Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

Benjamin Kaduk <> Tue, 24 September 2019 23:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9BB81201AA; Tue, 24 Sep 2019 16:33:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OKJEns7-s3Pq; Tue, 24 Sep 2019 16:33:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 30CEC120845; Tue, 24 Sep 2019 16:33:24 -0700 (PDT)
Received: from ([]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.14.7/8.12.4) with ESMTP id x8ONXI8x006548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 24 Sep 2019 19:33:22 -0400
Date: Tue, 24 Sep 2019 16:33:18 -0700
From: Benjamin Kaduk <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <>
Subject: Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Sep 2019 23:33:26 -0000

Hi all,

Thanks for the updates; they look good!

Before I kick off the IETF LC, I just have two things I wanted to
double-check (we may not need a new rev before the LC):

(1) In Section 3.2 (Representation of an Asymmetric Proof-of-Possession
Key), the last paragraph is a somewhat different from the main content, in
that it mentions using "COSE_Key" for an encrypted symmetric key, analogous
to the last paragraph of Section 3.2 of RFC 7800.  I had wanted to see some
additional discussion, but we agreed that this was analogous to RFC 7800
and we did not need to go "out of parity" with it on this point.  So we
should be able to go ahead without new text here, but did we want to
explicitly refer back to that portion of RFC 7800 to make the connection

(2) In we removed a large
chunk of text since it contained several things that are inaccurate.  The
only things that were removed that I wanted to check if we should think
about keeping was the note that the same key might be referred to by
different key IDs in messages directed to different recipients.  What do
people think about that?



On Wed, Sep 18, 2019 at 07:59:18PM -0700, wrote:
> A new version (-07) has been submitted for draft-ietf-ace-cwt-proof-of-possession:
> Sub state has been changed to AD Followup from Revised ID Needed
> The IETF datatracker page for this Internet-Draft is:
> Diff from previous version:
> Please note that it may take a couple of minutes from the time of submission
> until the diff is available at
> IETF Secretariat.