[Ace] Re: Deb Cooley's No Objection on draft-ietf-ace-revoked-token-notification-08: (with COMMENT)

[Deb Cooley <debcooley1@gmail.com>]

TYVM for this clarification and addition.  It has answered my question
completely.

Deb

On Wed, Sep 11, 2024 at 5:29 PM Marco Tiloca <marco.tiloca@ri.se> wrote:

> Hello Deb,
>
> Thanks a lot for your review! Please find in line below our detailed
> replies to your comments.
>
> A Github PR where we have addressed your comments is available at [PR].
>
> Unless any concern is raised, we plan to soon merge this PR (and the other
> ones related to other received reviews), and to submit the result as
> version -09 of the document.
>
> Thanks,
> /Marco
>
> [PR] https://github.com/ace-wg/ace-revoked-token-notification/pull/17
>
>
> On 2024-07-06 15:32, Deb Cooley via Datatracker wrote:
>
> Deb Cooley has entered the following ballot position for
> draft-ietf-ace-revoked-token-notification-08: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C970c5fc6a6de4b05ba7308dc9dc00998%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638558695329472322%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AV32d%2FHdDlzyyMg2xyB67jrY3Seopa2jHLtsso28F%2F4%3D&reserved=0
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-revoked-token-notification%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C970c5fc6a6de4b05ba7308dc9dc00998%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638558695329482887%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=28GU%2F3gyDtFwfsJ6jbpFXXsEJeLdFUW1KszKlicjH%2BY%3D&reserved=0
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you to Kyle Rose for doing the secdir review of this draft.  Also thanks
> to the authors for the discussions and improvements.
>
> I have one last (easy?) question:
>
> Section 13:  I expected to see some discussion on whether it is possible for an
> attacker to remove a revoked access token from the TRL allowing a registered
> device with a revoked access token to continue to participate.  Conversely, is
> it possible for an attacker to add an access token to the TRL, which would deny
> service to the registered device.  If these situations are not possible, what
> feature protects the TRL both at the AS and in transit?
>
>
> ==>MT
>
> Just to clarify and be sure: the AS indeed stores active **access tokens**
> that it has issued (e.g., in order to serve requests of token introspection
> from Resource Servers). However, the TRL specifically includes **token
> hashes** corresponding to issued access tokens, i.e., those that have been
> revoked and are not expired yet.
>
>
> If we consider an external adversary that is not in control of the AS,
> then the attacks suggested in the comment are not possible.
>
> First of all, a registered device or an administrator always relies on
> secure communications when interacting with the AS, as per Section 5 "The
> TRL Endpoint" and Section 9 "Registration at the Authorization Server".
> This is also aligned with Section 5 of RFC 9200 and with the security
> considerations of RFC 9200 that are simply inherited by this document as
> stated in its Section 13.0.
>
> Furthermore, as per the interface at the AS defined in Section 5,
> registered devices and administrators can access the TRL endpoint at the AS
> exclusively in read-only mode. That is, the TRL endpoint at the AS supports
> only the GET method (see the fourth paragraph of Section 5).
>
> It follows that accesses to the TRL are performed exclusively by sending
> protected and authenticated GET requests to the TRL endpoint, which by
> definition are safe in the REST sense and do not alter the content of the
> TRL.
>
> In fact, the content of the TRL can be updated only internally by the AS,
> in the two circumstances described in Section 4.1 "Update of the TRL".
>
>
> An adversary that has compromised and taken control of the AS is indeed
> able to update the content of the TRL, just like the AS would normally do.
> In particular, by appropriately updating the TRL content to become not
> aligned with the current set of access tokens that have been revoked but
> are not expired yet, such an adversary can practically perform the attacks
> suggested in the comment above.
>
> However, an adversary in control of the AS would be able to perform
> actions with considerably more severe and harmful consequences, such as
> revoking access tokens for no good reasons, issuing access token
> inconsistently with the installed access control policies, or providing
> wrong information to Resource Servers that ask the AS to perform token
> introspection.
>
>
> In the document, we have extended Section 13.1 "Content Retrieval from the
> TRL" by adding the following new text at its end.
>
> NEW:
> > Note that the TRL endpoint supports only the GET method (see Section 5).
> Therefore, as detailed in Section 6 and Section 7, accesses to the TRL
> endpoint are performed only by means of protected and authenticated GET
> requests, which by definition are safe in the REST sense and do not alter
> the content of the TRL. That is, registered devices and administrators can
> perform exclusively read-only operations when accessing the TRL endpoint.
> >
> > In fact, the content of the TRL can be updated only internally by the
> AS, in the two circumstances described in Section 4.1. Therefore, an
> adversary that is not in control of the AS cannot manipulate the content of
> the TRL, e.g., by removing a token hash and thereby fraudulently allowing a
> Client to access protected resources in spite of a revoked access token, or
> by adding a token hash and thereby fraudulently stopping a Client from
> accessing protected resources in spite of an access token being still valid.
>
> <==
>
>
> Received: from GVZP280MB0975.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f7::17)
>  by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Sun, 7 Jul 2024
>  07:00:37 +0000
> Received: from DU2PR04CA0026.eurprd04.prod.outlook.com (2603:10a6:10:3b::31)
>  by GVZP280MB0975.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f7::17) with
>  Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Sun, 7 Jul
>  2024 07:00:35 +0000
> Received: from DU6PEPF0000B622.eurprd02.prod.outlook.com
>  (2603:10a6:10:3b:cafe::b8) by DU2PR04CA0026.outlook.office365.com
>  (2603:10a6:10:3b::31) with Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35 via Frontend
>  Transport; Sun, 7 Jul 2024 07:00:35 +0000
> Authentication-Results: spf=pass (sender IP is 50.223.129.194)
>  smtp.mailfrom=ietf.org; dkim=none (message not signed)
>  header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass
>  reason=100
> Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates
>  50.223.129.194 as permitted sender) receiver=protection.outlook.com;
>  client-ip=50.223.129.194; helo=mail.ietf.org; pr=C
> Received: from mail.ietf.org (50.223.129.194) by
>  DU6PEPF0000B622.mail.protection.outlook.com (10.167.8.139) with Microsoft
>  SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17
>  via Frontend Transport; Sun, 7 Jul 2024 07:00:34 +0000
> Received: by ietfa.amsl.com (Postfix, from userid 65534)
> 	id 82C92C151991; Sun,  7 Jul 2024 00:00:32 -0700 (PDT)
> X-Original-To: draft-tiloca-ace-authcred-dtls-profile@ietf.org
> Delivered-To: xfilter-draft-tiloca-ace-authcred-dtls-profile@ietfa.amsl.com
> Received: from [10.244.2.27] (unknown [104.131.183.230])
> 	by ietfa.amsl.com (Postfix) with ESMTP id 42B9CC1516E1
> 	for <draft-tiloca-ace-authcred-dtls-profile@ietf.org> <draft-tiloca-ace-authcred-dtls-profile@ietf.org>; Sun,  7 Jul 2024 00:00:32 -0700 (PDT)
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
> To: <draft-tiloca-ace-authcred-dtls-profile@ietf.org> <draft-tiloca-ace-authcred-dtls-profile@ietf.org>
> Subject: Expiration impending: <draft-tiloca-ace-authcred-dtls-profile-01.txt>
> X-Test-IDTracker: no
> X-IETF-IDTracker: 12.17.1
> Auto-Submitted: auto-generated
> Precedence: bulk
> Message-ID: <172033563194.274.5459272935872629627@dt-celery-86db7666db-4xkn5>
> Date: Sun, 07 Jul 2024 00:00:31 -0700
> From: IETF Secretariat <ietf-secretariat-reply@ietf.org> <ietf-secretariat-reply@ietf.org>
> Resent-From: <alias-bounces@ietf.org> <alias-bounces@ietf.org>
> Resent-To: john.mattsson@ericsson.com, marco.tiloca@ri.se
> Resent-Message-Id: <20240707070032.82C92C151991@ietfa.amsl.com> <20240707070032.82C92C151991@ietfa.amsl.com>
> Resent-Date: Sun,  7 Jul 2024 00:00:32 -0700 (PDT)
> Return-Path: forwardingalgorithm@ietf.org
> X-MS-Exchange-Organization-ExpirationStartTime: 07 Jul 2024 07:00:34.5120
>  (UTC)
> X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
> X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
> X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
> X-MS-Exchange-Organization-Network-Message-Id:
>  5abb92d8-e10c-4736-b7f3-08dc9e527f9a
> X-EOPAttributedMessage: 0
> X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0
> X-MS-Exchange-Organization-MessageDirectionality: Incoming
> X-MS-PublicTrafficType: Email
> X-MS-TrafficTypeDiagnostic:
>  DU6PEPF0000B622:EE_|GVZP280MB0975:EE_|GVYP280MB0464:EE_
> X-MS-Exchange-Organization-AuthSource:
>  DU6PEPF0000B622.eurprd02.prod.outlook.com
> X-MS-Exchange-Organization-AuthAs: Anonymous
> X-MS-Office365-Filtering-Correlation-Id: 5abb92d8-e10c-4736-b7f3-08dc9e527f9a
> X-MS-Exchange-AtpMessageProperties: SA|SL
> X-MS-Exchange-Organization-SCL: 1
> X-Microsoft-Antispam: BCL:0;ARA:13230040|12012899012|2092899012;
> X-Forefront-Antispam-Report:
>  CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(12012899012)(2092899012);DIR:INB;
> X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2024 07:00:34.1995
>  (UTC)
> X-MS-Exchange-CrossTenant-Network-Message-Id: 5abb92d8-e10c-4736-b7f3-08dc9e527f9a
> X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
> X-MS-Exchange-CrossTenant-AuthSource:
>  DU6PEPF0000B622.eurprd02.prod.outlook.com
> X-MS-Exchange-CrossTenant-AuthAs: Anonymous
> X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
> X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVZP280MB0975
> X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0584539
> X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016
> X-Microsoft-Antispam-Mailbox-Delivery:
> 	dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198);
> X-Microsoft-Antispam-Message-Info:
> 	=?utf-8?B?NnNUdHBLRDFrWlY3U3FBZFQ4QkhXaHFieDdxdUN4NnpjaS9HNXFPbGNoNzFV?=
>  =?utf-8?B?SHFCTTl0WnZMODNmV3pLK2NWVEFMYmxtSEIxNWhQdWpXWDJMTDVwNm11M21p?=
>  =?utf-8?B?dzRwVklva29nR1VSbkI0ZDJVdGpHVjU2OTVpYWxHWUoyUG02UE9pVlltNys3?=
>  =?utf-8?B?TUE5bkZIWllrTUNPZW05aE4zeXhZOE1Qdm9KM0J4ZDVzdUFFVGlxWHhKTFNE?=
>  =?utf-8?B?THMzNTd1djg3MEdPbCtiNXlZeFJJajJsRU5PazRTb25iM1VGWS9mYnZzVEFu?=
>  =?utf-8?B?bmQyQ3FjcStSQ1RJdGdnTmZ6TUJPYThOSjZpUkdsN1o1TWdaSlB4QnVnVGQ3?=
>  =?utf-8?B?U09QSkdDaXFCVld0S0pwMEhlNlJJem1LWFRlLy9wcTVtZmpNcnBWVTRYby9p?=
>  =?utf-8?B?eW5EOHM2NHpCNGlTa0h1ZGhLR2VVY1ZFa3cyTHN6cnhvd0VBYmc1UW9BZEpQ?=
>  =?utf-8?B?ME9id240UGJlUS9qU1p4N0JNMHhNWmpwOTZMMmU5bVFjUVI5ZXJ2YWhPQkhZ?=
>  =?utf-8?B?Y1dFQ2d5WUdIb2RIMmtab29Qb0RJRlVNaXBnWkIva0l4a3ZKSHNDMXkxRjhq?=
>  =?utf-8?B?NVFWR214ZUdEaEpTQnRoWUhIbFFCOHhsQjMzdFJXWVU3bXc5UVAreTc4Vlpn?=
>  =?utf-8?B?LzA1UUFFdEY4eHI4QTdLbFhpN2hnMyt0RVZYZk5iMDhkM3hMMndPZUdzTUds?=
>  =?utf-8?B?ajBoOXNSUW1QaWY1bWZlcm8rT3lId29iMWxHWGQ3RkpsYW5abUFrc2tCdm1a?=
>  =?utf-8?B?Zkg2WXJTaU8zWHlPZUZKTFhqMEtMdVUxeXhHK0pud3ZGU0IwNUlHNlNaV2xz?=
>  =?utf-8?B?SkR2MnVPWjNCQVVxa2lIS3ZsMms2VmhNcklFOVNwUzBCQ21COTFJaHNQdG5N?=
>  =?utf-8?B?OWl1MWxtdW9HcUJlUGZ0TkxoUzI3b2tDa21ndUZaTHpQQ0lZUW9nd3o3YVkx?=
>  =?utf-8?B?VzBCdWVyV3ljOEExRVMyTy96a0tSS082SXFOdXRIQm8xQ3oxdCtIQXJKTE15?=
>  =?utf-8?B?S2xCNllLT25FbmhlMDUrbC9NMElYMXM3S2ZaS1Rnck9TVUp6TzlrVXJEUlQ3?=
>  =?utf-8?B?ZnNXY3VDWnZxZzVCQWRMQ01tdE5Nakg4RnNaMUFyU2dvSE9MMjZCK3BLOFBj?=
>  =?utf-8?B?YTd6b3MzM3UyVTF2a0s2WTdrRnJMMkFuU3BsTUhScWhiUkppdjNaQXFENjBE?=
>  =?utf-8?B?by9EVEdKYjBJeFlPd0p0cTRTZHgwbFlaOEtGeVFaUlI2SDdOa1FXeTRJYzU3?=
>  =?utf-8?B?S2dqU3lSbzVvM3lqdFdLMmFwdzNyNlVkbDJHRXA2ZmJkZFFwQVZEVllTWTcy?=
>  =?utf-8?B?cTRhSkFMeThhZSswb0FCNHVoWWRucW1WN3E3VnV6MDlaSDBtYWl1WkJuRnJH?=
>  =?utf-8?B?T1NUamhGb1dya1c3dTdrR3NxZGFNSUlkczN2SXd5OFEwVHdOcS9JSjRzeG5i?=
>  =?utf-8?B?eHNjWGUzdWU4MXBiaDlpTGloZnFoRVdHZVphZ3dKQWVnanJEbGtLWjh5NWJ5?=
>  =?utf-8?B?MUNLUW1UV0VXS1oxNko2czNVQVRvZmRVMG1lR2FPUSs5Mnk4eloycHZ6SEh2?=
>  =?utf-8?B?c3N5WTNwL2Y1OFdBa1JidSs2ZTMvb3l0SDFZMnlKUkNLZVozdkNaQ2RRREtL?=
>  =?utf-8?B?WldCUkl6SXlWamY5T0pVVFI0SXc1S3RsYmJtT1pMb0V2dDl1T0NldXFERTVz?=
>  =?utf-8?B?NHRKQUFxVUxJQWdSUmgxVlg2WjNMeVluQzNSV2d6aWZ3a05OVjZtYW56M1d1?=
>  =?utf-8?B?UCtvZkpGbG9HOU5rclVzUWdpQ2ROSk41L3U0aitUL2pYNTNreFB2VDh1YUdE?=
>  =?utf-8?B?d2ZQY2dscDNZSXFMczBYSkswYWpnak5RaG5HSlhQOTNCZGR3dGU5YWlpbjRK?=
>  =?utf-8?B?ZDZKTDNhWldSdHN2YTMvOU95RUFtRG5Dd09XdHFId3dUUEJ6dURHdEsyMit6?=
>  =?utf-8?B?THV0N1dsYzVVcDVxZTh5Y0VvTVRIcHJhQk9MdzdFOVdpcnAxbGpxRFBZQ3dY?=
>  =?utf-8?B?KzFaUDJIaGozSXpqQkZCNUczRk9MMllrZCtNcGs0RjNyRFl6VlphV0dITUNi?=
>  =?utf-8?B?MVl5eG5LdUZXdkVMWWt6NzgyTHBtM2Ixcnp4RWJXd21mTXBNRTRBYzZHRU1y?=
>  =?utf-8?B?RHM4ZEpWNnowRzRKSWM0d2FIWjlqQ1oxK2R3VzZTUm11cER0QWR5Slh0Y09D?=
>  =?utf-8?B?WnpWWlQrRC85RzJkUjVZYjBkUkFNOEJ0cCtucStmQWNGV0VrRGV1RVFHdXZE?=
>  =?utf-8?B?bWtpNks2MVhtcmdnSkdNRWtzdEFueHNBWmdhcW5scWlrWGx5eVdQQ3YwQW44?=
>  =?utf-8?B?YW5jWVlCeDJkV2U3aEJjekVFd0tTZWt5QVdPVlplQkVWanNHRkRZcG5lNmFN?=
>  =?utf-8?B?UlZNTldWQ0hIWkxVUWpSOElGb1V6TFcxekNzVUFvQzYyaDE2MDFvbkI5N0ZW?=
>  =?utf-8?B?VTV0T3VtUkFPWnRYL3pWK25kdmlZWkN5M01tOWxZMlBvL0dQVlkrRXYyZmk5?=
>  =?utf-8?B?TmVWN01LcHVDbCttSWVGckN3Tm5jSXUxR3FEQ3F4ZFM4V2xVLzFrYXlPOU9Z?=
>  =?utf-8?B?d3ZvSmJUcDI4Y1dpbFNleVlaZjY5NmRhOTZ0eUpEc2FtNTZ3cFMyY3ZkOGZw?=
>  =?utf-8?B?TVpTUWFIZEFjL1BLUnY1YVVINzRoNWNVV29keWIxK1Vsc0JvNTkwTjZGRFE1?=
>  =?utf-8?B?bnBaUTRITTM5WDJSL3ZCL0VnK01nVUVBSGpJZ0xIaktnL3FKY21Ga1pwQ1Fj?=
>  =?utf-8?B?dTVPZFM1OUhaMGVJVFBORFJpL0p0S0tCZDRFUG4wODRJV21VR0tGTytBRDBn?=
>  =?utf-8?B?PT0=?=
> MIME-Version: 1.0
>
> The following Internet-Draft will expire soon:
>
> Name:     draft-tiloca-ace-authcred-dtls-profile
> Title:    Additional Formats of Authentication Credentials for the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)
> State:    I-D Exists
> Expires:  2024-07-13 (in 5 days, 23 hours)
>
>
> Received: from GV3P280MB0827.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f2::5) by
>  GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Sun, 7 Jul 2024 07:00:37
>  +0000
> Received: from AS9P251CA0015.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:50f::29)
>  by GV3P280MB0827.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f2::5) with
>  Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Sun, 7 Jul
>  2024 07:00:35 +0000
> Received: from AMS1EPF00000041.eurprd04.prod.outlook.com
>  (2603:10a6:20b:50f:cafe::a7) by AS9P251CA0015.outlook.office365.com
>  (2603:10a6:20b:50f::29) with Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.34 via Frontend
>  Transport; Sun, 7 Jul 2024 07:00:35 +0000
> Authentication-Results: spf=pass (sender IP is 50.223.129.194)
>  smtp.mailfrom=ietf.org; dkim=none (message not signed)
>  header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass
>  reason=100
> Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates
>  50.223.129.194 as permitted sender) receiver=protection.outlook.com;
>  client-ip=50.223.129.194; helo=mail.ietf.org; pr=C
> Received: from mail.ietf.org (50.223.129.194) by
>  AMS1EPF00000041.mail.protection.outlook.com (10.167.16.38) with Microsoft
>  SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17
>  via Frontend Transport; Sun, 7 Jul 2024 07:00:34 +0000
> Received: by ietfa.amsl.com (Postfix, from userid 65534)
> 	id 4C4B8C16940C; Sun,  7 Jul 2024 00:00:33 -0700 (PDT)
> X-Original-To: draft-ietf-ace-oscore-gm-admin-coral@ietf.org
> Delivered-To: xfilter-draft-ietf-ace-oscore-gm-admin-coral@ietfa.amsl.com
> Received: from [10.244.2.27] (unknown [104.131.183.230])
> 	by ietfa.amsl.com (Postfix) with ESMTP id DB046C1522B9;
> 	Sun,  7 Jul 2024 00:00:32 -0700 (PDT)
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
> To: <draft-ietf-ace-oscore-gm-admin-coral@ietf.org> <draft-ietf-ace-oscore-gm-admin-coral@ietf.org>
> Cc: ace-chairs@ietf.org, paul.wouters@aiven.io
> Subject: Expiration impending: <draft-ietf-ace-oscore-gm-admin-coral-01.txt>
> X-Test-IDTracker: no
> X-IETF-IDTracker: 12.17.1
> Auto-Submitted: auto-generated
> Precedence: bulk
> Message-ID: <172033563255.274.9265451665620885998@dt-celery-86db7666db-4xkn5>
> Date: Sun, 07 Jul 2024 00:00:32 -0700
> From: IETF Secretariat <ietf-secretariat-reply@ietf.org> <ietf-secretariat-reply@ietf.org>
> Resent-From: <alias-bounces@ietf.org> <alias-bounces@ietf.org>
> Resent-To: marco.tiloca@ri.se, rikard.hoglund@ri.se
> Resent-Message-Id: <20240707070033.4C4B8C16940C@ietfa.amsl.com> <20240707070033.4C4B8C16940C@ietfa.amsl.com>
> Resent-Date: Sun,  7 Jul 2024 00:00:33 -0700 (PDT)
> Return-Path: forwardingalgorithm@ietf.org
> X-MS-Exchange-Organization-ExpirationStartTime: 07 Jul 2024 07:00:35.2287
>  (UTC)
> X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
> X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
> X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
> X-MS-Exchange-Organization-Network-Message-Id:
>  26f577d6-a8a7-41bc-125e-08dc9e528008
> X-EOPAttributedMessage: 0
> X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0
> X-MS-Exchange-Organization-MessageDirectionality: Incoming
> X-MS-PublicTrafficType: Email
> X-MS-TrafficTypeDiagnostic:
>  AMS1EPF00000041:EE_|GV3P280MB0827:EE_|GVYP280MB0464:EE_
> X-MS-Exchange-Organization-AuthSource:
>  AMS1EPF00000041.eurprd04.prod.outlook.com
> X-MS-Exchange-Organization-AuthAs: Anonymous
> X-MS-Office365-Filtering-Correlation-Id: 26f577d6-a8a7-41bc-125e-08dc9e528008
> X-MS-Exchange-AtpMessageProperties: SA|SL
> X-MS-Exchange-Organization-SCL: 1
> X-Microsoft-Antispam: BCL:0;ARA:13230040|12012899012|2092899012;
> X-Forefront-Antispam-Report:
>  CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(12012899012)(2092899012);DIR:INB;
> X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2024 07:00:34.9006
>  (UTC)
> X-MS-Exchange-CrossTenant-Network-Message-Id: 26f577d6-a8a7-41bc-125e-08dc9e528008
> X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
> X-MS-Exchange-CrossTenant-AuthSource:
>  AMS1EPF00000041.eurprd04.prod.outlook.com
> X-MS-Exchange-CrossTenant-AuthAs: Anonymous
> X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
> X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV3P280MB0827
> X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.7249057
> X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016
> X-Microsoft-Antispam-Mailbox-Delivery:
> 	dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198);
> X-Microsoft-Antispam-Message-Info:
> 	=?utf-8?B?cXE1V3V2a252cTlwYWR2SlpTaGdJL1VRMk9CaGNxekJuUC9hL3FxdEhqZk5q?=
>  =?utf-8?B?L0FDa0hPOGJtQjZkZitxMVBocVY3R05mTTJkbXIyekFEQXAvOHU2Z043aWVo?=
>  =?utf-8?B?VjkxbnIrUGdVTEFjeFlKemlDNUJoL0pGOHI4V3BvWnpkb1ZhVlJQOGJnV2ZR?=
>  =?utf-8?B?Z0ttRHUzS0ozRGlockMxaFdFQk5ZdTZjSkpYL2R3bDhXdEh0VGRNSVpWb045?=
>  =?utf-8?B?akx5RC9LOHpWQ2kzTEQyeXgvQnBaZWF5QS9iNHZjQmNCMmR1bS9jWmZ4SURJ?=
>  =?utf-8?B?SlVrbEMyNFZWclBkN28xQkNaaklZdkRRdG91TXFNRTB6MDRUaVVHUnVSeUM3?=
>  =?utf-8?B?MnBDbFArWTlLSzhIR29RWXRNSnROVm4wYnZpRkNuRW9RMWFFYjZSdFl4VWt2?=
>  =?utf-8?B?ejdJKzZDQldEcXI5UlRnUW1Rb3RBWU15YXlyTmRYemRzcDRobm4rdTUwYTVy?=
>  =?utf-8?B?dm54MTVKNHJsbzNBVkNsMEEyTmREOHFjelNKRk1XaTc5Mi9RdEs3blBCTXZU?=
>  =?utf-8?B?dFo1M2c5U3V4bUVWb2h3bG84Q0Nkalh5eEoyYjk1SXl2RjY4TFBLbS9OZkdK?=
>  =?utf-8?B?UFZPcGNRV0RxZ29KNXRDaWVNNkJuL0JRZDl5cVN0WjRQeUJVVmVhY05xUkdT?=
>  =?utf-8?B?ejZpbmpWWHJaaFZXb0ZZM1hXTTdzRHlPdmZ1TGpKcjJPT0FMNUU4R2k2c2Zt?=
>  =?utf-8?B?NzRlZGpXRThyTmJ1VldPVkpJdWt1OGpBbGtjZElxQTcxWU00ZmdWS09YbTNJ?=
>  =?utf-8?B?U1NIS1pkSnBvS1o5Q0FSRkRIeDI5dGVBNU1ZenQyZ2hnWHp4OVB1cG5aRzlI?=
>  =?utf-8?B?VnArSHFPbVVjbDJoUXlidG1zMVRKNTYxOGF5TzUwWEIzTUNTejdlanNiVjhS?=
>  =?utf-8?B?Z2pGYkpDck90Q2twNzY4dlJ4SFBuUjFMWjliN08rR3l1NEJqczAzUnJKeVl4?=
>  =?utf-8?B?WEdldTF5VjBXWkswdjI3cjYvSVE0T1hxSzE2NlZjTExUT0djR3M4MWVIblpD?=
>  =?utf-8?B?QVo1ZWl0bUp0R1BpakRGYkdQUmxGMHY0RXp5S0Z3VjhJOWxFTkpQSXRuNnFY?=
>  =?utf-8?B?L2duWmZaR0hPRUNtN2s3VDZKWDM3bVJ1ZjNVbGFpMEl5NmxVR084RC9LMmtX?=
>  =?utf-8?B?Qk5BdUZkUmMrUzhXenF4eUhkck1uWThMWHh6L2ROUVZCUE0zY2M2WmZOdWIz?=
>  =?utf-8?B?eFZWMnE3aFR2SXc4eFlZaHVWdkJ5YWE2WXVvazBMVWdISldiOE42UU15L3pk?=
>  =?utf-8?B?dU8vWmprOEwyclBRQ3FtMkVsOGNzaG5FNjl3VzNlbEp6L05DKytFRG56azlw?=
>  =?utf-8?B?S2NZUGphbS82OEtVL2dTb25Sa0pzYWU3aVo0SHY4UFhWOXNYMHc0T1BDNWh6?=
>  =?utf-8?B?UjNUb0dvbTFNNWZHckhpMkRsUkFQNHZpdUJkV0pyL01vVGhLTno5b2J3cTAy?=
>  =?utf-8?B?S2U3dFJvZWtDa25kR2JSZzBpL2pqb0FYZ0I3RytzNXZhUGZOMEJiYTMreHFV?=
>  =?utf-8?B?b2xrczVmSnpNYWZ2TDduWndjZkMvdnNYZ3NzeVVyWVZDMXlSUk9iM3N4Zmp4?=
>  =?utf-8?B?V3dnMi9STFhTZDMrb3Rta0JpVHZCbmUyTnN3bGcvK2RYWTE3VGdzdmdBMUdB?=
>  =?utf-8?B?cGFnVWR0YjF5MnBsdTBwSko0RHRJdnpld1NIT1YwcGwvc09KNjB5Qm8yd3VK?=
>  =?utf-8?B?YlhPOVJWbDNnUUp3THRPcjR0eXh0RTlaWWVBQnpCOC9nUlJRbGIyL3VPZGoz?=
>  =?utf-8?B?UGJ5N1ozTlZsaTZpMXhZRDRZd2QvSWh6M25Nd1VuNzNpVEplcVZUMGxsRWRN?=
>  =?utf-8?B?R2J1NzVoUzdNSUdqTkN2T0lzak5YNXRUQVFXQmhUb3RXUFMwVmsrR1JlczVv?=
>  =?utf-8?B?N3RSZk9QZjRVWUhBTVNGT3plY3BqWEFCbklNYWtLa3JLMitQYVdJd2ttTlEy?=
>  =?utf-8?B?WXZ3d0tLZk5hYmdicTRGUmlNM3g2MzNMVXh0aDdRSm9UTXhZVExuTFVpNkZW?=
>  =?utf-8?B?TVJpNEhpdElxb3pxSDVqZXNBU21vb3ZuaDlZV1gxTThQY2RnbS9Sd1R5R1Ev?=
>  =?utf-8?B?MlJNZGNnYTgxamhyemEyZjRERU9IZS9DRVEya1JlaW9YQzAxRk8rQTNSZXlP?=
>  =?utf-8?B?bENWKy8wOG1qTVFGUzNOR0l4R21PR1FNcVhXejgyWk5LdDRweXU5Wlc3ZFZH?=
>  =?utf-8?B?UVAxcEdOQ3puKzJuVGFMVGI3LzVodjJXVzU0cVMxRFNISkV3eE1lVzlBYWJ0?=
>  =?utf-8?B?TmUyamNqamVlSHJvdmdENlFiNWNYOExGWFBqV1Irdmk2VjFpRDBKS3FWOXk3?=
>  =?utf-8?B?S2tKM2N4RG1HaVQyQVpmcnEzYVpLWUlsWFR4cG5mYk1oSFAydXZObEJweEFE?=
>  =?utf-8?B?cXQ1L081dUc4Ukl6SmY3c3hJMTNsL1I1NXZyeTlRNkw5OEpCbWJqSjA5Qmp0?=
>  =?utf-8?B?OHVBS2MxSzdSZnYrUStoU3dSL0xIa21KajJTdGFqL3RFN1BVNXgraE5pc3Ni?=
>  =?utf-8?B?alR1VG1rK1RTRFZ1L2RoK1R1cUg4N3JpUlZmcE5QSGs2aXJCbDdFSjNjdUJM?=
>  =?utf-8?B?OWhYVjFPL05zakxmaEFHWmd4cEVOOWMyVmxlR0dORlJxM05aRmY3aGZURit3?=
>  =?utf-8?B?dy9CaVZFU3Zad212T1RYRC9jSGlxNG9lMld5LzdlMEtOOUN1Vzg5dVlYTVU0?=
>  =?utf-8?B?c3BpL1VhSmpaTXpyN0tXaXhNdFduSFN0SmJFbHlxeHVlMFFySW9yY3JRSFgz?=
>  =?utf-8?B?bHZnYjhEb1VwY2lpSEdpVUp3bGpTSTdHQkF2K2RoNDMwTDFsVFdTNlpEZStB?=
>  =?utf-8?B?PT0=?=
> MIME-Version: 1.0
>
> The following Internet-Draft will expire soon:
>
> Name:     draft-ietf-ace-oscore-gm-admin-coral
> Title:    Using the Constrained RESTful Application Language (CoRAL) with the Admin Interface for the OSCORE Group Manager
> State:    I-D Exists
> Expires:  2024-07-17 (in 1 week, 2 days)
>
>
>
> --
> Marco Tiloca
> Ph.D., Senior Researcher
>
> Phone: +46 (0)70 60 46 501
>
> RISE Research Institutes of Sweden AB
> Box 1263
> 164 29 Kista (Sweden)
>
> Division: Digital Systems
> Department: Computer Science
> Unit: Cybersecurity
> https://www.ri.se
>
>