[Secdispatch] Request for discussion of Concise IDs in Prague
Carsten Bormann <cabo@tzi.org> Sun, 17 March 2019 19:52 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F13130DCB for <secdispatch@ietfa.amsl.com>; Sun, 17 Mar 2019 12:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zlknwRJNXaFl for <secdispatch@ietfa.amsl.com>; Sun, 17 Mar 2019 12:52:47 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5218212F295 for <secdispatch@ietf.org>; Sun, 17 Mar 2019 12:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost2.informatik.uni-bremen.de [IPv6:2001:638:708:30c8:406a:91ff:fe74:f2b7]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id x2HJqcsk013332 for <secdispatch@ietf.org>; Sun, 17 Mar 2019 20:52:44 +0100 (CET)
Received: from client-0073.vpn.uni-bremen.de (client-0073.vpn.uni-bremen.de [134.102.107.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 44MqjL3JNVz1Bp8; Sun, 17 Mar 2019 20:52:38 +0100 (CET)
From: Carsten Bormann <cabo@tzi.org>
Content-Type: text/plain; charset="utf-8"
X-Mao-Original-Outgoing-Id: 574545154.828951-abddd6c11da68af0d190e4860c013f5e
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Sun, 17 Mar 2019 20:52:36 +0100
Message-Id: <B55C574A-8C20-45AD-9213-C00F942F4518@tzi.org>
To: secdispatch@ietf.org
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/CGlf3NB2yhLyRgpyBpogPzi3CDQ>
Subject: [Secdispatch] Request for discussion of Concise IDs in Prague
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2019 19:52:50 -0000
With the completion of CWT (RFC 8392) and CWT proof of possession
(draft-ietf-ace-cwt-proof-of-possession, submitted to IESG), we now
have a way to use COSE for authenticated assertions where previously
only RFC 5280/RFC5755 ("X.509") certificates were really applicable.
The latter are sometimes quite clumsy to use in constrained
environments, even with tricks such as
draft-raza-ace-cbor-certificates.
There has been interest in a profile specification that details how to
use CWT for these kinds of signed claims; a work in progress is
available as draft-birkholz-core-coid. No IETF working group is
currently chartered to work on such a profile, and no single working
group jumps to mind as the obvious candidate.
A side discussion and meeting(*) was held a while ago to determine a
good solution; this side meeting came up with ACE and CORE as two
leading candidates: ACE because it already did CWT (which, however,
already was a bit of an odd addition to its charter), and CORE,
because it is interested in having such a profile available and has
the requirements (but is not itself a security area WG).
The side meeting also recommended to ask secdispatch to dispatch this
document. Because a family tragedy kept one of the main authors away
from this, this did not happen right away; however, I would like to
make this request now, hopefully in time for a discussion in Prague.
Grüße, Carsten
(*) In some order, I believe the participants of the discussion were:
Benjamin Kaduk <kaduk@mit.edu>,
Carsten Bormann <cabo@tzi.org>,
Henk Birkholz <henk.birkholz@sit.fraunhofer.de>,
Ivaylo Petrov <ivaylo@ackl.io>,
Jim Schaad <ietf@augustcellars.com>,
Matthew Miller <linuxwolf+ietf@outer-planes.net>,
Richard Barnes <rlb@ipv.sx>,
Roman Danyliw <rdd@cert.org>,
- [Secdispatch] Request for discussion of Concise I… Carsten Bormann
- Re: [Secdispatch] Request for discussion of Conci… Michael Richardson
- Re: [Secdispatch] Request for discussion of Conci… Carsten Bormann