Re: [Ace] draft-ietf-ace-dtls-authorize
Olaf Bergmann <bergmann@tzi.org> Thu, 28 January 2021 17:10 UTC
Return-Path: <bergmann@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C73A3A169D for <ace@ietfa.amsl.com>; Thu, 28 Jan 2021 09:10:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88CYEHMLjJa1 for <ace@ietfa.amsl.com>; Thu, 28 Jan 2021 09:10:52 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 750AB3A168C for <ace@ietf.org>; Thu, 28 Jan 2021 09:10:52 -0800 (PST)
Received: from wangari.tzi.org (p54bde61c.dip0.t-ipconnect.de [84.189.230.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4DRRnP3Xtdz10BP; Thu, 28 Jan 2021 18:10:49 +0100 (CET)
From: Olaf Bergmann <bergmann@tzi.org>
To: "ace@ietf.org" <ace@ietf.org>
Cc: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>
References: <DM6PR15MB237928B2B84B18E9AE050EC3E3BA9@DM6PR15MB2379.namprd15.prod.outlook.com>
Date: Thu, 28 Jan 2021 18:10:49 +0100
In-Reply-To: <DM6PR15MB237928B2B84B18E9AE050EC3E3BA9@DM6PR15MB2379.namprd15.prod.outlook.com> (Daniel Migault's message of "Thu, 28 Jan 2021 17:03:30 +0000")
Message-ID: <8735ylc7hi.fsf@wangari>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/m4VODJoqlUWLYq85fSOw4RujddM>
Subject: Re: [Ace] draft-ietf-ace-dtls-authorize
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2021 17:10:57 -0000
Hi Daniel, On 2021-01-28, Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org> wrote: > Apparently, the change on the DTLS profile has not been noticed by > everyone in the WG, so I am bringing the discussion here. > > The change has been made as a response to a comment from the security > directorate. Please provide your feed backs by Feb 4 (but preferably > before)- and potentially propose the text you would like to see if you > disagree with the change. I agree with the change (although I do not care very much but the new text makes more sense than the old) because the change suggested in the secdir review is not about mandating one protocol or the other. It is about which protocol you need to implement if you want to use that protocol between C and AS. In short: * the OSCORE profile mandates that "if you want to use CoAP over OSCORE between the C and the AS, you need to follow the steps in the OSCORE specification and look somewhere else if you want to use another protocol", and * the DTLS profile mandates that "if you want to use CoAP over DTLS between the C and the AS, you need to follow the steps in the DTLS specification and look somewhere else if you want to use another protocol" Grüße Olaf
- [Ace] draft-ietf-ace-dtls-authorize Daniel Migault
- Re: [Ace] draft-ietf-ace-dtls-authorize Olaf Bergmann
- Re: [Ace] draft-ietf-ace-dtls-authorize Francesca Palombini
- Re: [Ace] draft-ietf-ace-dtls-authorize Benjamin Kaduk
- Re: [Ace] draft-ietf-ace-dtls-authorize Olaf Bergmann
- Re: [Ace] draft-ietf-ace-dtls-authorize Daniel Migault