Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12

Seitz Ludwig <ludwig.seitz@combitech.se> Mon, 03 August 2020 14:21 UTC

Return-Path: <ludwig.seitz@combitech.se>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B078E3A0B2B; Mon, 3 Aug 2020 07:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FAgWfSXRre55; Mon, 3 Aug 2020 07:21:34 -0700 (PDT)
Received: from weald.air.saab.se (weald.air.saab.se [136.163.212.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDE573A0AC5; Mon, 3 Aug 2020 07:21:33 -0700 (PDT)
Received: from mailhub1.air.saab.se ([136.163.213.4]) by weald.air.saab.se (8.14.4/8.14.4) with ESMTP id 073ELPeS008292 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 3 Aug 2020 16:21:25 +0200
DKIM-Filter: OpenDKIM Filter v2.11.0 weald.air.saab.se 073ELPeS008292
Received: from corpappl16593.corp.saab.se (corpappl16593.corp.saab.se [10.12.12.125]) by mailhub1.air.saab.se (8.13.8/8.13.8) with ESMTP id 073ELC9q022363 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 3 Aug 2020 16:21:12 +0200
Received: from corpappl16595.corp.saab.se (10.12.12.127) by corpappl16593.corp.saab.se (10.12.12.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Mon, 3 Aug 2020 16:21:12 +0200
Received: from corpappl16595.corp.saab.se ([fe80::3c3e:6470:4c56:a86f]) by corpappl16595.corp.saab.se ([fe80::3c3e:6470:4c56:a86f%4]) with mapi id 15.01.1979.003; Mon, 3 Aug 2020 16:21:12 +0200
From: Seitz Ludwig <ludwig.seitz@combitech.se>
To: Stefanie Gerdes <gerdes@tzi.de>, Benjamin Kaduk <kaduk@mit.edu>, "Paul Kyzivat" <pkyzivat@alum.mit.edu>
CC: "draft-ietf-ace-dtls-authorize.all@ietf.org" <draft-ietf-ace-dtls-authorize.all@ietf.org>, General Area Review Team <gen-art@ietf.org>, "hannes.tschofenig@arm.com" <hannes.tschofenig@arm.com>
Thread-Topic: Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
Thread-Index: AQHWXgqUDpsvbdblRUiJuHuQ7Wzh46kbta4AgAFWhQCAATjigIAHurYQgABkRACAACIf8A==
Date: Mon, 3 Aug 2020 14:21:12 +0000
Message-ID: <0ad51ad9c8334d64ae9f4a29a12593e8@combitech.se>
References: <8c2725a3-f89f-7ea1-dda9-681edd463a32@alum.mit.edu> <20200727191052.GI41010@kduck.mit.edu> <74ae7beb-61f3-6ff3-fa36-0b7e0f311558@alum.mit.edu> <20200729101639.GA92412@kduck.mit.edu> <3616e441e6e54b8eb6380ff93646b848@combitech.se> <55280b2a-fed1-2032-76bc-eebb18644f3c@tzi.de>
In-Reply-To: <55280b2a-fed1-2032-76bc-eebb18644f3c@tzi.de>
Accept-Language: en-SE, sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.12.13.211]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Saab-MailScanner-Information: Please contact the ISP for more information
X-Saab-MailScanner-ID: 073ELC9q022363
X-Saab-MailScanner: Found to be clean
X-Saab-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.499, required 5, ALL_TRUSTED -1.00, KAM_NUMSUBJECT 0.50, URIBL_BLOCKED 0.00)
X-Saab-MailScanner-From: ludwig.seitz@combitech.se
X-Saab-MailScanner-Watermark: 1597069273.03549@x2rCEbxzcxlNppmE57CEeQ
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (weald.air.saab.se [136.163.212.3]); Mon, 03 Aug 2020 16:21:26 +0200 (CEST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/4SJAscRDDRBOqjEjoT-a9VERKgY>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 14:21:40 -0000

I support Steffi's suggestion (i.e. make it pop-only here and allow non-pop profiles in the framework).

/Ludwig

-----Original Message-----
From: Stefanie Gerdes <gerdes@tzi.de> 
Sent: den 3 augusti 2020 16:18
To: Seitz Ludwig <ludwig.seitz@combitech.se>se>; Benjamin Kaduk <kaduk@mit.edu>du>; Paul Kyzivat <pkyzivat@alum.mit.edu>
Cc: draft-ietf-ace-dtls-authorize.all@ietf.org; General Area Review Team <gen-art@ietf.org>rg>; hannes.tschofenig@arm.com
Subject: Re: Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12

Hi all,

On 08/03/2020 08:21 AM, Seitz Ludwig wrote:
>>>> * Also in section 3.3.1:
>>>>
>>>>      ... This
>>>>      specification assumes that the access token is a PoP token as
>>>>      described in [I-D.ietf-ace-oauth-authz] unless specifically stated
>>>>      otherwise.

<snip>

Since no alternatives to PoP tokens are mentioned in the DTLS profile, I would change this to: "This specification implements access tokens as proof-of-possession tokens".

Maybe the framework may add that a profile that uses a different token type must specify how this would work.

Viele Grüße
Steffi