Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Carsten Bormann <cabo@tzi.org> Tue, 29 June 2021 21:47 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCE543A0CED; Tue, 29 Jun 2021 14:47:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTkZl55bHOfa; Tue, 29 Jun 2021 14:47:05 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [IPv6:2001:638:708:32::19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8BDD3A0CEB; Tue, 29 Jun 2021 14:47:04 -0700 (PDT)
Received: from smtpclient.apple (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4GDyjx0mbHz2xGt; Tue, 29 Jun 2021 23:47:01 +0200 (CEST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_8F04EE5D-3AA6-4AB5-840A-A62AF7142277"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CADZyTknQEYbv=3vo_MfjGeWmJOcU-QfkFua-ZGnFHfXhni=omQ@mail.gmail.com>
Date: Tue, 29 Jun 2021 23:47:00 +0200
Cc: "ace-chairs@ietf.org" <ace-chairs@ietf.org>, Ludwig Seitz <ludwig.seitz@combitech.com>, "art-ads@ietf.org" <art-ads@ietf.org>, "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>, The IESG <iesg@ietf.org>, Seitz Ludwig <ludwig.seitz@combitech.se>, "ace@ietf.org" <ace@ietf.org>, Francesca Palombini <francesca.palombini@ericsson.com>
Message-Id: <3AF922BD-D6D7-4D20-AA39-5E0D5BEC8A29@tzi.org>
References: <161659738410.3239.3955409176349739508@ietfa.amsl.com> <5634f824f7b14878b5d7d1fdd3b2ed33@combitech.se> <EE1CBB56-8951-473C-A006-875D49BEE350@ericsson.com> <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org> <AM0PR0302MB3363C4C6DBD796E67986BD079E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <43222AD5-BA56-423F-98C7-65128A6C35B6@tzi.org> <CADZyTknQEYbv=3vo_MfjGeWmJOcU-QfkFua-ZGnFHfXhni=omQ@mail.gmail.com>
To: Daniel Migault <mglt.ietf@gmail.com>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/wDkvpXOog2FKjOpfU3fD2uVMpKw>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2021 21:47:09 -0000

On 29. Jun 2021, at 20:11, Daniel Migault <mglt.ietf@gmail.com> wrote:
> 
> Hi, 
> 
> So here is the current text:
> """
>  CBOR is a binary encoding designed for small code and message size. Self-contained tokens and protocol message payloads are encoded in CBOR when CoAP is used.
> """
> 
> I think Carsten is suggesting the text does not limit the use of CBOR to the use of CoAP but eventually when other protocols are used..The difference is that when CoAp is used there is a stronger insentive to use CBOR than when CoAP is not used. If that is correct, we could clarify that by adding. ""When used outside CoAP, the use of CBOR remains RECOMMENDED.""".
> 
> Please provide some text that would address your concern.

That works very well for me.

(My main concern is that the current text sounds like CBOR is only used in CoAP, while in reality CBOR remains the encoding of choice unless there is a good reason to use something else; this concern is addressed in a very precise way by your suggested wording.)

Grüße, Carsten