Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Olaf Bergmann <bergmann@tzi.org> Sat, 10 July 2021 12:49 UTC

Return-Path: <bergmann@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD153A192B; Sat, 10 Jul 2021 05:49:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvAmCahVcY1w; Sat, 10 Jul 2021 05:49:37 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [IPv6:2001:638:708:32::19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 940F13A1929; Sat, 10 Jul 2021 05:49:37 -0700 (PDT)
Received: from wangari.tzi.org (p5b36fe86.dip0.t-ipconnect.de [91.54.254.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4GMVGj18jhz2xFs; Sat, 10 Jul 2021 14:49:33 +0200 (CEST)
From: Olaf Bergmann <bergmann@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
Cc: Ludwig Seitz <ludwig_seitz@gmx.de>, <ace-chairs@ietf.org>, Ludwig Seitz <ludwig.seitz@combitech.com>, Cigdem Sengul <cigdem.sengul@gmail.com>, Daniel Migault <mglt.ietf@gmail.com>, ace@ietf.org, "Apple Inc." <goran.selander@ericsson.com>, Francesca Palombini <francesca.palombini@ericsson.com>
References: <161659738410.3239.3955409176349739508@ietfa.amsl.com> <5634f824f7b14878b5d7d1fdd3b2ed33@combitech.se> <EE1CBB56-8951-473C-A006-875D49BEE350@ericsson.com> <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org> <AM0PR0302MB3363C4C6DBD796E67986BD079E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <43222AD5-BA56-423F-98C7-65128A6C35B6@tzi.org> <CADZyTknQEYbv=3vo_MfjGeWmJOcU-QfkFua-ZGnFHfXhni=omQ@mail.gmail.com> <3AF922BD-D6D7-4D20-AA39-5E0D5BEC8A29@tzi.org> <a040239b-fc8c-b2a3-c055-481246f4397c@tzi.de> <AM0PR0302MB3363B7DBB026447BE536D61D9E1C9@AM0PR0302MB3363.eurprd03.prod.outlook.com> <A15462D1-DD0F-4B3C-8C59-7652C6A5F471@ericsson.com> <78BAB6EA-0DDE-4C6C-A923-815E73F1B197@tzi.org> <F329D30F-EF2A-4BE3-B29A-8425CE44A6D2@tzi.org> <15769C3B-A3B5-46E6-AD3A-9FBA63783EAD@ericsson.com> <AM0PR0302MB33635AEFE7CE8642EDEE3B039E1B9@AM0PR0302MB3363.eurprd03.prod.outlook.com> <5C41B62D-C4BD-469A-B370-99DFA0BC1873@tzi.org> <pie1vmtegr4pcaoch9pi0pih.1625911605608@email.android.com> <41DB83EF-28D7-4601-8685-30E2DE33EA75@tzi.org>
Date: Sat, 10 Jul 2021 14:49:32 +0200
In-Reply-To: <41DB83EF-28D7-4601-8685-30E2DE33EA75@tzi.org> (Carsten Bormann's message of "Sat, 10 Jul 2021 13:13:08 +0200")
Message-ID: <87czrqjpur.fsf@wangari>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/pQ8A_k9xzby1dVwH5IuzaUdJlD4>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jul 2021 12:49:43 -0000

Hi Carsten, Ludwig,

I think removing the discussed is not an option as the whole discussion
was about "something needs to be said" but not being clear about what
this is.

On 2021-07-10, Carsten Bormann <cabo@tzi.org> wrote:

> Maybe we can combine these two into one sentence that covers a common requirement?

The result would be text that makes a profile document its security
requirements and a new profile that combines existing profiles to
document how the combination meets these requirements.

>From Francesca's previous proposal and your previous proposals this
could be:

NEW^n+1:

   There may be use cases where different transport and security
   protocols are allowed for the different interactions, and, if that is
   not explicitly covered by an existing profile, it corresponds to
   combining profiles into a new one.  For example, a new profile could
   specify that a previously-defined MQTT-TLS profile is used between
   the client and the RS in combination with a previously-defined
   CoAP-DTLS profile for interactions between the client and the AS. The
   new profile that combines existing profiles MUST specify how the
   existing profiles' security properties are achieved. Any profile
   therefore MUST clearly specify its security requirements and MUST
   document if its security depends on the combination of various
   protocol interactions.

Grüße
Olaf