[Ace] Fwd: New Version Notification for draft-tiloca-ace-group-oscore-profile-01.txt
Marco Tiloca <marco.tiloca@ri.se> Tue, 05 November 2019 11:03 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A3C01208BE for <ace@ietfa.amsl.com>; Tue, 5 Nov 2019 03:03:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCU4GDl5gBPM for <ace@ietfa.amsl.com>; Tue, 5 Nov 2019 03:03:40 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on060b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::60b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D36CB1208D4 for <ace@ietf.org>; Tue, 5 Nov 2019 03:03:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VC658qI3yUhceH9ce1c4H/BeGHx6KsmItrcyU/MjLk6LNltJLxeByeJ4kYM3Xw8Ff91Bv0tJKeFyiF8qfPa9HLPi2+WnBaPJuyksTvJLghhM5EDYB8cxcC/q8XxYDokEhUa5A9xijJCo+CnIrrF+tPO69TOpPSP4037pF7+EA+/cA3ZXJuzpuK7Hte1YlQPqCEOEwtSJuhDXvAoskRnbuN8WMJrJSnxiGPHvlK46ylTvqQ6dXlrAy4MYasA0biPOT3i/gy7Rs2lfPc+IciJO6d9QBMNPz/9B3o/tGXzHpu6QmHcvQ9ByCv3AVozdCjg2XSImFYVh2HUwKhucVHnMHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gN4RCLV88jNYJRbPQrxqHEmMPHI0DJDYB+CBnewy2q4=; b=ILx+DwT72iDX65/fVo2sOpjf3aA04nXYqU1U9GzTUX/c/rlg1JbZOwACP7U83IPRTnLlfEhsZxly+rvnDxEnlQWwxE4+lVUOxgsgT7ITa05Q++H9aebgeNVxtcOQXLCLqEmYaNsrvtYKhLvvdJubCGG9a/ZRTPMuRhc+U5FG1NVA1Lnd3oE4fHPaUxnm7YQQZCFjGbF8xWcvREFCw6a9fBSXGSPI4hi3bhrBg82JV2dtxsGRj1lKPeQWhBQgH37ZG5koGzxbJqYuQrihOJPM+MRlChUxp0ux0t9NDGyPLqHwxThH7Fse4n5eMpfy2EMI6b5VOPlRgpGt9HbOpkiGKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se; dmarc=pass (p=none sp=none pct=100) action=none header.from=ri.se; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gN4RCLV88jNYJRbPQrxqHEmMPHI0DJDYB+CBnewy2q4=; b=CRXnkM6M7Jpy9Xj4zvQi0PH9Wp5K6rrsp5T8o7AZf4ijN2CTDXd48FHZjkfp5hFXgKPoj2aWYSSjFCUMTx+oz0ZMr69LZLXm+P9KBspSgLW/EhmCt6+ry6Iz2+hiXjyNy9i0tOB7bXtIztRrp/HTHXt0pFa5dq0hNgsydupIRFE=
Received: from HE1P18901CA0005.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:8b::15) by DB8P189MB0732.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:127::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 11:03:37 +0000
Received: from AM5EUR02FT059.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e1e::201) by HE1P18901CA0005.outlook.office365.com (2603:10a6:3:8b::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.24 via Frontend Transport; Tue, 5 Nov 2019 11:03:37 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=pass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by AM5EUR02FT059.mail.protection.outlook.com (10.152.9.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2387.20 via Frontend Transport; Tue, 5 Nov 2019 11:03:36 +0000
Received: from [10.8.3.8] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1779.2; Tue, 5 Nov 2019 12:03:36 +0100
References: <157289633849.13976.13407883548112694188.idtracker@ietfa.amsl.com>
To: ace@ietf.org
From: Marco Tiloca <marco.tiloca@ri.se>
Openpgp: preference=signencrypt
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
X-Forwarded-Message-Id: <157289633849.13976.13407883548112694188.idtracker@ietfa.amsl.com>
Message-ID: <fd9b732a-b0cf-cee7-72ac-13f5d33ecbb9@ri.se>
Date: Tue, 05 Nov 2019 12:03:35 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <157289633849.13976.13407883548112694188.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="SHZFt4h0KQrvnMZZ9XNNbSCJJdHMHpkAw"
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-1.sp.se (10.100.0.161) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(136003)(396003)(39860400002)(189003)(199004)(5024004)(11346002)(316002)(446003)(31686004)(66574012)(2616005)(5660300002)(336012)(22746008)(26005)(386003)(15650500001)(7736002)(16526019)(478600001)(76176011)(81156014)(568964002)(966005)(81166006)(8676002)(22756006)(2906002)(186003)(606006)(44832011)(486006)(476003)(8936002)(126002)(2351001)(33964004)(70586007)(16586007)(16576012)(36756003)(71190400001)(356004)(40036005)(3846002)(6116002)(31696002)(6306002)(106002)(54896002)(65956001)(86362001)(21480400003)(236005)(65806001)(70206006)(235185007)(14444005)(6916009)(58126008); DIR:OUT; SFP:1101; SCL:1; SRVR:DB8P189MB0732; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ba0a8f8a-5059-4779-c4ce-08d761dfce7d
X-MS-TrafficTypeDiagnostic: DB8P189MB0732:
X-Microsoft-Antispam-PRVS: <DB8P189MB073284928EAA9BBFBC7EFE32997E0@DB8P189MB0732.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-Forefront-PRVS: 0212BDE3BE
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 63Wpkm65RGNc+XOMuSA0EYtCqcyEXzJWqqnCGihS3mz0WN7b8Vpzfqarp/0D2di10gjVfpSJxN1R3uRfgwhhxsFdlWjZH8C0eNoY9DcREhG2luUv8BKe3lHedQg3dNs0GdwWPuD8L1ngHQlhOBFHfBesgnUoXTysOZLlDmwFdAg9u+pSWer0Y3MyjJXDjikkX/hqPz0SKdx6PAgsHfArNZoFrQ+BP0K+YXjOFgj/bkZp8/TVbK5YVdUJHhrL2aaoqi8VxNTayl3qq8PFKP0u9DRIjAVeeZmbyW74165iSZQ5BP/AeP39l2/Ydh8wdEdU16psCbiuK9EN7QKNWz3DWHEC1shU0v1h6p+BMObA8F/kR7GP4xXW8435E+MI9DSi3iGviSUayuSs3efRNjPdkkwvvzhGNAWibrs9FL9S0nvhSdaH3HULdXmSgviqrIUD
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Nov 2019 11:03:36.5634 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ba0a8f8a-5059-4779-c4ce-08d761dfce7d
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB0732
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/cJVV0I6GsaPHe7RDVB5piLORcJo>
Subject: [Ace] Fwd: New Version Notification for draft-tiloca-ace-group-oscore-profile-01.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 11:03:43 -0000
Hello ACE, We have submitted an updated version of the draft "Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework" https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-01 The document describes a profile of ACE where client and server can communicate with OSCORE and Group OSCORE. This supports fine-grained access control in group communication environments, where different group members have different access rights to resources of other group members. The pairwise OSCORE security context between the client and server is established in a way similar to the OSCORE profile, and is securely bound to the Group OSCORE security context previously obtained when joining the OSCORE group. This update is mostly about: 1) More discussions on relevant use cases in the introduction, including input from BACnet (thanks, Dave!). 2) Addressed issue about possible client impersonation, by proving client's possession of its own private key to the AS and including the client's public key in the Access Token (thanks, Jim!). 3) Alignment with the latest v -08 of the OSCORE profile. Comments are very welcome! Best, /Marco -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-group-oscore-profile-01.txt Date: Mon, 4 Nov 2019 11:38:58 -0800 From: internet-drafts@ietf.org To: Ludwig Seitz <ludwig.seitz@ri.se>, Marco Tiloca <marco.tiloca@ri.se>, Rikard Hoeglund <rikard.hoglund@ri.se>, Francesca Palombini <francesca.palombini@ericsson.com> A new version of I-D, draft-tiloca-ace-group-oscore-profile-01.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-group-oscore-profile Revision: 01 Title: Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework Document date: 2019-11-04 Group: Individual Submission Pages: 35 URL: https://www.ietf.org/internet-drafts/draft-tiloca-ace-group-oscore-profile-01.txt Status: https://datatracker.ietf.org/doc/draft-tiloca-ace-group-oscore-profile/ Htmlized: https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-tiloca-ace-group-oscore-profile Diff: https://www.ietf.org/rfcdiff?url2=draft-tiloca-ace-group-oscore-profile-01 Abstract: This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Object Security for Constrained RESTful Environments (OSCORE) and/or Group OSCORE to provide communication security between a Client and (a group of) Resource Server(s). Furthermore, the profile uses (Group) OSCORE to provide server authentication, and OSCORE to achieve proof-of-possession for a key owned by the Client and bound to an OAuth 2.0 Access Token. Also, the profile provides proof-of-group-membership for the Client, by securely binding the pre-established Group OSCORE Security Context to the pairwise OSCORE Security Context newly established with the Resource Server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Ace] Fwd: New Version Notification for draft-til… Marco Tiloca