Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09

Carsten Bormann <cabo@tzi.org> Tue, 30 June 2020 14:21 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8585E3A0965; Tue, 30 Jun 2020 07:21:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DnxUYIJ9bocG; Tue, 30 Jun 2020 07:21:36 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C09B3A0962; Tue, 30 Jun 2020 07:21:36 -0700 (PDT)
Received: from [172.16.42.112] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 49x63y4PXzzyXP; Tue, 30 Jun 2020 16:21:34 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <87mu4konya.fsf@wangari>
Date: Tue, 30 Jun 2020 16:21:34 +0200
Cc: Benjamin Kaduk <kaduk@mit.edu>, draft-ietf-ace-dtls-authorize.all@ietf.org, ace@ietf.org
X-Mao-Original-Outgoing-Id: 615219694.0701981-1c3b89af0560d8dcd7db6e9a4960b3f0
Content-Transfer-Encoding: quoted-printable
Message-Id: <DB603021-7A82-4A30-BE07-C2D913E1C32F@tzi.org>
References: <20200102234020.GI35479@kduck.mit.edu> <87pnca9gyx.fsf@wangari> <20200429011210.GC27494@kduck.mit.edu> <87mu6bn6zy.fsf@wangari> <20200527234227.GD58497@kduck.mit.edu> <87r1uczgyq.fsf@wangari> <20200629224537.GX58278@kduck.mit.edu> <87mu4konya.fsf@wangari>
To: Olaf Bergmann <bergmann@tzi.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/rDAPeHzwpAumdNqETfHDZFws6A0>
Subject: Re: [Ace] AD review of draft-ietf-ace-dtls-authorize-09
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 14:21:39 -0000

On 2020-06-30, at 12:19, Olaf Bergmann <bergmann@tzi.org> wrote:
> 
> NEW:
> 
>   All CBOR data types are encoded in canonical CBOR as defined in
>   Section 3.9 of {{RFC7049}}. This implies in particular that the
>   `type` and `L` components use the minimum length encoding

Note that 7049bis, which has been submitted to IESG already, all but deprecates this and replaces this with “deterministic encoding”.  There is only one actual technical change, which is about map ordering.  Also, please check whether “preferred encoding” would actually be enough.

I would generally prefer to avoid the need for deterministic/canonical encoding — is there really a need to re-encode the token?

Grüße, Carsten