[Ace] draft-ietf-ace-key-groupcomm-13

Göran Selander <goran.selander@ericsson.com> Tue, 24 August 2021 16:52 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77FA43A1CFE for <ace@ietfa.amsl.com>; Tue, 24 Aug 2021 09:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHQwvkl8sBAk for <ace@ietfa.amsl.com>; Tue, 24 Aug 2021 09:52:26 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150040.outbound.protection.outlook.com [40.107.15.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5550A3A1CF8 for <ace@ietf.org>; Tue, 24 Aug 2021 09:52:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WY4//KWYQKe0QYbuNgI725SQ0E0kL9CLootAVRsYfQQ11VeiSSiyC0TRMQD8GhVlfEcu8wQejIRlgvuirnkJLf+D8a3vkvXdnWsoJWwiGIqmbcYOMbL2luVJYn99q8m8YWqavg1jb0Hfi4ohYFi53D+GwnuSsPpHuKJamznRZJIi9BU/68jyk7eIQdWsdWi87nPD4fZOBjCzMbYxoEPG4ri4aKL5UU3zWNP9SnwWxmMeXprFuh/I2OB11x+eEKlOb9/bWOYFx8VRF3A9Ed5D4UiW29LdDAkBpRZWFRu6UUobO6911dbMFP4qeFFT28G8OkM7ZGmG7Ob8BY4alxZA1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1GPJIHX7bwXuJv9ghOcTqb1g+cdMkgIcZZcEzc+aFMo=; b=RmfgorlF7Fc6uN0Cu2ibPl2xvpl2R81dyuqQuy7VSA76TiWrFwfNHECGt6XwyWPFcdaEv6ETH9S0z84bHXlA2Q75iVAvqO82R1969GuTAGQfL4BwZ273e+VPVpX41gtcHjAVyH2enE62YD3fKqfJL4yxDo562UBhEeZYrTJE2mz3Mg8iIDNO3rXBSdu5UjLxS7ngw9RQoQgQZZZ0pdEetjh6ShXCQ6TuTdE2l2t7/N1kPbsDczwL6ChMT4lSVbu/to9QwAzU07q2A+1xs2s124G4cr1R3WGnGQwdaIrrwwFm0GaiRL1ykhHBTg0+4o6qziJa+DHpbtJP1Pr/gfI/2g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1GPJIHX7bwXuJv9ghOcTqb1g+cdMkgIcZZcEzc+aFMo=; b=MGMtHMjbcXv2gTnmX1fkLF2U5u4AnqitwfkTI6HDVM9jgvDvAaoOtXnNicX9dL+VxOjMgRZ5iGkvFyIu3h1vvtJAV/LvK70yiD3/DGptRNLM8tGbyao/k2dBVbSOA6Yi3/HHBo1PN3YkAkyTN8t5+cNvhFOkRa24gK1XgmdGtXc=
Received: from HE1PR07MB3500.eurprd07.prod.outlook.com (2603:10a6:7:31::20) by HE1PR0702MB3546.eurprd07.prod.outlook.com (2603:10a6:7:8d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.17; Tue, 24 Aug 2021 16:52:23 +0000
Received: from HE1PR07MB3500.eurprd07.prod.outlook.com ([fe80::a141:8e66:ce19:813d]) by HE1PR07MB3500.eurprd07.prod.outlook.com ([fe80::a141:8e66:ce19:813d%7]) with mapi id 15.20.4457.012; Tue, 24 Aug 2021 16:52:22 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: draft-ietf-ace-key-groupcomm-13
Thread-Index: AQHXlTNlf0RDV9YpEE+v7sk1YG68dg==
Date: Tue, 24 Aug 2021 16:52:22 +0000
Message-ID: <E59F2C52-F777-4704-90D2-1D04C700A60E@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 468fec3e-0daf-4b02-9d51-08d9671f8b4b
x-ms-traffictypediagnostic: HE1PR0702MB3546:
x-microsoft-antispam-prvs: <HE1PR0702MB3546F737FE21F2BAD8251F3FF4C59@HE1PR0702MB3546.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ABx8yXC8X3lAqDgv08H2NOkDCat0oN1O08C3S/BXSlp22xGZLkEgg/sArxyR+jHSinKy0oP3MlBJ533Hf3faFfbTXRZlOVqB2rQK6TIZAg5nuds75oDzQrIqeVZls33wlolvNq+VU/iNnqvkXU9TH5QGTpFz/1euPjEABEfC/6i81otnLtlBNyqM9d6lz7goIdh4/wTSZVn7CG2cdX+Lj2WOU3IxcWnkGsoKrOnGWlZfOlWcnhrHJ+loxCxid2k4D0L/KYKmItaKF1/BH1Tzjio8AmZRzHuMg5C0G6uDU1BusGeVrsvAxF6kslKHVscnfKxk23qIQ+3ZSfQJW0d8jA1XcTbTyFvaFakFW9KNuSw6cB3yvpF9gbcxcWif1q3lntPlDrqAN7fBtmTOxsyQ0FaJcT/boF24jRO+UMxKD8qQsXquKp2kWX8YMt4jXzAiOspcypdSnMgCzMhwuiM1WaQYsOuwzsQ4VaP+Bd7Oi3ZrEQR88fMdDT+hbk78Tj+m8qOF8FeepfSgR+XTq7iuMiE5P1b84BlheQ7egs5uyBfr5zFR6oSDOdOPwmOMOzIlCy+CSbJ5L0aQ6DIRCOy8ndlc/pu0XuFHLUkAfx07SCvYPWNHq8InhPZDniaMDbtJy4fTr1LazT4uIt3lIi/LPawcmEm8jGStN00/hqmgnap+G5K+PTC8ecAR0R5KbGM/cy+vB8H+TIV4KsnnfmYOUmf/ujyPf/ULQz17YPHaHwsT4tmsq+epagqe6R6gyuYCrOaSQjsyUIhh5JmI8b4mJaS7WAPPBPhkWojPOtZ81pFrpQDSpwRL2/w8XSoupExLuc0JrgKZsC96UsmdIfHinrlodavE17un93jmusTKZaw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3500.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(508600001)(66574015)(30864003)(5660300002)(2616005)(26005)(71200400001)(966005)(122000001)(316002)(64756008)(36756003)(2906002)(86362001)(76116006)(8936002)(38100700002)(8676002)(33656002)(6486002)(66946007)(38070700005)(186003)(6506007)(6512007)(66446008)(66476007)(66556008)(83380400001)(53546011)(85182001)(6916009)(85202003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?MHV3OHNCYnJYcmo0Y0F2a2NDSStIQVZmckVQN3NyaGwvT0N4dWE1UnQ0Vkti?= =?utf-8?B?MjVETVdVNG1OSHRGN3BTSTBOYjRUNlQyUlBOY0tWNTRXYVhmOGpuOE5hRXFZ?= =?utf-8?B?MUZ2T1NZMGkzVFdxemJLbXZsSnV3bURWZ25tZkJMb3Vjc0hPbDlsUEZmZ25y?= =?utf-8?B?bG9pMmdRSW12b1Qrd2RyS2ROTysxekkyNjZmdVFoczVleWgyRXY2eVlNVW1m?= =?utf-8?B?Yll0U3Z1UmFBSmYwTU5OZzJqTXZ5V2RlYjVpQnFab3EvWmRrOWhlWkZHdjhQ?= =?utf-8?B?Mjh1Qi9ESlZWeTFrSTV3Q2gzVGZLZ2NNWkkwZ0laeFdSWmM3U2Y1Uk94MXQv?= =?utf-8?B?UGVTWFNqd0F0QnEyOVNjNElpNHJDbjFYS1JaQUkzLzRPZ3BGNEVzb3hrbkNx?= =?utf-8?B?ZjA5d0t6VnQ2UHVPZFhaMTZncnBaZUtQWk9tUnRFbTBnaFRreVlyejBVUFB4?= =?utf-8?B?UFBEMUhSUW15ZUdibGU2Wkp1U0Erc0o2YVZDQXhaT0FEL1BvZGtJeVl1dHpF?= =?utf-8?B?UVpUTm5KL3RoOC9iSjV4N09FMmNmVk9ucnlaWVdwSUdUOThKeGZCSVFJZmpD?= =?utf-8?B?d283RWFJcm9lMzlsalNBT00xaUIyemJBYm5yNytyWEJ3VVV5M21nTjRGSHFi?= =?utf-8?B?d3RleW1adnRaczY0eWliVnRPaEhidmErYkVPWUZPUlF4MytndG0wSHp1eU14?= =?utf-8?B?YUxIc2JNekdabXpXeU04N1o4dnhwUGMzcTJXQW1IOHhRWlkrUFJHK2U3ZEdJ?= =?utf-8?B?Q2NZZzBldWVndzhQYUJGNzNOVk1uTm1NWDZHWHBrcS9aV09qNElyNEdGdS9o?= =?utf-8?B?OWk4cDNQYlpvREZJbzJ3eDFIWTcyZzc4TWwxY1VnNVQ5V3k4VlF1QVhxblNn?= =?utf-8?B?N1p3Vy9KaUNKd1ZtTDg5VjY4SlI5ZVVMQWNtbHhVUDNpa1ZBZ1d2eW1rbk9a?= =?utf-8?B?dms3a2p5d3hoUDhIQS9LL3VWMFRIT0JVeGUvdWVxenNNQkNkWE5YNE9ON09O?= =?utf-8?B?OU84SWdidDNoY2Jpb2VhckJIVmFXSGMyajRGcTZ1WDZzSWtPUytpQWRQeWor?= =?utf-8?B?Yk5uVWRuU3pubmozcFF3OFhHcEZISjdPNjVDNlNvMFBZVXhjTHFoWWFBanBB?= =?utf-8?B?Nm1ONXZjc0taWW5kQVpZT2hTcS9tdVZmeG42MHRoWTNCN0pOMCt6Ukd3TGVj?= =?utf-8?B?OUNzTzZkbTc0VUk1TyttUVVmVkNkSWRXeXJOSzVBV0ZoNFNIcG9QeWJQbnps?= =?utf-8?B?VHlLelE2dFRiTncrMDV4aDdSVHRmS2ZiN3MzeFd0YUZ0emNxQTF0cWJjRzNU?= =?utf-8?B?QXV3QktPM0lVYzJIMWorMXRITUhjSUpCYXdiRFFpbVNieXVjTVpMYzIrV243?= =?utf-8?B?NVpmTFkzVDdFbk1TSysxQkNZSGNOQ1hFdHlTRHN3c3JKWU0vNjh0NDFtdFdF?= =?utf-8?B?VlAwMUJ1TW1GenB5SlBnVXNrQ1dwSFZoTjhjcklVQmJWeUs1NkJyTEs5Uzdz?= =?utf-8?B?M0lQUEg0bWJaZkt2WWlNSE9kdElMOWtKUXlNOUZXVXlsVkhFenVCN2N2U01x?= =?utf-8?B?ajM2U3ZoVXV6aHJEeUFSWlVvd2l0aWpyWmV0eHlLbWR5L2VHOWxJMUg1N1VV?= =?utf-8?B?U0duaW1JT0J0b0JxeFNDWUhpSTAxb3U5VnByLzhKSFhGei9nWmU1RERRMUxj?= =?utf-8?B?SHkxVkN0Yy85NFZJK1QxbjQxLzBwd0tuVHY3OXBsRS9UVmROWlVuSExuWStl?= =?utf-8?B?VEYrRWNmNER0cTYzMjVwMEQ4OUFSWU9nVHd4bDhLMndDSi9VbXUycDY2QWVY?= =?utf-8?B?dmpIWUR0ZjVzVnBHTDJnQT09?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3DAB74E9134DBF4383CC4332A7620650@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3500.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 468fec3e-0daf-4b02-9d51-08d9671f8b4b
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Aug 2021 16:52:22.6162 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: StXpm4uuFDr1HEVnFo8mZtxrlrBIPXynpOFvefgv+Tt38VUkiRJG/SeGbwJXFJ6QQc0qq4sfDJqsKGsYDHdlSLZRxSo+poxS+SCm8rwxNdE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3546
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/pr2gBhvqy9j8AfUdQVTZLwamXac>
Subject: [Ace] draft-ietf-ace-key-groupcomm-13
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Aug 2021 16:52:33 -0000

Hi,

Here is a review of ace-key-groupcomm-13.


General
===

This draft provides a link between the ACE-OAuth authorization framework (including its transport profiles) and specifications of communication security in groups of constrained devices, e.g. the coap-groupcomm work currently developed in CORE. The document is intended to support different group communication schemes, but the details of those are defined in separate “application profiles” such as draft-ietf-ace-key-groupcomm-oscore (for Group OSCORE) and draft-ietf-ace-pubsub-profile (for pub/sub). This draft instead defines a common interface to a KDC acting as RS in the ACE-OAuth architecture, how to use this interface to perform various key management operations, and requirements for such application profiles.

As such, this draft is thus an “intermediary” specification, and its usefulness will be determined by the application profiles which I've glanced at but are not part of this review. 

While this approach seems reasonable from a structure point of view, I have a question about abstracting the underlying communication in comment 1 below. 

The content of the draft is quite elaborate and with detailed examples which is good but also leads to my comment number 2.

Now for the main comments:

1. How does this scale to large groups? 

Depending on application it may not be necessary to update keys during join of new members, and depending on the dynamics of the members rekeying may not be a major issue. But if it is a large group and all group members need to be updated at joining or leaving then this may require a lot of communication for which the underlying group communication may be helpful. 

For example, in case of a new member joining then a new group key or the new node's public key may be distributed using broadcast/multicast and protected with some existing group key. 

In case of rekeying a group key after a node has been evicted, a similar method could be used if it was possible to apply some key hierarchy scheme like e.g. LKH, i.e. distributing new keys corresponding to a path from the evicted node to the root in a key hierarchy.

Two sub-questions: 

a. Is it possible to extend the interface to make use of the underlying group communication?

b. Is it possible to apply this interface with a key hierarchy scheme? 

These features are not necessarily in scope of this draft, but it would be good to understand if a specification of these features would be able to use the interface defined here, or if some generalization is required in which case that change may be considered already now.


2. How would a "minimal" profile look like?

The target setting for ACE in general and this draft in particular is constrained devices and networks. Some parts of the draft give example of thinking about lightweight aspects, but other parts are not at all minimalistic and includes a large number of features, however in many cases optional. 

It would be interesting to have a “minimal” example, where care has been taken in trying to define a group setting such that the resulting messages are as few and as small as possible (for a certain security level). The same comment applies to code size and state machine: There are a number of options and “nice to have” features, which if all implemented could have a measurable impact on the footprint.  

The use of the word "minimal" is not intended in an absolute sense but to target as little as possible and still provide authorized group key functionality. Perhaps such an exercise makes more sense in an application profile, such as draft-ace-key-groupcomm-oscore. But this draft may be provide a partial answer by indicating what handlers to include (sec. 4), what groupcomm parameters (sec. 7), what error ids (sec 8), etc.

(This comment actually applies also to the transport profiles, which this draft does not need to take responsibility for.)


 
More detailed comments
===


I found the terminology “POST /token” vs. “Token Post”/“token POST”/“POST Token” for the different message exchanges, respectively, quite confusing. For a long time I thought the latter referred to the former. It is true that the access token is carried with the method POST in the second exchange, but I think that is irrelevant and would suggest to instead use some other consistent terminology. For example, use  “POST /token” and “POST /authz-info” to refer to the exchanges, respectively. Alternatively, call the latter “Token provisioning” or something similar without reference to the actual method by which the token is provisioned.

This applies in particular to:

Figure 2 
“Token Post”

Figure 3 
“POST Token”

“3.3. Token Post”

3.3.1.
“an OPTIONAL parameter of the Token Post
   response message “

3.3.2
“Token Post response”

etc.


4.1

Section 4.1 specifies the handlers, 20 pages. This is followed by how the handlers are used 4.2 - 4.10, roughly one page per subsection. When reading I ended up having two copies of the draft side by side looking at the handler and its corresponding use. I'm not sure this is a problem, but reading the handlers is more motivating after having read about how they are used. There is a summary in the bullet list in 4.0 but this is merely a forward reference and didn't make me do the mapping from handler to action in my head. Maybe just move content such that 4.2-4.10 comes before 4.1 (and then you can remove the bullet list in 4.0).


"It is REQUIRED of the application profiles of this specification to
   define what operations (e.g., CoAP methods) are allowed on each
   resource"

It speaks of operations on each resource, but it does not say which resources are mandatory to implement. Where is that written?



9.

The security consideration speaks about different key update strategies. I was looking for considerations when to not rekey in case of new member joining a group. I would imagine in e.g. a building automation setting where a new actuator device is added into a group it may not always be necessary to renew the group key of existing actuators. This is in particular assuming by the nature of security for actuations there are already means in place to determine freshness etc. preventing misuse of an old group key.




Nits
===


3.1

s/Toid/“Toid”
s/Tperm/“Tperm”


3.2

If this parameter is not present, the granted scope is equal to the one requested in Section 3.1}.

- remove the “}”



3.3.  Token Post

- - -

   “The CBOR map MAY additionally include the following
   parameter, which, if included, MUST have the corresponding values:

   *  'sign_info' defined in Section 3.3.1, encoding the CBOR simple
      value Null to require information about the signature algorithm,
      signature algorithm parameters, signature key parameters and on
      the exact encoding of public keys used in the group.”


This seems to unnecessary duplicate information coming just after:


“3.3.1.  'sign_info' Parameter

   The 'sign_info' parameter is an OPTIONAL parameter of the Token Post
   response message defined in Section 5.10.1. of
   [I-D.ietf-ace-oauth-authz].  This parameter contains information and
   parameters about the signature algorithm and the public keys to be
   used between the Client and the RS.  Its exact content is application
   specific.

- - - 

   When used in the request, the 'sign_info' encodes the CBOR simple
   value Null, to require information and parameters on the signature
   algorithm and on the public keys used.

   The CDDL notation [RFC8610] of the 'sign_info' parameter formatted as
   in the request is given below.

      sign_info_req = nil”


3.3.1

I got the impression from the text above that ‘sign_info’ is the name of the parameter, but it turns out that the actual parameter is either called “sign_info_req” or “sign_info_res”. So, when it is stated that ‘sign_info’ encoding the CBOR simple value Null, which seems like a straightforward assignment, there is actually no ‘sign_info’ parameter. This is a minor, still slightly confusing.


3.3.1

"This format is consistent with every signature algorithm currently
   considered in [I-D.ietf-cose-rfc8152bis-algs], "


s/considered/defined



3.3.2

"(see the 'client_cred_verify' parameter in
   Section 4)"

Refer instead to 4.1.2.1




4.1.3.1

“in case both the 'role_filter' array and the 'id_filter'
   array are not empty”


s/not empty/non-empty


4.1.3.1

 "Finally, as mentioned in Section 4.1.2.1, both arrays 'role_filter'
   and 'id_filter' MUST NOT be both empty."

replace with

   "Finally, as mentioned in Section 4.1.2.1, the arrays 'role_filter'
   and 'id_filter' MUST NOT both be empty."





4.4
A  missing comma at the end of the following line:  

"get_pub_keys": [true, ["sender"], []], "client_cred": PUB_KEY



Göran




On 2021-07-12, 18:16, "Ace on behalf of internet-drafts@ietf.org" <ace-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:


    A New Internet-Draft is available from the on-line Internet-Drafts directories.
    This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF.

            Title           : Key Provisioning for Group Communication using ACE
            Authors         : Francesca Palombini
                              Marco Tiloca
    	Filename        : draft-ietf-ace-key-groupcomm-13.txt
    	Pages           : 78
    	Date            : 2021-07-12

    Abstract:
       This document defines message formats and procedures for requesting
       and distributing group keying material using the ACE framework, to
       protect communications between group members.

    Discussion Venues

       This note is to be removed before publishing as an RFC.

       Source for this draft and an issue tracker can be found at
       https://protect2.fireeye.com/v1/url?k=08daa3fb-57419b19-08dae360-86073b36ea28-572fafc3ef6c5ed5&q=1&e=fd87b927-3fdc-4d5a-ab71-6248ac68bf5d&u=https%3A%2F%2Fgithub.com%2Face-wg%2Face-key-groupcommey-groupcomm.


    The IETF datatracker status page for this draft is:
    https://datatracker.ietf.org/doc/draft-ietf-ace-key-groupcomm/

    There is also an htmlized version available at:
    https://datatracker.ietf.org/doc/html/draft-ietf-ace-key-groupcomm-13

    A diff from the previous version is available at:
    https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-key-groupcomm-13


    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/


    _______________________________________________
    Ace mailing list
    Ace@ietf.org
    https://www.ietf.org/mailman/listinfo/ace