4b8fIw6bofbcsmebuebIryXX7ePqxlG2v2GWVbpsg7K6c8p4EOOiW0vBrILhxQ+0KWsH3OrtR+bzLm1BllxC1uxfCwWQsDreUDBNJkDSJl6R530j+10Rrb7ggwpooec8iws0vW1lWCrSTauzn+RxLrxHYvCEbREyMHn76vvldzrpKKevejjRHSi6ejpsdHJAf8Kv/kvAS7X7yp8V4/ZpVRCDRJnhrD/gTCtUEkqSBeK2PmzxA9uyw2wNeJd/bm0ded4xXhZkSVwXps7IX1c5rXXyV6TFAA9nrKALAzZVrl9ZYSNoeBoGH4qsmPOqFJjNprtGdEERe13mYBq4wcFJXeZ8eEC1GhUppNviUE9nRNXKKUlowiSsN1aO51HihbuBeNCst3jk6gRqmDXVsYUPBrgp5jstXR8NMaLFF/+m4DLkB+2GZqjw+nzEUHQyhP9lY1U/PPui8ruj5EQgR5LoaNcQ8SJnCX0QIKGhnT1ECgj3tfdcHwYK52RXmcEDHoNO7a2lyCEcFP2l7A4WAlO/TzhbgSpNCa99YGa2kgsOhvnCv29Aoxa9a6N29qezDnTvRSQchPEeEx/LJZx/EZGKKJcFds1R6DIGyAK6eoLH8nqJH982tJELBt8gH0UDZQS2RkD3P3p+GVMsAsdcZ/UlyNxYKhbzIGG7A7dI6VOmzj2cVbNyduu1HJKN3g4wWlkUlyfRxTmwtle8COidopIqB4djj7sQig+/sNssBdl/2Rgk74HI1joeOFt3JUjGZsl95U/1FuxwfnAXA8pBQFGw3F+a3qf7jfoKLAklYcypMkXqvSlMeIG0Nyz5pqwDklcDM/mmof/55GhvxkhKpQEeZREM+Q5mdXm02YKPdX4P3B42i6WZyWQOZEQckppLMY6nIL7zDYX6uHw9UTzH4puRaDGS9wbGSWnFWnhAE0UU+1w+g7281r/qSPDZTIezSsuDaKqfTKN7qer7vhE9bxFtfNNHxtUWdHzp92GlLmcUYWVNmTzAqAjbzD8TIwqm4GvODjr6S2i3CR3D0EBzMgGffFtWn/rZ9fBsDbsmhpeSwtNKN0KUWhMYtpkF2jlSft3PmNKyjBR9DfSHHA7TxkizIm4Ye9NNZezy6imKSPOC9Wi9CUux2ys54CMOZdmmwQDuPM6C6T+rLG95v3Jk5BPmfdKsmnIC3pocTokSveUEzGEiuXLvTHJuSMxlpPs8nGlkB3zIgaSZpsy2Mfc8nm+JuUa8OEriEq21E7cHbKmrhpP4Xxw/lpOpi5xgmq2/ZC6ERwk
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 3f1f8288-89d6-4662-00b2-08d8d98be482
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2021 12:50:13.2293 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ZsawQvIIC88ztMW1nl3Mnv05NvOnqZ1vt3TKXEY8BrXMjzBQjc6/XsQ8vBEEMlrLvOjCzOn+ZZ93khBrFynSYQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB0935
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/YR9r1y5oHH_8E7BXqVSyW80j6Hg>
Subject: [Ace] Fwd: New Version Notification for draft-tiloca-ace-group-oscore-profile-05.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 12:50:21 -0000
Hello ACE, We have recently submitted an updated version of draft-tiloca-ace-group-oscore-profile https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-05 The document describes a profile of ACE where client and resource server(s) communicate with Group OSCORE. This supports fine-grained access control in group communication environments, where different group members have different access rights to the resources of the servers in the group. This version further builds on the major update done in v -02, with the profile now focused on Group OSCORE as only security protocol. Changes are especially about: 1) Overall alignment with phrasing and considerations from the latest updates to the OSCORE profile [1]. 2) Addressing comments from Christian Amsüss (thanks!) on: --- defining how to handle the case where the ACE client has changed the public key used in the OSCORE group; --- clarifying what it means to keep an Access Token aligned over time with information about the ACE client as a member of the OSCORE group. 3) Revision of both the main operating mode and the "Dual Mode" in Appendix A, as to the ACE client requesting an updated Access Token for updating its access rights. Comments are very welcome! Best, /Marco [1] https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/ -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-group-oscore-profile-05.txt Date: Mon, 22 Feb 2021 09:08:38 -0800 From: internet-drafts@ietf.org To: Francesca Palombini <francesca.palombini@ericsson.com>, Ludwig Seitz <ludwig.seitz@combitech.se>, Marco Tiloca <marco.tiloca@ri.se>, Rikard Hoeglund <rikard.hoglund@ri.se> A new version of I-D, draft-tiloca-ace-group-oscore-profile-05.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-group-oscore-profile Revision: 05 Title: Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework Document date: 2021-02-22 Group: Individual Submission Pages: 57 URL: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-group-oscore-profile-05.txt&data=04%7C01%7Cmarco.tiloca%40ri.se%7C2839d382f59a40707f0d08d8d754802b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496105234024291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8PEM%2BwR4Mhxjy%2Bx%2BiRxZG2OfOh2b13erpqoevXPvXBI%3D&reserved=0 Status: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-group-oscore-profile%2F&data=04%7C01%7Cmarco.tiloca%40ri.se%7C2839d382f59a40707f0d08d8d754802b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496105234024291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IBRq0lPPp%2F7S6ARs89lZzv98EEh7mp0c%2BtDg1bm2w4E%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-group-oscore-profile&data=04%7C01%7Cmarco.tiloca%40ri.se%7C2839d382f59a40707f0d08d8d754802b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496105234024291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ot53Updjp%2BapQ3qZG0yyIFJQqM1ehgfnZM7WptrNVYk%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-tiloca-ace-group-oscore-profile-05&data=04%7C01%7Cmarco.tiloca%40ri.se%7C2839d382f59a40707f0d08d8d754802b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496105234024291%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6mUaQG2nitER63lfFzQNNwjoVl0adYm4XsKCtN04m1A%3D&reserved=0 Diff: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-tiloca-ace-group-oscore-profile-05&data=04%7C01%7Cmarco.tiloca%40ri.se%7C2839d382f59a40707f0d08d8d754802b%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496105234029271%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=o7EHjgnMixM7zaCjr%2FVPzOJNvXq5e5F04m%2F4Ik4UqxY%3D&reserved=0 Abstract: This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Group OSCORE to provide communication security between a Client and a (set of) Resource Server(s) as members of an OSCORE Group. The profile securely binds an OAuth 2.0 Access Token with the public key of the Client associated to the signing private key used in the OSCORE group. The profile uses Group OSCORE to achieve server authentication, as well as proof-of-possession for the Client's public key. Also, it provides proof of the Client's membership to the correct OSCORE group, by binding the Access Token to information from the Group OSCORE Security Context, thus allowing the Resource Server(s) to verify the Client's membership upon receiving a message protected with Group OSCORE from the Client. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Ace] Fwd: New Version Notification for draft-til… Marco Tiloca