Re: [Ace] secdir review of draft-ietf-ace-dtls-authorize-14
Olaf Bergmann <bergmann@tzi.org> Tue, 02 March 2021 15:21 UTC
Return-Path: <bergmann@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30DE33A1CCC for <ace@ietfa.amsl.com>; Tue, 2 Mar 2021 07:21:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IG7XKB_Uv0uw for <ace@ietfa.amsl.com>; Tue, 2 Mar 2021 07:21:08 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB1D3A2941 for <ace@ietf.org>; Tue, 2 Mar 2021 07:20:42 -0800 (PST)
Received: from wangari.tzi.org (p5b36f033.dip0.t-ipconnect.de [91.54.240.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Dqgn3703hz107Y; Tue, 2 Mar 2021 16:20:39 +0100 (CET)
From: Olaf Bergmann <bergmann@tzi.org>
To: Daniel Migault <mglt.ietf@gmail.com>
Cc: Göran Selander <goran.selander@ericsson.com>, Olaf Bergmann <bergmann@tzi.org>, Russ Mundy <mundy@tislabs.com>, "ace@ietf.org" <ace@ietf.org>, Stefanie Gerdes <gerdes@tzi.de>, Francesca Palombini <francesca.palombini@ericsson.com>, Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>
References: <871rdqihww.fsf@wangari> <FD569111-85F8-40A2-8C97-764977309B87@ericsson.com> <CADZyTk=HB26o=mUpUdbYEhfhrGZar+oe28c5PZ2_j-vKYVA6xg@mail.gmail.com> <c6d42d18-f1f3-ec00-fff9-3540fa222d23@tzi.de> <9911269D-AA7F-458C-AA1A-2D59A79C5A00@ericsson.com> <CADZyTkn=3GigtTiihQX0ORYyO0dV0qCfVMtTn37vbsqJuQUJxw@mail.gmail.com> <026242c2-2c6a-485b-cb51-34b2b2d70975@tzi.de> <DM6PR15MB23796DF01885DC7F86C15583E3879@DM6PR15MB2379.namprd15.prod.outlook.com> <6b5368a6-b8ba-81eb-0c10-6a052fcbad67@tzi.de> <DM6PR15MB23798EE51BDED9BB7D0438E3E3869@DM6PR15MB2379.namprd15.prod.outlook.com> <2C5A1AA5-6124-407B-A342-AA367CB6D536@tislabs.com> <DM6PR15MB23799382A92C9B2074B1BF42E3859@DM6PR15MB2379.namprd15.prod.outlook.com> <F6B1D3C5-DE79-42B4-8CEA-620C86EABF4B@ericsson.com> <CADZyTk=y7Zf3Atvt7d5c17KEbnc5CESoOyBsa0TgpMchX4FcPQ@mail.gmail.com> <CADZyTk=gc8ybr5+wQhN0P_Vyz2P+g6TtwWcAGYGbofeMeq0cjQ@mail.gmail.com>
Date: Tue, 02 Mar 2021 16:20:39 +0100
In-Reply-To: <CADZyTk=gc8ybr5+wQhN0P_Vyz2P+g6TtwWcAGYGbofeMeq0cjQ@mail.gmail.com> (Daniel Migault's message of "Tue, 2 Mar 2021 09:27:02 -0500")
Message-ID: <87v9a94m60.fsf@wangari>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/dJTI7zkT6TB2wTz_Xial9SoTNvs>
Subject: Re: [Ace] secdir review of draft-ietf-ace-dtls-authorize-14
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2021 15:21:14 -0000
Hi Daniel, On 2021-03-02, Daniel Migault <mglt.ietf@gmail.com> wrote: > This is just a follow-up. I would like to be able to close this issue > by the end of the week, and so far I have not heard any issues for > profile mandating a protocol. On the other hand, not mandating a > specific protocol comes with interoperability issues. So unless more > feed back is provided, I am currently leaning toward ensuring > interoperability. > > It would be good for me to hear from the WG and understand what concrete deployment > issues the two statements below would raise: > * OSCORE profile mandating the AS to support OSCORE and have the C <-> AS using > OSCORE. > * DTLS profile mandating the AS to support DTLS and have the C <-> AS using DTLS. I think the major issue is that a client that implements both OSCORE and DTLS cannot just switch from one mechanism to the other because it must stick to either one or the other. This also raises the question what happens if an AS is contacted by the client via OSCORE but the RS only supports DTLS: Is the client allowed to switch from OSCORE to DTLS if the AS says so? Another aspect is that we would need to add another specification if a client implementing the DTLS profile wants to contact the AS via TLS. As CoAP over TLS is well-defined, this would not make any difference regarding the security or the handling in the application, but mandating DTLS in the profile would currently preclude the use of TLS. Grüße Olaf
- [Ace] [Russ Mundy] Re: secdir review of draft-iet… Olaf Bergmann
- Re: [Ace] [Russ Mundy] Re: secdir review of draft… Göran Selander
- Re: [Ace] [Russ Mundy] Re: secdir review of draft… Daniel Migault
- Re: [Ace] [Russ Mundy] Re: secdir review of draft… Stefanie Gerdes
- Re: [Ace] [Russ Mundy] Re: secdir review of draft… Francesca Palombini
- Re: [Ace] [Russ Mundy] Re: secdir review of draft… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Stefanie Gerdes
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Stefanie Gerdes
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Russ Mundy
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Göran Selander
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Olaf Bergmann
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Francesca Palombini
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Göran Selander
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Göran Selander
- Re: [Ace] secdir review of draft-ietf-ace-dtls-au… Daniel Migault
- Re: [Ace] [secdir] secdir review of draft-ietf-ac… Benjamin Kaduk
- Re: [Ace] [secdir] secdir review of draft-ietf-ac… Daniel Migault