Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06
Jim Schaad <ietf@augustcellars.com> Mon, 23 December 2019 19:49 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29AD9120D2A; Mon, 23 Dec 2019 11:49:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2iqbALqDCHJD; Mon, 23 Dec 2019 11:49:43 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85C60120D43; Mon, 23 Dec 2019 11:49:41 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 23 Dec 2019 11:49:30 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'Seitz Ludwig' <ludwig.seitz@combitech.se>, 'elwynd' <elwynd@folly.org.uk>, 'Ludwig Seitz' <ludwig_seitz@gmx.de>, 'Elwyn Davies' <elwynd@dial.pipex.com>, gen-art@ietf.org
CC: last-call@ietf.org, draft-ietf-ace-oauth-params.all@ietf.org, ace@ietf.org
References: <60524620-542b-293d-d954-7c7ecb45bde1@gmx.de> <E1ij5wt-0004Yd-1F@b-painless.mh.aa.net.uk> <343e0d4096cf4bb782cccf10176748f1@combitech.se>
In-Reply-To: <343e0d4096cf4bb782cccf10176748f1@combitech.se>
Date: Mon, 23 Dec 2019 11:49:28 -0800
Message-ID: <010701d5b9ca$18f4b3c0$4ade1b40$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0108_01D5B987.0AD432E0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGqYNEoQJoR/zVTA38PKB/Cx2EopAIXUDtOAVeE6aOoA1uCIA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/aG0lrY_j2Eb3qWqbneaUGDiM7M4>
Subject: Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2019 19:49:49 -0000
From: Ace <ace-bounces@ietf.org> On Behalf Of Seitz Ludwig Sent: Sunday, December 22, 2019 11:52 PM To: 'elwynd' <elwynd@folly.org.uk>; Ludwig Seitz <ludwig_seitz@gmx.de>; Elwyn Davies <elwynd@dial.pipex.com>; gen-art@ietf.org Cc: last-call@ietf.org; draft-ietf-ace-oauth-params.all@ietf.org; ace@ietf.org Subject: Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06 Hello Elwyn, Sorry for being a pain. I have one more comment. /Ludwig (now finally from the corporate account) From: elwynd <elwynd@folly.org.uk <mailto:elwynd@folly.org.uk> > Sent: den 22 december 2019 19:27 To: Ludwig Seitz <ludwig_seitz@gmx.de <mailto:ludwig_seitz@gmx.de> >; Elwyn Davies <elwynd@dial.pipex.com <mailto:elwynd@dial.pipex.com> >; gen-art@ietf.org <mailto:gen-art@ietf.org> Cc: last-call@ietf.org <mailto:last-call@ietf.org> ; draft-ietf-ace-oauth-params.all@ietf.org <mailto:draft-ietf-ace-oauth-params.all@ietf.org> ; ace@ietf.org <mailto:ace@ietf.org> Subject: Re: [Gen-art] [Ace] Genart last call review of draft-ietf-ace-oauth-params-06 Hi, Ludwig. Having had another look at section 3.1 of draft-ietf-ace-cwt-proof-of-possession, technically the rules about which keys have to be present are not part of the syntax of the cnf claim. The point can be covered by changing '"syntax of the 'cnf' claim" to "syntax and semantics of the 'cnf' claim" in each case. [LS] Ok. Will do. However, the second look threw up another point: Figure 2 in s3.2 gives a Symetric key example - I think this should use an Encrypted_COSE_Key (or Encrypted_COSE_Key0) as described in section 3.3 of draft-ietf-ace-cwt-proof-of-possession. [LS] Figure 2 in 3.2 gives an example of a AS response to a client requesting an access token. As per the requirements from draft-ietf-ace-oauth-authz, this communication MUST be confidentiality protected, therefore it is unnecessary to additionally encrypt the COSE_Key. The provisions in 3.3 of draft-ietf-ace-cwt-proof-of-possession are for access tokens in CWT format, containing a symmetric key, that are not encrypted themselves (i.e. only MAC:ed or signed). [JLS] I tend to agree with not doing the encryption in the example. The encryption is not required as protection could be done elsewhere and having an example that people can read increases the usability of the example. Jim Otherwise I think we are done. Eventually we will get to Christmas! [LS] I promise to leave it be over the holidays.
- [Ace] Genart last call review of draft-ietf-ace-o… Elwyn Davies via Datatracker
- Re: [Ace] Genart last call review of draft-ietf-a… Ludwig Seitz
- Re: [Ace] [Gen-art] Genart last call review of dr… elwynd
- Re: [Ace] [Gen-art] Genart last call review of dr… Ludwig Seitz
- Re: [Ace] [Gen-art] Genart last call review of dr… elwynd
- Re: [Ace] Genart last call review of draft-ietf-a… Ludwig Seitz
- Re: [Ace] [Gen-art] Genart last call review of dr… elwynd
- Re: [Ace] [Gen-art] Genart last call review of dr… Seitz Ludwig
- Re: [Ace] [Gen-art] Genart last call review of dr… Jim Schaad
- Re: [Ace] [Gen-art] Genart last call review of dr… Ludwig Seitz
- Re: [Ace] [Gen-art] Genart last call review of dr… elwynd