Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12

Benjamin Kaduk <kaduk@mit.edu> Tue, 04 August 2020 00:00 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F4013A1157; Mon, 3 Aug 2020 17:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRBMuSxz0gzQ; Mon, 3 Aug 2020 17:00:24 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE6A93A1147; Mon, 3 Aug 2020 17:00:23 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 074004w9015069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 3 Aug 2020 20:00:07 -0400
Date: Mon, 3 Aug 2020 17:00:04 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Seitz Ludwig <ludwig.seitz@combitech.se>
Cc: Stefanie Gerdes <gerdes@tzi.de>, Paul Kyzivat <pkyzivat@alum.mit.edu>, "draft-ietf-ace-dtls-authorize.all@ietf.org" <draft-ietf-ace-dtls-authorize.all@ietf.org>, General Area Review Team <gen-art@ietf.org>, "hannes.tschofenig@arm.com" <hannes.tschofenig@arm.com>
Message-ID: <20200804000004.GI92412@kduck.mit.edu>
References: <8c2725a3-f89f-7ea1-dda9-681edd463a32@alum.mit.edu> <20200727191052.GI41010@kduck.mit.edu> <74ae7beb-61f3-6ff3-fa36-0b7e0f311558@alum.mit.edu> <20200729101639.GA92412@kduck.mit.edu> <3616e441e6e54b8eb6380ff93646b848@combitech.se> <55280b2a-fed1-2032-76bc-eebb18644f3c@tzi.de> <0ad51ad9c8334d64ae9f4a29a12593e8@combitech.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <0ad51ad9c8334d64ae9f4a29a12593e8@combitech.se>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/B8fZN9JLklV28laGFqUIdaaqBcQ>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 00:00:25 -0000

That seems reasonable to me.

Ludwig, are you able to raise the topic on the ACE list?

Thanks,

Ben

On Mon, Aug 03, 2020 at 02:21:12PM +0000, Seitz Ludwig wrote:
> I support Steffi's suggestion (i.e. make it pop-only here and allow non-pop profiles in the framework).
> 
> /Ludwig
> 
> -----Original Message-----
> From: Stefanie Gerdes <gerdes@tzi.de> 
> Sent: den 3 augusti 2020 16:18
> To: Seitz Ludwig <ludwig.seitz@combitech.se>se>; Benjamin Kaduk <kaduk@mit.edu>du>; Paul Kyzivat <pkyzivat@alum.mit.edu>
> Cc: draft-ietf-ace-dtls-authorize.all@ietf.org; General Area Review Team <gen-art@ietf.org>rg>; hannes.tschofenig@arm.com
> Subject: Re: Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12
> 
> Hi all,
> 
> On 08/03/2020 08:21 AM, Seitz Ludwig wrote:
> >>>> * Also in section 3.3.1:
> >>>>
> >>>>      ... This
> >>>>      specification assumes that the access token is a PoP token as
> >>>>      described in [I-D.ietf-ace-oauth-authz] unless specifically stated
> >>>>      otherwise.
> 
> <snip>
> 
> Since no alternatives to PoP tokens are mentioned in the DTLS profile, I would change this to: "This specification implements access tokens as proof-of-possession tokens".
> 
> Maybe the framework may add that a profile that uses a different token type must specify how this would work.
> 
> Viele Grüße
> Steffi