Re: [Gen-art] [Ace] Genart last call review of draft-ietf-ace-oauth-params-06

elwynd <> Wed, 08 January 2020 13:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B3D2B1200F6; Wed, 8 Jan 2020 05:47:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OWdvF26EgJ40; Wed, 8 Jan 2020 05:47:26 -0800 (PST)
Received: from ( [IPv6:2001:8b0:0:30::51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 94F8C1200C5; Wed, 8 Jan 2020 05:47:26 -0800 (PST)
Received: from ([2001:8b0:bf:1:7411:4eb0:7d32:9e57]) by with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1ipBJe-0005o0-Al; Wed, 08 Jan 2020 13:24:06 +0000
Date: Wed, 08 Jan 2020 13:23:59 +0000
In-Reply-To: <>
Importance: normal
From: elwynd <>
To: Ludwig Seitz <>,
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=""
Message-ID: <>
Archived-At: <>
Subject: Re: [Gen-art] [Ace] Genart last call review of draft-ietf-ace-oauth-params-06
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Jan 2020 13:47:29 -0000

Sent from Samsung tablet.
-------- Original message --------From: Ludwig Seitz <> Date: 07/01/2020  19:52  (GMT+00:00) To: elwynd <>uk>, Cc:,, Subject: Re: [Gen-art] [Ace] Genart last call review of
  draft-ietf-ace-oauth-params-06 On 2019-12-22 19:27, elwynd wrote:> Hi, Ludwig.>> Having had another look at section 3.1 of> draft-ietf-ace-cwt-proof-of-possession, technically the rules about> which keys have to be present are not part of the syntax of the cnf> claim.  The point can be covered by changing '"syntax of the 'cnf' claim"> to "syntax and semantics of the 'cnf' claim"> in each case.>> However, the second look threw up another point:  Figure 2 in s3.2 gives> a Symetric key example  - I think this should use an Encrypted_COSE_Key> (or Encrypted_COSE_Key0) as described in section 3.3 of> draft-ietf-ace-cwt-proof-of-possession.>> Otherwise I think we are done.>> Eventually we will get to Christmas!>> Cheers,> Elwyn>>Hello Elwyn,I hope you had a merry Christmas and a happy new year's eve.I have updated the draft to -10, fixing the phrasing to your suggestionfrom the first paragraph above in various places (and an issue that cameup during IANA review).Given my argument for not having the encrypted COSE_Key in figure 2 Ileft that part as it was. Please indicate whether this is acceptablewith the given explanation.Regards,LudwigHi, Ludwig.Yes, we had a pleasant festive season - Hope yours was good also.The -10 draft looks good.  Regarding the symmetric key in s3. 2/Figure 2, I think it would be worth adding a sentence to point out that one might have to use the encrypted form per proof-of-posession draft if the overall message was not encrypted (as in it is in the oauth usage).Cheers,Elwyn