Re: [Ace] Security of the Communication Between C and RS
Ludwig Seitz <ludwig.seitz@ri.se> Tue, 18 December 2018 14:38 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3713126CC7 for <ace@ietfa.amsl.com>; Tue, 18 Dec 2018 06:38:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.36
X-Spam-Level:
X-Spam-Status: No, score=-3.36 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vm7z_foI7JVB for <ace@ietfa.amsl.com>; Tue, 18 Dec 2018 06:38:39 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4B66127AC2 for <ace@ietf.org>; Tue, 18 Dec 2018 06:38:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-ri-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+FF3+bkQ+bC4Zn1KzYnKsjc+0/P74MsFxX0g90DDHmI=; b=hsWKKo3RxKwbV92uUme1ROzNPR8ABKUxV8nC8m8VjpG2SMBQN8O68mUyg4w9D+0b2kZV1s4BKzPsiOlxHvYAuakFCsfKhFw/GiJKEU4rvqOrFtpxiHZcpFfeFlqtCg35R/vgmXvpXbjm0BKwcQ09gpNFt3rsIfKDbC1FCPWGKj8=
Received: from DB6P189CA0026.EURP189.PROD.OUTLOOK.COM (2603:10a6:6:2e::39) by DB6P18901MB0102.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:26::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.17; Tue, 18 Dec 2018 14:38:36 +0000
Received: from VE1EUR02FT064.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e06::208) by DB6P189CA0026.outlook.office365.com (2603:10a6:6:2e::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1425.19 via Frontend Transport; Tue, 18 Dec 2018 14:38:35 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by VE1EUR02FT064.mail.protection.outlook.com (10.152.13.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.1446.11 via Frontend Transport; Tue, 18 Dec 2018 14:38:35 +0000
Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Tue, 18 Dec 2018 15:38:34 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Stefanie Gerdes <gerdes@tzi.de>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
References: <154322421294.8323.8505315870685563404.idtracker@ietfa.amsl.com> <cbd083d1-cb95-0732-aa8b-7c7de3f480d1@ri.se> <a0cdd836-7fe3-339e-0c48-961503857447@tzi.de> <03b601d49191$7d1bb400$77531c00$@augustcellars.com> <945fbebe-659f-ac72-3ab6-8e05447e7c92@ri.se> <1c5b81f3-50ce-be68-bec3-68ce2ff15b43@tzi.de> <4ae4eccd-68bf-18ef-f909-142f8172eca1@ri.se> <81ba3ab4-a9ce-a6fd-fbe6-c36a6fbbd9a5@tzi.de> <VI1PR0801MB2112E04F9FD7412350995417FAA20@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b994af16-9bb8-4386-e7d2-321e453417fc@ri.se> <VI1PR0801MB21124D7C11F3A1F49DCA9A2CFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <VI1PR0801MB21126DDCCA251EEB8DB21DAAFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <6aa8d090-df64-ab97-326e-4511dbe105de@ri.se>
Date: Tue, 18 Dec 2018 15:38:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <VI1PR0801MB21126DDCCA251EEB8DB21DAAFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(396003)(376002)(39860400002)(346002)(136003)(2980300002)(199004)(189003)(14444005)(508600001)(26005)(64126003)(31686004)(53546011)(386003)(16526019)(11346002)(33896004)(305945005)(77096007)(186003)(7736002)(336012)(76176011)(6246003)(22746007)(22756006)(40036005)(104016004)(74482002)(446003)(2616005)(44832011)(230700001)(476003)(486006)(126002)(117156002)(3846002)(6116002)(2906002)(67846002)(106466001)(5660300001)(65806001)(65956001)(8936002)(229853002)(47776003)(8676002)(81156014)(81166006)(93886005)(65826007)(36756003)(106002)(356004)(69596002)(58126008)(110136005)(16576012)(316002)(68736007)(97736004)(86362001)(31696002)(2501003)(50466002)(15650500001)(53936002)(2486003)(23676004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P18901MB0102; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; VE1EUR02FT064; 1:D2jQt5tYI4aRHUly4L/D/5C8XetOAa3zsOq4CTz/Ih/Cvdvq+AaWJziGrrv7K1Z0/RIEdHRe+oUhSlZvbdgH4RHNiaDdhzJR++UQW4e5uOXY50wjOJHSz5B3Qkqlbl7U
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 27c6e4ec-5a75-4bdf-3d53-08d664f67df2
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4608076)(2017052603328)(7153060)(7193020); SRVR:DB6P18901MB0102;
X-Microsoft-Exchange-Diagnostics: 1; DB6P18901MB0102; 3:MKrpDg4IHvSHSf7zIebOozgSkHTw8P9WJGViwI7Viko5szDMKWYhJWXTZgf8eNsBTOttO3dGi6vG8nW2Q09VU/YmkPO5+dEic/Kvlb0FF8hcqGanX+Gok93qxfA7Y+5o1f6xcIxy4yM5zlvjzSKdOQSDj5VdT9sumRDhQXICtrbsoc09BMozkGW4zZw01QBktB+ivWvnQhc6bo3v+Je565O2GY7HJIsDJVpDD3xD25yNadZisrARVSsU5TUUxneU/7HRY1T9IaDpWuo1UNH0FJfF+1DfLemOGExO51SE/+IfVUM9jibBPdYIAgn672N+OcWQ25v/eqwHlDt92PYBUzy5LWNtYmhkm3Mj8SnE0m8=; 25:8z6MVCnUXjwWRVnBeu19p1iox5mDdOG3/EkNmD8WJh3g0WGhxVFPyemO8DrbDekBT0raUaPEwT85dnZdIk8ALHQ57IrF6C4ZZ1CZ4knGJlObU0CxI8H8QkEAOCY2zRTukQ84RYyWVPqPwXZCMJFXXP09khMSacxtQNtuJYJkzLrAyLkMRtQCBNc2ogshA97LNNf6Qv+xKZGUqDDfruuH1YInS5oIgRkhFqdiD3AhQeXfujYQaeVCYltz+Dsqgx9QfCVzBDuFg4giaPwkAsaT/2cuijBcsGGosNP+NzkBinbQmx1EGiSl3EpnqDpsKYkDwh54OUOH1pMRxy09hVIKuA==
X-MS-TrafficTypeDiagnostic: DB6P18901MB0102:
X-Microsoft-Exchange-Diagnostics: 1; DB6P18901MB0102; 31:qr8mGTAn6ZddvIW86nf+n5ss56GnJLKHYpnDjiAUak67VyFotgloNNHb2Dx2H+QitlwE0P/RbLaSyTetDWIlQsexUZrPISx/mqEcmGyUQF3hsgCgG2pIXgg2SgQX9hWMa1lJ+7vc+NQZQwwpVnmsktWhKku1dbCAhG+CTSsrXDWTG/XoFCqXFO0ol31YSkLnNalbPQe8pmHJ5yPNkYzs8BwFIK1xKREGtLEFeDQ77Wo=; 20:FrZZMPvxbz2vXlswpCtNF6JZpTrdeFEN2Qw8VShJU9WvYGQzmZnEAKKxbIEiefPUvUOTe+YhgO3kRhNdNRO4gzKvaLnkVHDqstRVn4Yz5meRpbF12o8Xub1rfEZ6sLDuyDmeQTvvDaoc+uFkrlk16OxiIH+gC0veWFvvWovahOz8XHknUBkNyKbW4DxCHUFq7UKb4jBHzJiqe7OERRrRC77isWTK64rFMcpZ4RdhRXlfEgOFEjp5zDa4+bfxTkOD; 4:nkJtoSszsMFq7RYWtEipHXmMmWhESZbTAJIAVihitSQ7zWMIyZEMh9CUO1OUagPvzVgUp2PhSOljaIcT6M0RIL06H0THKyXBPvahQS6WL6kvhM70qM1l1h2mKSGtmxobh4gnbXTfEy6Ucj3ZL87oGDZ2xxt5gXfRwz5EU1ONR+efTayxBaCs9U2azi4MZ6J52iwlcwEWI2DPLSvQLeaHpxCFjth7jErJHsrtPyDjPibf0L3PNJlAHEdRPbZa7c77QJNv9tNM0/tCyoRuFuNB/w==
X-Microsoft-Antispam-PRVS: <DB6P18901MB0102766DFDCCDA39BF324A9282BD0@DB6P18901MB0102.EURP189.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(93006095)(93004095)(3231475)(944501520)(52105112)(10201501046)(3002001)(148016)(149066)(150057)(6041310)(20161123562045)(20161123564045)(2016111802025)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(20161123560045)(6043046)(201708071742011)(7699051)(76991095); SRVR:DB6P18901MB0102; BCL:0; PCL:0; RULEID:; SRVR:DB6P18901MB0102;
X-Forefront-PRVS: 08902E536D
X-Microsoft-Exchange-Diagnostics: 1;DB6P18901MB0102;23:bBrMGqTS68SCZpZvak5pcpwmz2/8dviDwvolBiqfuroOMsbYqCPMI9CJcCiBRm3JiSKQDogR6ebHikDEf7SSK9cULH8kjlumZ3KQ+MUxBc/w3HD//O80q42DNOCkMS1PG8HQ7TEUI13TCPLTiG0w3Ih9cFxi9jb1+cndiuONhSelbG8nIrqFZlMP8F+JXpDhPweOSBU1Ktg8uZyDL8PsgOoJ03dYQVKbCF4oiFxg7lrpoZ+Jff3ZBBxeFvyoAKJ6C1ulNm0uWtzqeyapdYNhPfFj/n/tmyEYdcYCe5RkEz31UJgGWFOp2nG8iRZNcCTFCW5NFL9uocvN97Y63ZhR3BPyKtB5Vqks3oUNT1wzTbbBglWrNB4w8Moc+wjer23kW4LqhQ529ZGtWbMLGfA6ussdIAc70nFuqth1NQAvtC+LYYd/q7Xd/UcY3bRhO3DTUcDG7+8BQLESbNcHRl0CdbB6zrH6R60e1e8cXlywsgc/zWqJGfq/1+Sr8IWoWoGUM9FF7ObXEPuzW9CCy/Vg3Z9aaqPXP3AQ7uax1xeQY8gMh2jEg2x7bNrOpDJReXnmzhMNc0sSfiE/AxQ9fmiFy8J8mUT2eJtfmLLtjqwCu6Vi5BI6V023gYLXEzMij9owIUr83mYE8+SY/j88kfcQjDNcojSvjBuclmhcoxKp9/NQPpLMfB6+xSzDFkTNxvc7sQvnCrr9TCUR7bxqZfG48k7HthvYBd/5kEFdHatNQ3aiD/Llhu+rYz0Uc/VQaTCHQLsy4bYsYIer6am+rSosIV2AOoP+GRJ8djNZwYeIyZjtYX0OMCeWwNzRWrSerYgxSLlEgZLJzOyGDgxY5g2Ze5Jn54pcdXkMHl0Kk2Hn8JbBr7nBXU+UJ6yuHWtS2jmeiXndpgR4CyJg4oX+OlZ3dDZR3WJt5aIgmUrscS1b8lLMoOUvs0PN42J9tGqaOvjCHGM2tJfBVwQK8v8iH8y6GPlX1v5JTCQrbS0uvLcc1t+rgI2P1ZHAVQScBdqLVC+Uw6ttnEC5oBU6L2SzYw4tH/Slql3xELlnU39FPZETALi4V6T+7nY8SudbimJtZRXN9UlR2IRz1jET0zqZIfyzsaydLrn3mJjLAepJCaAPdIusZIilxMfVQswQVHU5nxU2HikkQbUOuDqpbnPUtcGChF8Ltsoh6IoArGfecD8xOS2e+A2qE+yoaRz9GO1pOmtLtNpYEC/dwAEO+1WHKr97oc4V3g+0HV5HcGqtta8AAmB40amzyFfgr3b1rzBZlJz8quA616iPeFjIFpcHu5dH4bu9oaK6P8pHqFOrv0JgiYHLEva/1Ku0l2rhKXmh6MRr8cl1IXNUr7PBvjsBUaOHNFJlmvVnhg3CTaZI7tXb2s8W7EHDcHeO0pl1bd8w/CzusNcmoLty3kAR76Fep821hYgqZxcZ870Fm7Wfgi0zKzRsesVDV7heOfq2Ya2Dsp88J3RrCAqy4nTWbBLvlsCzS3u71IW2wbE0EW1jCo2qBmrEzsKdC///LC6gtmq53tFtDU8yIYXERKrKM0n586IqNc64WfposbrNVkS5xJ7vdgw=
X-Microsoft-Antispam-Message-Info: Wve0vf/Y3u+/KEMaRe+6mYEktZmgOIok+p/S9N4EUAmF3t9FSwGpqvvt3tUpyTYHe1jJju67dyhUTw0SHZrHiBf48HIHxme9ouCtKnFysg3UfDOwFjCzGI8kaVQBVyQqTZECGiRAarLuiVlcmjYagPv3EOO1kjOCqMqSux4SsHPUjhnYSecOiHwImesLvIwvHSNWuQkZOl0FH2w0melFUIhfdmihnTJY/83sIhSKWVCicX5wSdhVOwJgo81qGZ25HKqQaepKMdbOx5ko9KXMAzoZCSdq6e+K9zW4F/GSQ7UsIwvIwOf0HnYoBr18aKv4
X-Microsoft-Exchange-Diagnostics: 1; DB6P18901MB0102; 6:ZIBwS/AqZKQE9gv5AbaKRuZPgoS8SKW6otFwzLPac0FbsbyX6NPJrL6is4KNZ73Wj2onA0N4Z9p9ZMVcbYxzDw7Vo/8jID5qLWcXEJAaiqw45+q1t7+wKWouoGYe9UFGlo2o5/L7377AP58SzPwHwoyPHNq1CRynisnZt2fHzDMFwHtjHZQFVCBzje4kXEaQx6s0+/aEbGNp5iME8yLLl6A3vnhB24cg/+257QS+msEiFNegmKb+A2Nx13OB7BlKehQEiRzo+FazkhpswOOu4hn+JexxYaLALiKx0ZRzqRstmij7J+NG07yfNO/JGUO9R1PY3U465QaZ6T4wPr2MyLWdvu+FkEDIWMw+OpSsf0FkzyVBrSdHEBzeOosfz691rWJ3HQEq4XWIqkfACHuBA5QYVcFo78h5jmi+63xFq75WO38blOAnEEqrWqRNlNoIM7ggSuij8hdSJi1+SEJZ5A==; 5:Ku4Et/NCw+bpasCP7DAaV4QoKKnioIeVBClNUa5DHutsqqq0OljX1BemO5Mj9NMv1c3VQQSJeB2fHipky1pxlTbpbdFAnTP2jPcXxnTJYRNkoDA+8zIN9Q8yavlhICq1N/4HQhSYhQN1SDcnJ3sa6Vm+lcD6xX0+ajB0gBZkv60=; 7:jEyb/+k07Z0Prbgo+8gjAsR1st2aC9+6TWqx33fUv9JzK2nPI+o09Wc9pa2K6OGOgSu9b//4b5XqrFra2TvLP5bqGhXWe44UD7oR/zLbrYu/sKUKkOanQMQNvgZ6Uc2ZAThDqfj879WFrRBVJ4SP/Q==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Dec 2018 14:38:35.5701 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 27c6e4ec-5a75-4bdf-3d53-08d664f67df2
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P18901MB0102
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/ek7NdtEHs2TfTRfIBkCde_rvwIg>
Subject: Re: [Ace] Security of the Communication Between C and RS
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 14:38:43 -0000
On 18/12/2018 14:51, Hannes Tschofenig wrote: > Hi Steffi, Hi Ludwig, > > ~snip~ > >>> The access information optionally can contain an expires_in >>> field. It would help to prevent security breaches under the >>> following conditions: >> 1. the keying material is valid as long as the ticket, 2. the >> expires_in field is present in the access information that AS sends >> to C, 3. the client checks the expires_in field when it gets the >> access information from the AS, and 4. the client checks if the >> keying material is still valid each time before it sends a request >> to RS. >> >> These checks make sense to me. >> > Are you proposing we make the expires_in field mandatory? If so, why > isn't it mandatory already in OAuth (currently only RECOMMENDED)? > > [Hannes] I would do the check when the field is actually there. > However, it is a good question why it is not mandatory in OAuth. Let > me drop a mail to the list. > > > Now that I got a response from the OAuth working group (in the sense > that I was thinking about the claims in the access token rather than > the parameters in the response from the AS) I think checking the > expires_in field has to be optional since * the expires_in parameter > is optional, and * it only has an advisory nature. > > It is useful to send the parameter so that the client can determine > when to request a new access token (for example, via the refresh > token) but it is not absolutely necessary for the protocol > operation. > > Ciao Hannes Hannes, Steffi's point was (and remains) that if we don't give the client a way to determine whether the token is not expired (except for client introspection), it might use an expired token and old keys to communicate with the RS. The argument if I understood Steffi correctly is that the client's request may contain sensitive data (think a POST/PUT with some significant payload) and that sending it to an RS with outdated keys might be a risk. My take would be that in cases where this is relevant, one would specify a profile where the expires_in parameter is mandatory. Furthermore we should add text to the security considerations describing the issue. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
- [Ace] Fwd: New Version Notification for draft-iet… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Overwriting Tokens Ludwig Seitz
- Re: [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Overwriting Tokens Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- [Ace] Token (In)Security Stefanie Gerdes
- [Ace] Security of the Communication Between C and… Stefanie Gerdes
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Jim Schaad
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Sebastian Echeverria
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Benjamin Kaduk