[Ace] Fwd: FW: New Version Notification for draft-ietf-ace-mqtt-tls-profile-02.txt

Cigdem Sengul <cigdem.sengul@gmail.com> Sun, 03 November 2019 23:08 UTC

Return-Path: <cigdem.sengul@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B3A1120074 for <ace@ietfa.amsl.com>; Sun, 3 Nov 2019 15:08:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1WddCoJruzv for <ace@ietfa.amsl.com>; Sun, 3 Nov 2019 15:08:08 -0800 (PST)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCDBA12004D for <ace@ietf.org>; Sun, 3 Nov 2019 15:08:07 -0800 (PST)
Received: by mail-qt1-x82b.google.com with SMTP id t20so5516550qtn.9 for <ace@ietf.org>; Sun, 03 Nov 2019 15:08:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=8iqv5bjlfx3TYjIw99tRFMHCd9BDlaA4BssQ2TSG7nQ=; b=pzvC29SMTUkVhECqApClim4GFsv/NO8Js/3r76cnZM1wWPlySvzZopLRI7dtbqbgEo nPMFh68/BS8PF7lrX00bLE6YhcW7HiZpKupkop2HcSBNSiZGkerU5LBklqRhUxKrGf/i TTGRTgzHOd0xtC/SeLtyUi/jqkZ/9ZZE6J7rwkW8vMAEKpfXeEYE+1Y8PuEB2LgUZjYn xNH0+1tj/3+/ASBV0/39CVcEiWkK/BMgOC6BmedJHGFyPFJDqkMVjWCfqK2YNIgNn9dm 0q+1zTG0w9chF36Su8O6QToqy9sKloR6DaKNSE0P5/MpEUq/T1NCZO/72ygYZAoQVZbc DUlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=8iqv5bjlfx3TYjIw99tRFMHCd9BDlaA4BssQ2TSG7nQ=; b=fJcgFYoK8/1rqxfGt32N1hpVcXTaUgN0nJpkbi9xNx+u8YRcNYijT4nSwpuwjjTRe/ KnUaMXWJwwSoA9P3tot38ob78vJd9s735B3WmgAT4Dpr7F9xmkOglpfxvNwXpdlpTRsr HV+GPrxrp608VpM8HvZ6on3/5o+OCVWyk9G15REIKh7NkriAL4VvRmA5tfWEOGFUONo6 3ttEdNfiGfaVNQ7PVT6q8ICuStZXdYzx/qDY7SrDghvoiZfQPO1hY+jGe3XEn0pjIKFm oZygPb01LHO5lK0lvm2c0+LYxi1RgZyiQPXe3wayO2jSX3SuFoNhJm6RFFdOt7dvxHe4 socQ==
X-Gm-Message-State: APjAAAWbpdshAvzIap/Jc/lccVRg34RgmLn7DxZFNJoqLJelqTXOJsEF Z4aXg6LGXdWfkd5z/RA3KlUjKJ1JdzKZKQruL9kBkM2m5Tk=
X-Google-Smtp-Source: APXvYqz0QhrhlL3IgHwbg1+KTNj+RrtyrtwfCKHm5sCjD1ACT1jeJZBL6c1po5Bcn1d5+3CKDSrHiIRrXpJ09kwWRUs=
X-Received: by 2002:ac8:70c5:: with SMTP id g5mr6923505qtp.344.1572822486384; Sun, 03 Nov 2019 15:08:06 -0800 (PST)
MIME-Version: 1.0
References: <157282181776.13473.12822667311244855764.idtracker@ietfa.amsl.com> <166A48BD-1812-40F6-AB35-925E49806912@nominet.uk>
In-Reply-To: <166A48BD-1812-40F6-AB35-925E49806912@nominet.uk>
From: Cigdem Sengul <cigdem.sengul@gmail.com>
Date: Sun, 3 Nov 2019 23:07:55 +0000
Message-ID: <CAA7SwCNmT_zXiALhVr79DpL=chLF+oXmY-dSKhDTY+5wiF-LVw@mail.gmail.com>
To: ace@ietf.org
Content-Type: multipart/alternative; boundary="000000000000988b440596794560"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/dq1ecyigz4esKV05lDo-8OP-SJA>
Subject: [Ace] Fwd: FW: New Version Notification for draft-ietf-ace-mqtt-tls-profile-02.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2019 23:08:12 -0000

Dear ace,

I have just submitted a new version of the mqtt_tls profile to address Jim
and Daniel's comments.
Mainly the changes include:

 Version 01 to 02:


   o  Expanded Client connection authorization to capture different

      options for Client and Broker authentication over TLS and MQTT


   o  Removed Payload (and specifically Client Identifier) from PoP

      validation in favor of using tls-exporter for a TLS-session

      based challenge.


   o  Moved token transport via "authz-info" topic from the Appendix to

      the main text.


   o  Clarified Will scope.


   o  Added MQTT AUTH to terminology.


   o  Typo fixes, and simplification of figures.

Tried to capture all input, however,
I am aware that the part that uses tls-exporter for PoP is under-specified.
However, this got a bit confusing to specify after reading the ace-coap-est
channel binding and tls-unique discussion.
Also looked at other drafts like QUIC, TTLS etc. that use tls-exporter to
export keying material and challenge information.
It seems necessary to register a new label for the exporter?

Thanks,

--Cigdem




´╗┐On 03/11/2019, 22:57, "internet-drafts@ietf.org"; <internet-drafts@ietf.org>;
wrote:


    A new version of I-D, draft-ietf-ace-mqtt-tls-profile-02.txt
    has been successfully submitted by Cigdem Sengul and posted to the
    IETF repository.

    Name:               draft-ietf-ace-mqtt-tls-profile
    Revision:   02
    Title:              MQTT-TLS profile of ACE
    Document date:      2019-11-02
    Group:              ace
    Pages:              24
    URL:
https://www.ietf.org/internet-drafts/draft-ietf-ace-mqtt-tls-profile-02.txt
    Status:
https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/
    Htmlized:
https://tools.ietf.org/html/draft-ietf-ace-mqtt-tls-profile-02
    Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-ace-mqtt-tls-profile
    Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-mqtt-tls-profile-02

    Abstract:
       This document specifies a profile for the ACE (Authentication and
       Authorization for Constrained Environments) framework to enable
       authorization in an MQTT-based publish-subscribe messaging system.
       Proof-of-possession keys, bound to OAuth2.0 access tokens, are used
       to authenticate and authorize MQTT Clients.  The protocol relies on
       TLS for confidentiality and server authentication.




    Please note that it may take a couple of minutes from the time of
submission
    until the htmlized version and diff are available at tools.ietf.org.

    The IETF Secretariat