Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12

Stefanie Gerdes <gerdes@tzi.de> Mon, 03 August 2020 14:17 UTC

Return-Path: <gerdes@tzi.de>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACDD33A0AE3; Mon, 3 Aug 2020 07:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.947
X-Spam-Level:
X-Spam-Status: No, score=-0.947 tagged_above=-999 required=5 tests=[NICE_REPLY_A=-0.949, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id od5-VZT9rzy1; Mon, 3 Aug 2020 07:17:44 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E3BA3A0B09; Mon, 3 Aug 2020 07:17:39 -0700 (PDT)
Received: from [192.168.0.57] (p5b36f4da.dip0.t-ipconnect.de [91.54.244.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BL0Mj1XW0zyXP; Mon, 3 Aug 2020 16:17:37 +0200 (CEST)
To: Seitz Ludwig <ludwig.seitz@combitech.se>, Benjamin Kaduk <kaduk@mit.edu>, Paul Kyzivat <pkyzivat@alum.mit.edu>
References: <8c2725a3-f89f-7ea1-dda9-681edd463a32@alum.mit.edu> <20200727191052.GI41010@kduck.mit.edu> <74ae7beb-61f3-6ff3-fa36-0b7e0f311558@alum.mit.edu> <20200729101639.GA92412@kduck.mit.edu> <3616e441e6e54b8eb6380ff93646b848@combitech.se>
Cc: "draft-ietf-ace-dtls-authorize.all@ietf.org" <draft-ietf-ace-dtls-authorize.all@ietf.org>, General Area Review Team <gen-art@ietf.org>, "hannes.tschofenig@arm.com" <hannes.tschofenig@arm.com>
From: Stefanie Gerdes <gerdes@tzi.de>
Message-ID: <55280b2a-fed1-2032-76bc-eebb18644f3c@tzi.de>
Date: Mon, 3 Aug 2020 16:17:36 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <3616e441e6e54b8eb6380ff93646b848@combitech.se>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/1GLm2L2RL0vrhzNyCgaDLzwgs8I>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 14:17:47 -0000

Hi all,

On 08/03/2020 08:21 AM, Seitz Ludwig wrote:
>>>> * Also in section 3.3.1:
>>>>
>>>>      ... This
>>>>      specification assumes that the access token is a PoP token as
>>>>      described in [I-D.ietf-ace-oauth-authz] unless specifically stated
>>>>      otherwise.

<snip>

Since no alternatives to PoP tokens are mentioned in the DTLS profile, I
would change this to: "This specification implements access tokens as
proof-of-possession tokens".

Maybe the framework may add that a profile that uses a different token
type must specify how this would work.

Viele Grüße
Steffi