Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Carsten Bormann <cabo@tzi.org> Wed, 09 June 2021 07:15 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 143713A13E1; Wed, 9 Jun 2021 00:15:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_FAIL=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ui2gZIsq4bW; Wed, 9 Jun 2021 00:15:19 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [IPv6:2001:638:708:32::19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BC543A13E6; Wed, 9 Jun 2021 00:15:19 -0700 (PDT)
Received: from [192.168.217.118] (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4G0JKH1q6Bz2xJ3; Wed, 9 Jun 2021 09:15:15 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com>
Date: Wed, 9 Jun 2021 09:15:14 +0200
Cc: Francesca Palombini <francesca.palombini@ericsson.com>, Seitz Ludwig <ludwig.seitz@combitech.se>, The IESG <iesg@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>, "ace@ietf.org" <ace@ietf.org>
X-Mao-Original-Outgoing-Id: 644915714.153072-cef46676cf1612aba95e5f824d587f24
Content-Transfer-Encoding: quoted-printable
Message-Id: <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org>
References: <161659738410.3239.3955409176349739508@ietfa.amsl.com> <5634f824f7b14878b5d7d1fdd3b2ed33@combitech.se> <EE1CBB56-8951-473C-A006-875D49BEE350@ericsson.com> <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com>
To: Ludwig Seitz <ludwig.seitz@combitech.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/qUUyxLxioZrfY4CXL2fC042lyXw>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2021 07:15:24 -0000

> In 2021-06-09, at 08:42, Ludwig Seitz <ludwig.seitz@combitech.com> wrote:
> 
> " ... size.  Self-contained tokens and protocol message payloads are encoded in CBOR when CoAP is used.”

This is not what the old NEW text says.

(The new NEW text attaches the “when” to both arms.)

The whole idea of attaching the representation choice to the protocol choice is broken, but if we pursue it, we at least need to make the logic clear.

(1) If you use CoAP, you use CBOR for protocol message payloads.
(2) Self-contained tokens use CBOR.
(3) No other hard limitations are implied, but of course CBOR is the format of choice to maximize interoperability, so deviations from that need to be justified.

Grüße, Carsten