Hello Éric,Thanks a lot for your review! Please find in line below our detailed replies to your comments.
Thanks, /Marco On 2024-07-08 12:01, Éric Vyncke via Datatracker wrote:
Éric Vyncke has entered the following ballot position for draft-ietf-ace-revoked-token-notification-08: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)Please refer tohttps://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C3ae3b441cb6c462d16b608dc9f34fe19%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560297153739670%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=aRB53I1iswrQJfLW6u%2Fmkh6HebZXtsZZT4paI%2Fyz2QE%3D&reserved=0 for more information about how to handle DISCUSS and COMMENT positions.The document, along with other ballot positions, can be found here: https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-revoked-token-notification%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C3ae3b441cb6c462d16b608dc9f34fe19%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560297153747463%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=VifhUejrHyDCunuqeQzTqx895h4T%2F1tR%2B2ZViGTw%2FHw%3D&reserved=0 ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the work done on this document and thanks as well to Niklas Widell for his IoT directorate review (https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Freview-ietf-ace-revoked-token-notification-08-iotdir-telechat-widell-2024-07-04%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C3ae3b441cb6c462d16b608dc9f34fe19%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560297153752971%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=X%2BAOU3QdMfZQxuVBsvzlRKrRCzjs%2BUFd99hZo7sQusA%3D&reserved=0), may I suggest to the authors to reply to Niklas' comments ?
==>MTCertainly. Our reply to Niklas is archived at https://mailarchive.ietf.org/arch/msg/ace/lSE5vTfkzJueqmpGXKWvy5lCkRg/
<==
Just a nit on this I-D: the text often uses Capitalisation, which is probably not required and is just an eye distraction (e.g., "Client" or "Server") and as noted by Niklas, some acronyms are introduced several times and/or never used.
==>MTOn the note from Niklas, we have addressed his comment when processing his review, as specifically related to the use of "RS" in the first paragraph of Section 1 "Introduction".
On the capitalization, you do have a point, and actually RFC 9200 uses the lowercase variants.
We will revise the text to use "client", "resource server", and "authorization server". That would also make the text consistent with the lowercase use of "administrator". Obvious exceptions apply to situations like section titles and figure captions.
In order to avoid annoying conflicts when merging the different Github Pull Requests, we plan to make this change as last when making the final editorial pass to the Editor's copy, before submitting the new version -09.
<==
As a side note, I am unsure whether the whole section 3.1 is useful as it seems to repeat what is specified in other documents.
==>MTSection 3.1 was added to address a comment from the GENART review that we received from Dale Worley during the IETF Last Call on version -06. The mail thread for that review is archived at https://mailarchive.ietf.org/arch/msg/ace/ETtaBMaSyoZKMD82kgG49P2cF9U/
As per Dale's comment, at that time the document was not describing the motivation for the specified construction of the hash input.
Building on Dale's input, we deemed useful to include such motivation and the considered design rationale, and we practically exemplified that with respect to the existing transport profiles of the ACE framework, together with surveying the CBOR/JSON and CWT/JWT variants.
Besides helping the reader in general, this sets the ground for better understanding the following Sections 3.2 and 3.3, and for guiding in using the method specified by this document.
<==
Also, unsure whether using CBOR only on the TRL when the actual tokens can be CBOR or JSON is a simplification for the RS.
==>MTIn general, the same AS can issue both access tokens as CWTs for some of its registered RSs and access tokens as JWTs for other registered RSs.
With that in mind, right from the start we wanted to simply have a single TRL at the AS, as accessible by all the devices registered at that AS and simpler to maintain for the AS. Such a single TRL and its content/representation abstract away from the fact that a stored token hash corresponds specifically to a CWT or to a JWT.
The specific choice of CBOR is consistent with two points from RFC 9200 that this document remains aligned with (also when dealing with other aspects). That is:
* The use of CBOR to encode exchanged messages is required if CoAP is used (see Section 5 of RFC 9200) and is recommended otherwise (see Section 3 of RFC 9200).
* The use of CWTs is a preferable option for resource-constrained RSs as well as the default case in the ACE framework (see Section 3 of RFC 9200).
Sure, in the case where an RS uses JWTs and communications with that RS are not based on CoAP, then that RS has to support CBOR in order to parse the responses from the TRL endpoint at the AS. This is reasonable for such a (presumably non-constrained) RS, and it is also aligned with other features of this specification that, per the same rationale, deliberately favors the use of CWTs instead of the use of JWTs (e.g., see the considerations in Section 13.6).
<==
In section 6, is there a specification of an "administrator" in `If the requester is an administrator` ?
==>MTThe role "administrator" is intended here simply per its definition in Section 1.1 "Terminology", i.e.:
> * Administrator: entity authorized to get full access to the TRL at the AS, and acting as a requester towards the TRL endpoint. An administrator is not necessarily a registered device as defined above, i.e., a Client requesting access tokens or an RS consuming access tokens.
... which is immediately followed by > * Pertaining access token: > > - With reference to an administrator, an access token issued by the AS. > > ...The ACE framework (RFC 9200) does not define the concept of "administrator", as it is not part of the main workflow where a Client requests an access token from an AS to be consumed by an RS.
Consistent with the definitions above, the "administrator" introduced in this document refers to an entity that can have full access to the TRL, i.e., all the access tokens that the AS issues pertain to an administrator registered at the AS.
When addressing the IoT Directorate review from Niklas Widell, we also extended the definition of "administrator" in Section 1.1 "Terminology", by clarifying that:
> An administrator might also be authorized to perform further administrative operations at the AS, e.g., through a dedicated admin interface that is out of the scope of this document.
<==
Kudos for using SVG graphics ;-)
Received: from MM0P280MB0101.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:15::9) by
GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Mon, 8 Jul 2024 16:48:02
+0000
Received: from DU2PR04CA0040.eurprd04.prod.outlook.com (2603:10a6:10:234::15)
by MM0P280MB0101.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:15::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Mon, 8 Jul
2024 16:48:01 +0000
Received: from DU2PEPF00028D03.eurprd03.prod.outlook.com
(2603:10a6:10:234:cafe::1a) by DU2PR04CA0040.outlook.office365.com
(2603:10a6:10:234::15) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35 via Frontend
Transport; Mon, 8 Jul 2024 16:48:00 +0000
Authentication-Results: spf=pass (sender IP is 50.223.129.194)
smtp.mailfrom=ietf.org; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass
reason=100
Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates
50.223.129.194 as permitted sender) receiver=protection.outlook.com;
client-ip=50.223.129.194; helo=mail.ietf.org; pr=C
Received: from mail.ietf.org (50.223.129.194) by
DU2PEPF00028D03.mail.protection.outlook.com (10.167.242.187) with Microsoft
SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17
via Frontend Transport; Mon, 8 Jul 2024 16:48:00 +0000
Received: from [10.244.2.22] (unknown [104.131.183.230])
by ietfa.amsl.com (Postfix) with ESMTP id 42826C375691;
Mon, 8 Jul 2024 09:47:58 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From:internet-dra...@ietf.org
To: "=?utf-8?q?Rikard_H=C3=B6glund?="<rikard.hogl...@ri.se>,
"Francesca Palombini"<francesca.palomb...@ericsson.com>,
"Marco Tiloca"<marco.til...@ri.se>,
"Peter van der Stok"<stokc...@kpnmail.nl>,
"Rikard Hoeglund"<rikard.hogl...@ri.se>
Subject: New Version Notification for draft-ietf-ace-oscore-gm-admin-12.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 12.17.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID:
<172045727793.450182.15374323269163351175@dt-datatracker-5f88556585-j5r2h>
Date: Mon, 08 Jul 2024 09:47:57 -0700
Return-Path:internet-dra...@ietf.org
X-MS-Exchange-Organization-ExpirationStartTime: 08 Jul 2024 16:48:00.7181
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
cc1932dc-8d23-46ab-b68f-08dc9f6dba64
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic:
DU2PEPF00028D03:EE_|MM0P280MB0101:EE_|GVYP280MB0464:EE_
X-MS-Exchange-Organization-AuthSource:
DU2PEPF00028D03.eurprd03.prod.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id: cc1932dc-8d23-46ab-b68f-08dc9f6dba64
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam:
BCL:4;ARA:13230040|3072899012|3092899012|5062899012|2092899012|12012899012;
X-Forefront-Antispam-Report:
CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(3072899012)(3092899012)(5062899012)(2092899012)(12012899012);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2024 16:48:00.4056
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
cc1932dc-8d23-46ab-b68f-08dc9f6dba64
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-AuthSource:
DU2PEPF00028D03.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MM0P280MB0101
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.2738950
X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016
X-Microsoft-Antispam-Mailbox-Delivery:
dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info:
=?iso-8859-1?Q?kQYVChvSIR5yYKZ41WJ9WwroMcWExlRH4tVzOBnSybHgfkNNSO2yNHzOwC?=
=?iso-8859-1?Q?O3GzKfbe49DvIymT/9s1icFi1sDLdG+0IJJ8cPY6y+YyEJY2gGtkh0lWPJ?=
=?iso-8859-1?Q?wTEkncOC5PT+xpVfani/A/OfAFXgjaRdsF2nwh8xd5WpkyvRi/JeZdRu60?=
=?iso-8859-1?Q?Ddqjmwl6sE19oAVwdPU3bhtz/EIDB+wuE7bBrjTJBIqalisvHo8x01TDtH?=
=?iso-8859-1?Q?PTqshoo10oHktX2QrT1UegBSHqpFw2jlFJ5ka+SHHATrzOeTlGEz77Gsse?=
=?iso-8859-1?Q?xqo36lg4ZSZaWJrAaqEC/TdF8aVG6kQmZEdVB/HOb1pEWB9RnHfhObxIUY?=
=?iso-8859-1?Q?WyzhkR7+3XTW4s00Mhw6vUB5+eQHGCThZiKfhOEZ1jdiIZQ4HHI8Zbz1va?=
=?iso-8859-1?Q?X7tW9BeUZCgad/CgM+ef83vZUDo2d6DOvcUV/GVGsvBYRI/MqXFDk2UYXS?=
=?iso-8859-1?Q?gGxI5XFBBEt5QtG7/rZFB8i82973LlfN/AClMr+zxadRWoAON6b+B9qOKS?=
=?iso-8859-1?Q?izl4W4eYza98u9zEEgUmHMWZQakQisW9q7ke2E+Q+mNxuVjMj5xf+wSxsK?=
=?iso-8859-1?Q?iOBr9l++18X5KY3b5koEK6uaiOUTYPqwJYMrR9sbMFoMM/UqIk4/o9fvKu?=
=?iso-8859-1?Q?9w5uB3pgzTPZheacrKPI5blWZ6SSQQ2XFf41kj38xJgLbfIBh5u1OnIGr3?=
=?iso-8859-1?Q?WFqp36xGayq50wQC36OqJCwZcITX09aLhHBalukzyh5AHRFsCdxtTKioo7?=
=?iso-8859-1?Q?QncxmIv6gASNcCY0yAt7cVarnceWzAyIIiVa6N07htnL24m/ZwUfp7JNMa?=
=?iso-8859-1?Q?xxFRdOij7Vym5lhcLzHD9hOEkpuOyJsiKBOQ4dr0zCOB+KEo1HZEs/FMYZ?=
=?iso-8859-1?Q?sG8FJ5nAU0oOPEj5ZGk1ndDkT0JYxOqL3LpSLqfGiltCbM1TTbHDkIUHdP?=
=?iso-8859-1?Q?fxs2MlNXpWxEJf7ClRGSakWNJ3fBKf9ycPmrzV60CvOVKDBeQcR9JxMQvB?=
=?iso-8859-1?Q?fFAPPreI8Sa0JK8iXPk+dBoyY4K25sviYqqz+7hPYih+cfOJ+vvRwVRREQ?=
=?iso-8859-1?Q?2OZliupMUu8ct1V5AOn333t1dIgj3NDgX9Q16Yw2g/CMpB/qj1zhSzy6/5?=
=?iso-8859-1?Q?JbCceWIxi4Xr9PKxHfLC2XURV+KO3GWZ3BPdYxT4q7nCbzvAVDujJLnIjn?=
=?iso-8859-1?Q?yI7iSFp+WaQE2xYKe6rvjx8W+jiZ0q8mF9NlMrWcdicG5jvjm4fNln/tL1?=
=?iso-8859-1?Q?UolZvbADm48J+z27+BEBAgNmef0OVlk4pGyDKwUtUYxaC+ZVPwMCYwTCjA?=
=?iso-8859-1?Q?fGC2fn8ZVtb/rHMRqcA7e7Xo9/VRgbvBOAjZTaxyJWwpnmTgQTy+hXwgiA?=
=?iso-8859-1?Q?c9tPQqgiwTiHIq05cAR+2mPuqXBE9J/t5uTvn20Wve1Ah68Dspyf4ImWGr?=
=?iso-8859-1?Q?qpNCu9CU4uZffU0AIfphOJhx2ySsZ7ayEwPcT6E7fNY+A20fTA2/GPdznQ?=
=?iso-8859-1?Q?BsQa5IwfFk/4yLQ/XiV9RQnJ+kEnB10+yw99BNZaw7KYLAsYQzQgJFVseU?=
=?iso-8859-1?Q?a7C8GbXw0mN90kYZ95KSKN24MVxaQ4gckAFirr8myhQyLhcLNt9ciNKzNv?=
=?iso-8859-1?Q?ipwdJ+9Sxabl035mF/R6XrB3og42QuSTrieTfkB6HlQEqEOKNbmH/5cLxB?=
=?iso-8859-1?Q?YNT8Pd04f85PcuhrFjrcl82I8SjIArYVeho897Rbod7GlZFNywbdADAHCS?=
=?iso-8859-1?Q?W/wumOn4zg7sR+XbiPUxOP+3J+6PAeG+1/FDXQhilDhaw0lzP+GwDKP5Qb?=
=?iso-8859-1?Q?sA1sZNio1bZPndSHMEtVhoh9yPNojygu4Ac0ee6ZiFnP44lE9WymHIdbsX?=
=?iso-8859-1?Q?Od3jt3WqsfF9AcRbvJm6pqV9Ob5Hw558378WOTNCtKi7FwttvqnomKuOK9?=
=?iso-8859-1?Q?QDDDJloQqM47qBok+fLrcwoNgw2BIR+1xeVFnbI58P2w3XxMMTfhA1MRvJ?=
=?iso-8859-1?Q?KraK9165kLlp9In/+RrInzgLJElmZSqvIJJP6B8LhKLKI6rUECK6xtO4Ez?=
=?iso-8859-1?Q?ok8VZQpEafJsC7bXn5Tcg797LGzrt8I4AtH2Y+XV9wFYwbHHRX8YqGRRDK?=
=?iso-8859-1?Q?KdkuFmL8AwJig+b/tlspPBtyRbw5YUUovviDwTs+OptPnEx07YECc8iyHn?=
=?iso-8859-1?Q?0HMwjWrR8nnKROzh7tu8MXhC?=
MIME-Version: 1.0
A new version of Internet-Draft draft-ietf-ace-oscore-gm-admin-12.txt has been
successfully submitted by Marco Tiloca and posted to the
IETF repository.
Name: draft-ietf-ace-oscore-gm-admin
Revision: 12
Title: Admin Interface for the OSCORE Group Manager
Date: 2024-07-08
Group: ace
Pages: 84
URL:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-ace-oscore-gm-admin-12.txt&data=05%7C02%7Cmarco.tiloca%40ri.se%7Ccc1932dc8d2346abb68f08dc9f6dba64%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560540827703142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=P2Y23qu0u3gpJC5NFzUqc0YCkveZPawVKba9CMo1TSI%3D&reserved=0
Status:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-oscore-gm-admin%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7Ccc1932dc8d2346abb68f08dc9f6dba64%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560540827710941%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=FKUfk3G0%2BIA2kMc6RNWESwY4vOs4dxn3cchPARnloYI%3D&reserved=0
HTML:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-ace-oscore-gm-admin-12.html&data=05%7C02%7Cmarco.tiloca%40ri.se%7Ccc1932dc8d2346abb68f08dc9f6dba64%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560540827716671%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=mjAP3Ng%2B2hX1hwg5rqJwRp5JuNdVcL4XJPmZi%2F2GgDs%3D&reserved=0
HTMLized:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-ace-oscore-gm-admin&data=05%7C02%7Cmarco.tiloca%40ri.se%7Ccc1932dc8d2346abb68f08dc9f6dba64%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560540827720912%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=4kl09RL0%2FMktYD6z9thSjaOfsLoIMhmkuB3g6tjnWiQ%3D&reserved=0
Diff:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-ace-oscore-gm-admin-12&data=05%7C02%7Cmarco.tiloca%40ri.se%7Ccc1932dc8d2346abb68f08dc9f6dba64%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560540827725472%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=61Viq2%2FyNIEGmkuWXEBNqVVJRDqaZWbml5MbgghlHk4%3D&reserved=0
Abstract:
Group communication for CoAP can be secured using Group Object
Security for Constrained RESTful Environments (Group OSCORE). A
Group Manager is responsible for handling the joining of new group
members, as well as managing and distributing the group keying
material. This document defines a RESTful admin interface at the
Group Manager that allows an Administrator entity to create and
delete OSCORE groups, as well as to retrieve and update their
configuration. The ACE framework for Authentication and
Authorization is used to enforce authentication and authorization of
the Administrator at the Group Manager. Protocol-specific transport
profiles of ACE are used to achieve communication security, proof-of-
possession, and server authentication.
The IETF Secretariat
Received: from GVZP280MB0443.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:46::11)
by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Mon, 8 Jul 2024
16:50:13 +0000
Received: from AM6PR04CA0036.eurprd04.prod.outlook.com (2603:10a6:20b:92::49)
by GVZP280MB0443.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:46::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Mon, 8 Jul
2024 16:50:12 +0000
Received: from AMS0EPF000001A2.eurprd05.prod.outlook.com
(2603:10a6:20b:92:cafe::5d) by AM6PR04CA0036.outlook.office365.com
(2603:10a6:20b:92::49) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35 via Frontend
Transport; Mon, 8 Jul 2024 16:50:12 +0000
Authentication-Results: spf=pass (sender IP is 50.223.129.194)
smtp.mailfrom=ietf.org; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass
reason=100
Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates
50.223.129.194 as permitted sender) receiver=protection.outlook.com;
client-ip=50.223.129.194; helo=mail.ietf.org; pr=C
Received: from mail.ietf.org (50.223.129.194) by
AMS0EPF000001A2.mail.protection.outlook.com (10.167.16.235) with Microsoft
SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17
via Frontend Transport; Mon, 8 Jul 2024 16:50:12 +0000
Received: from [10.244.2.22] (unknown [104.131.183.230])
by ietfa.amsl.com (Postfix) with ESMTP id 84CD2C23C61A;
Mon, 8 Jul 2024 09:49:54 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From:internet-dra...@ietf.org
To: "=?utf-8?q?G=C3=B6ran_Selander?="<goran.selan...@ericsson.com>,
"Goeran Selander"<goran.selan...@ericsson.com>,
"Marco Tiloca"<marco.til...@ri.se>
Subject: New Version Notification for draft-ietf-ace-workflow-and-params-02.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 12.17.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID:
<172045739420.445281.12231012262106336815@dt-datatracker-5f88556585-j5r2h>
Date: Mon, 08 Jul 2024 09:49:54 -0700
Return-Path:internet-dra...@ietf.org
X-MS-Exchange-Organization-ExpirationStartTime: 08 Jul 2024 16:50:12.3920
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
5929104c-3fe7-45d2-8dc8-08dc9f6e08e0
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic:
AMS0EPF000001A2:EE_|GVZP280MB0443:EE_|GVYP280MB0464:EE_
X-MS-Exchange-Organization-AuthSource:
AMS0EPF000001A2.eurprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id: 5929104c-3fe7-45d2-8dc8-08dc9f6e08e0
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam:
BCL:4;ARA:13230040|5062899012|3072899012|3092899012|2092899012|12012899012;
X-Forefront-Antispam-Report:
CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(5062899012)(3072899012)(3092899012)(2092899012)(12012899012);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2024 16:50:12.0639
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
5929104c-3fe7-45d2-8dc8-08dc9f6e08e0
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-AuthSource:
AMS0EPF000001A2.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVZP280MB0443
X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.9272122
X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016
X-Microsoft-Antispam-Mailbox-Delivery:
dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info:
=?iso-8859-1?Q?msVqAQquecYBio4phnLvYwic8LZ5MylPqMG7WDa8x2kOkDshmoeSjdstLi?=
=?iso-8859-1?Q?PZhvCA6HBvKSqTCmjG7KNoMzbs+wLjWHFv+aBOtphvfrQkz18K93ZwDkhV?=
=?iso-8859-1?Q?zeDaaUhvQ2+tWNET16Dc04MNCaAJs8/S76R4e7mEi5NoM47/e0UcXf/7Kk?=
=?iso-8859-1?Q?sX6sS8IXJ9Lnz0RG3S+H1mEeWwWwwn8Nc+BwE6EaXogBgT5+0pU49FkI3E?=
=?iso-8859-1?Q?ubFxrHbK/YjSX7tdZ0RzDHDTRf5KBXJryzqlS7z1skn1wWG3fuxd4Ihctx?=
=?iso-8859-1?Q?o7qhisk4alqZHGZ2pqkl53t7pIUOrqMhUTr/DrrE+7CLziWDQyM2nnkxQS?=
=?iso-8859-1?Q?fAoZdu2yD9LFBOInNkbirb511ntkQpHj1W8ih7LPFqv9WHGIHRXtVgWEfv?=
=?iso-8859-1?Q?LtjOKH1+yWG3CPrj+G78P9HdfPYBNHb3bm7MhsB7AINk7HFyMwgx2RWl0n?=
=?iso-8859-1?Q?MWecf39OLCB+6RuozdUWguPp06Zdmvh7QbejfHC6LGqG08VVhHo3RsvL2y?=
=?iso-8859-1?Q?1NEL4MJoxkmafZJEFz/CBFMMhUk/OCmuX24X8hE8mEMih/rcB44ts87N8Y?=
=?iso-8859-1?Q?sonRzLASfc+U2TLGijH3l691XwLjhvCCkGQuwzZiXkhYhEEkBYUeFlSmHQ?=
=?iso-8859-1?Q?kpl5BaGLJH/hbwL3bq9OuMijmTGkX1xh89SBcdvZ3lGI+Gu6OPVoKpWKve?=
=?iso-8859-1?Q?GCv0DR5fUvXAicyBcPP0oscQlWruSLFCU+4r6Djxfdv5sc+abYbRdfkoKy?=
=?iso-8859-1?Q?vi2gp2slshOoWmTEB3anM2AKhkZx1o8NaEHdkHjo9hDpRQe7bo8SSUHB/f?=
=?iso-8859-1?Q?7/Qj3DjsNMb1VfXOdXfR7yRXg5c3bRd6Te+dV6lNt+4bU+h+39NKAq4Mo7?=
=?iso-8859-1?Q?qa1y3ZX8xhphJikgedSE9GIXfH+uqJhkwcLf4Atv8hodj2TSrDfvI109ro?=
=?iso-8859-1?Q?31HUOm+QCOqVqc2rcykEgR0ufCcj7kIZq3SpmlCEhPoSM7EbYlkkLQfwrD?=
=?iso-8859-1?Q?yUCLLsZDS+C5v2qZLrvXbBwPyTWV92aDJXwIF9IXds6mIskLeDGLZ8/jiK?=
=?iso-8859-1?Q?7GAcdXGcLO7t5AenfL11Hs9kvlQRFUHxWzEmMODd2F14x0x4fYxzdLIiq8?=
=?iso-8859-1?Q?VIWznCmNrlKdkR/atsUnuiNVc9tWz0cR2mZb4ePqQk+9hgex65cSbZEqU+?=
=?iso-8859-1?Q?llNN7mykvFkEI8+P4OOHHiwYwgt3sgwqMAzWqPenxpUFBpM6feJeuEHLoF?=
=?iso-8859-1?Q?MFnILQNAv3577ai0FCTK/Egy1bdQcPe6scv8N42QCrf3/Tb/g9K8iMJPzy?=
=?iso-8859-1?Q?wYIK8KTZBvL6Lw2SzHUWyuepYI7c+PpmZpZO+AYjLWL6RtgRVTHGbdATM0?=
=?iso-8859-1?Q?Y5VbGgu4RyAFPq6qjYSAjaXAul42HInY4HSXwfi1EVrdiHiqREGxd7e5/n?=
=?iso-8859-1?Q?aXziMbR4UN02epbLVN7Z+M4lKDua64lDVNekYe/3RtLU3E9c8Abed9idix?=
=?iso-8859-1?Q?1u70lvwOYNksZ8KjfI2OOmBQRsOsCoOflIsJIVOMQF5EjHz5kPi8NE9ord?=
=?iso-8859-1?Q?tJBH24dFzuZ1aG40Z+Vt0q9C0LGwt3Z8EGgzNl8gvirjDOj3RP0AODF0UJ?=
=?iso-8859-1?Q?8f2eUzHK6IH+hWdnfXwze8nYqo7juM7vk3KiaLLJ81rFZvLftOBFp3sOoP?=
=?iso-8859-1?Q?RUWq5Jins4jcGLbUQIhhsAB6NJnzSXIGdOpRWv6dGI9qacK0rL6aK3nErP?=
=?iso-8859-1?Q?BVCIPUICuuDyhkpnPmN4ecldfDESmb80s+tBk5OVCw3LxE+UBiOte4skT3?=
=?iso-8859-1?Q?16dkkkRPdyHnGaaiRK+61rS5VbmQa0R2NKpnp9di3kM/7D9aNZkBepldik?=
=?iso-8859-1?Q?YO2/nBnIDqi03n274zovh2KI6LeXbE+EpTj5cytVvVhRa2g+oeWWbypWtw?=
=?iso-8859-1?Q?DZIBYrjzPnclx96JAdL4UOyftG57oTF9R/3RqRFJHZi7u02SPl+mQXsIau?=
=?iso-8859-1?Q?Vy1/Io1wqJoMqdDMZfOVbkzyOEdwZxl8kuNSi1caj60IP7hXyYUvQ08ul0?=
=?iso-8859-1?Q?RkYuQGlDYWXTGFMtzXh/qqV46RH0Wm8p0tvRfC1l6kbSMs7Ep6N3SQCkxM?=
=?iso-8859-1?Q?f8CkC6/htcJL6XpUOoGvrJ8TWSDoMOPtqn5umu1BiWULA/H+Tdxk3QATmv?=
=?iso-8859-1?Q?UEQ=3D?=
MIME-Version: 1.0
A new version of Internet-Draft draft-ietf-ace-workflow-and-params-02.txt has
been successfully submitted by Marco Tiloca and posted to the
IETF repository.
Name: draft-ietf-ace-workflow-and-params
Revision: 02
Title: Alternative Workflow and OAuth Parameters for the Authentication and
Authorization for Constrained Environments (ACE) Framework
Date: 2024-07-08
Group: ace
Pages: 52
URL:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-ace-workflow-and-params-02.txt&data=05%7C02%7Cmarco.tiloca%40ri.se%7C5929104c3fe745d28dc808dc9f6e08e0%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542140787199%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=p%2FsujjvsAdfRKS1cz6EtX8xdOm%2FlcxCqZv7OT3Afuz8%3D&reserved=0
Status:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-workflow-and-params%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C5929104c3fe745d28dc808dc9f6e08e0%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542140796897%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=I2qXes8CXz%2FbHE7k5sqOLcY2OpZS7Z1EJhMZn4O7BVs%3D&reserved=0
HTML:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-ace-workflow-and-params-02.html&data=05%7C02%7Cmarco.tiloca%40ri.se%7C5929104c3fe745d28dc808dc9f6e08e0%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542140803449%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=HdImg5jnXF03iKiCG80vs3KTtQDLGYW%2BiZqAgMyHwK0%3D&reserved=0
HTMLized:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-ace-workflow-and-params&data=05%7C02%7Cmarco.tiloca%40ri.se%7C5929104c3fe745d28dc808dc9f6e08e0%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542140807790%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=rnp2bzVvUvZxC6sLeBv0sGcaP5%2Bi9AGBTIGjIczZiEg%3D&reserved=0
Diff:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-ace-workflow-and-params-02&data=05%7C02%7Cmarco.tiloca%40ri.se%7C5929104c3fe745d28dc808dc9f6e08e0%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542140812240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Sshj3SeVZDPYdplvZfPEOGNPw6XToVgi9WE3UFuOcyc%3D&reserved=0
Abstract:
This document updates the Authentication and Authorization for
Constrained Environments Framework (ACE, RFC 9200) as follows.
First, it defines a new, alternative workflow that the Authorization
Server can use for uploading an access token to a Resource Server on
behalf of the Client. Second, it defines new parameters and
encodings for the OAuth 2.0 token endpoint at the Authorization
Server. Third, it defines a method for the ACE framework to enforce
bidirectional access control by means of a single access token.
Fourth, it amends two of the requirements on profiles of the
framework. Finally, it deprecates the original payload format of
error responses that convey an error code, when CBOR is used to
encode message payloads. For such error responses, it defines a new
payload format aligned with RFC 9290, thus updating in this respect
also the profiles of ACE defined in RFC 9202, RFC 9203, and RFC 9431.
The IETF Secretariat
Received: from GVYP280MB0221.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:35::14)
by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Mon, 8 Jul 2024
16:51:29 +0000
Received: from AS8PR04CA0093.eurprd04.prod.outlook.com (2603:10a6:20b:31e::8)
by GVYP280MB0221.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:35::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.34; Mon, 8 Jul
2024 16:51:28 +0000
Received: from AMS0EPF000001A5.eurprd05.prod.outlook.com
(2603:10a6:20b:31e:cafe::34) by AS8PR04CA0093.outlook.office365.com
(2603:10a6:20b:31e::8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35 via Frontend
Transport; Mon, 8 Jul 2024 16:51:28 +0000
Authentication-Results: spf=pass (sender IP is 50.223.129.194)
smtp.mailfrom=ietf.org; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass
reason=100
Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates
50.223.129.194 as permitted sender) receiver=protection.outlook.com;
client-ip=50.223.129.194; helo=mail.ietf.org; pr=C
Received: from mail.ietf.org (50.223.129.194) by
AMS0EPF000001A5.mail.protection.outlook.com (10.167.16.232) with Microsoft
SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17
via Frontend Transport; Mon, 8 Jul 2024 16:51:27 +0000
Received: from [10.244.2.22] (unknown [104.131.183.230])
by ietfa.amsl.com (Postfix) with ESMTP id 8504AC1F45B9;
Mon, 8 Jul 2024 09:51:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From:internet-dra...@ietf.org
To: "=?utf-8?q?John_Preu=C3=9F_Mattsson?="<john.matts...@ericsson.com>,
"John Mattsson"<john.matts...@ericsson.com>,
"Marco Tiloca"<marco.til...@ri.se>
Subject: New Version Notification for
draft-tiloca-ace-authcred-dtls-profile-02.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 12.17.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID:
<172045748521.461285.310059486359580714@dt-datatracker-5f88556585-j5r2h>
Date: Mon, 08 Jul 2024 09:51:25 -0700
Return-Path:internet-dra...@ietf.org
X-MS-Exchange-Organization-ExpirationStartTime: 08 Jul 2024 16:51:27.7897
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
b44afc97-82fa-499d-532b-08dc9f6e35d1
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic:
AMS0EPF000001A5:EE_|GVYP280MB0221:EE_|GVYP280MB0464:EE_
X-MS-Exchange-Organization-AuthSource:
AMS0EPF000001A5.eurprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id: b44afc97-82fa-499d-532b-08dc9f6e35d1
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam:
BCL:4;ARA:13230040|3092899012|5062899012|3072899012|2092899012|12012899012;
X-Forefront-Antispam-Report:
CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(3092899012)(5062899012)(3072899012)(2092899012)(12012899012);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2024 16:51:27.4616
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
b44afc97-82fa-499d-532b-08dc9f6e35d1
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-AuthSource:
AMS0EPF000001A5.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVYP280MB0221
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.4131118
X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016
X-Microsoft-Antispam-Mailbox-Delivery:
dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info:
=?iso-8859-1?Q?oPF3EeLAp8s7nGBQiDpjdKFDZHFGnwukabNB0DMHADUgJ0kysU0uKyIU5P?=
=?iso-8859-1?Q?E9CHqAlW5jitMwJSp3E2TWSBjWf4m874gY2PJvbja7JfSJaYepIs64SaG1?=
=?iso-8859-1?Q?ZHa9RqvHDu6PjZrqzeky1Iat/xfZ+mYI/L/wiYGOD3Rm6653a5SXSMZVqJ?=
=?iso-8859-1?Q?c1O55BSo/VygqsM+2czXWyR03uJW3c/WtVEd20QfF4LzVMNWLuNOKXBE9h?=
=?iso-8859-1?Q?84NDWswNPmdt3eu+3K/KZeNDm1Dj5tg2QVrPlbib2iZsOblIQqiQ+Mtp3J?=
=?iso-8859-1?Q?P2/eBB7CXoC9hAH1ciAMiuqfTSw69d+UOaqPbilG3Yma/6XZXlSitsPzgz?=
=?iso-8859-1?Q?F8qwKSDJY5kBrvUh7M5DZRp3fcwSNZBBerAE46fjtMXla9NBHMoodDnh+/?=
=?iso-8859-1?Q?/JJrY7l9oZRc/X7+spimB3iepPNcn9jRVOTkFnnWxBPbpK+2xJgl5C3CoV?=
=?iso-8859-1?Q?AFJgm9kbkLZJgB7uOTzuyF69MuC0bgml4qVIq51ln3AIWjmTyUyoe7ELwc?=
=?iso-8859-1?Q?2G9Vg4aP+8NGQGjssIXbs3/od2sAtzXav9U3iX8Zc+EVbcUb2zwSZJGanf?=
=?iso-8859-1?Q?HGbM9Mu9wX7WJfaOt7/nRoHV6I1wc2SKEiILPdWM4BWPqJNRtiY4owr7is?=
=?iso-8859-1?Q?nhOOIQKQac35eixGEPbu/o3Sj+gdqLyLMj9/6Y8R978VkFlghtsJrvhM5p?=
=?iso-8859-1?Q?HP6osp7spgcee3h0mD0kpMf5oVdZefgI+keyiOPlCPDfJnEx9fHE4hjYbO?=
=?iso-8859-1?Q?AA3dvDy9hpeVmFp4ayN+4Wxu90t43eLDHVmfqu66lewEAS9w1gn2Rq77cl?=
=?iso-8859-1?Q?SrfoUF4s1QpQ3T8pDCB69oQzVswT9KN9ctnKeBnu0mcEV+wIiGQeJppIzr?=
=?iso-8859-1?Q?E/wW3hNzBBbO9QZ69D3mh14dxfiy4SanRCTqXFrFyASwNSbdxuQaOn9S/f?=
=?iso-8859-1?Q?qn3bdEblSU4v+uN6OamvZwj0pN60Lm+5qMcXz6+dP/7ailwrpVE29T8rfk?=
=?iso-8859-1?Q?A2jkoOcYmzbLeR8nydTImBw9ZNiUIq59Td+TMDX92FZh9actF2SCVEk9gv?=
=?iso-8859-1?Q?jxE7poLY5vmu7N9zs9FrzVShBFuS78x2J7oTdvXmAoksLDr5rUNKw53l84?=
=?iso-8859-1?Q?tUJkTJvKvyfY7vplwLtrzFJyER8W9aAH8xvPZD82QbdqMP1ZWx8bBwT7F9?=
=?iso-8859-1?Q?Y6SHXj58ndxJe8iCDFN+dW/+PcC70+8+rcALr+elMNxnvE4mc1IOSlT2AO?=
=?iso-8859-1?Q?Fk7e+e4hA34M7WUNhCm3Nq3AiDoFEttOljFlj4efQVsXby+nC2FIyRJ0pz?=
=?iso-8859-1?Q?Brp4Su3240h9QGYWFoRv4o0/YU+H60T0m+SiUAxiLnJP3E9WnmdnUGZ8Xw?=
=?iso-8859-1?Q?tvKxe+M4Ze31RbVrP9uAPxVlluxryER+udQ+zgvKAUFx5BmfheUGv44EYv?=
=?iso-8859-1?Q?I6B3xGutxMZL6ugoYYHRVmAbeU02DSDIn5onvEBnvqwD9bkVcDUzbOOdoQ?=
=?iso-8859-1?Q?0enDGm6rxX+lVmyB1AdZl39XZd83RWcxLRCFjnebgzubUwbZOV7O4AfZKh?=
=?iso-8859-1?Q?Ig4XLnHl5I1Uu/jkQaqjvKC4oEqKJneF8V+e8UrpnC/mNnHWRvFAhUqS2w?=
=?iso-8859-1?Q?3KsUAUzHS0XdGM6yfnTc78xd0EuuBInzJDbRVqMYqDPfxXuhZT1pY2AFLf?=
=?iso-8859-1?Q?HN0gN54nwLV8CICLKN1wKl5zW2u5CFx+4PMfECgK7G9sVwa8CmfJKDeUJa?=
=?iso-8859-1?Q?gEDQZ+TaGeUoS7QlKTUyABvNDcLqDD6tZkHcL3JqL9hgcFUCx3GWzOo+on?=
=?iso-8859-1?Q?8U6IkWOaYTyIkiq1g6R+9mctk3BJ7BPsLhudfUzbLm+A7vwUMidYJBv4ts?=
=?iso-8859-1?Q?Uw6wEFLZXg/FkLx62+bZZCuBmu5xbAnjDnSJiPVvM8NeQksq2uwXfIdmJT?=
=?iso-8859-1?Q?3S1/HkN+0oWWNRorSQhPO4bUMPjo9f5tIhuWPevNNDsDEC+MwNLN98jOFy?=
=?iso-8859-1?Q?iWSzWOvAxwaWJYPVSqpR+s/H08dBuK1OhFXG9u1kd1fVbYS0pk1SjGdUNc?=
=?iso-8859-1?Q?l/x/XT+Oc1v8VLGZNsTOp6boFBHgX3v3/vZuaquYZ/bw4cBu3RavGWqm5X?=
=?iso-8859-1?Q?me1rO6PrGxCx+BatLkznB2VjiVNVwIcgiA7U7W900v8WUDcJohlk9fTy3D?=
=?iso-8859-1?Q?yLs=3D?=
MIME-Version: 1.0
A new version of Internet-Draft draft-tiloca-ace-authcred-dtls-profile-02.txt
has been successfully submitted by Marco Tiloca and posted to the
IETF repository.
Name: draft-tiloca-ace-authcred-dtls-profile
Revision: 02
Title: Additional Formats of Authentication Credentials for the Datagram
Transport Layer Security (DTLS) Profile for Authentication and Authorization
for Constrained Environments (ACE)
Date: 2024-07-08
Group: Individual Submission
Pages: 16
URL:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-authcred-dtls-profile-02.txt&data=05%7C02%7Cmarco.tiloca%40ri.se%7Cb44afc9782fa499d532b08dc9f6e35d1%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542899631039%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=0dq0SHiKf1hQv8hairVS3tPIIEjg5vnuv74dLhPpL%2BY%3D&reserved=0
Status:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-authcred-dtls-profile%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7Cb44afc9782fa499d532b08dc9f6e35d1%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542899642523%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=vjCs3uu6t3i5ewua4OOp6c3GOYJGNwIzrmSRdvoMZI8%3D&reserved=0
HTML:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-authcred-dtls-profile-02.html&data=05%7C02%7Cmarco.tiloca%40ri.se%7Cb44afc9782fa499d532b08dc9f6e35d1%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542899650018%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=bdHFmfhhqJhilap%2BmjWVd%2FcZEFuVZiabCdEvJDVlzyw%3D&reserved=0
HTMLized:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-authcred-dtls-profile&data=05%7C02%7Cmarco.tiloca%40ri.se%7Cb44afc9782fa499d532b08dc9f6e35d1%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542899654929%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2FQqtBYMVzzmO3KDjeE0AIZpC4OsdRtUTzAgceSQQpJg%3D&reserved=0
Diff:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-tiloca-ace-authcred-dtls-profile-02&data=05%7C02%7Cmarco.tiloca%40ri.se%7Cb44afc9782fa499d532b08dc9f6e35d1%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638560542899659287%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Mrpnshhz2NTcLtASxFSmpApZBjlFSjj4S6JVoTd8ess%3D&reserved=0
Abstract:
This document updates the Datagram Transport Layer Security (DTLS)
Profile for Authentication and Authorization for Constrained
Environments (ACE). In particular, it specifies the use of
additional formats of authentication credentials for establishing a
DTLS session, when peer authentication is based on asymmetric
cryptography. Therefore, this document updates RFC 9202. What is
defined in this document is seamlessly applicable also if the profile
uses Transport Layer Security (TLS) instead, as defined in RFC 9430.
The IETF Secretariat
-- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list -- ace@ietf.org To unsubscribe send an email to ace-le...@ietf.org
