TYVM for this clarification and addition. It has answered my question completely.
Deb On Wed, Sep 11, 2024 at 5:29 PM Marco Tiloca <marco.til...@ri.se> wrote: > Hello Deb, > > Thanks a lot for your review! Please find in line below our detailed > replies to your comments. > > A Github PR where we have addressed your comments is available at [PR]. > > Unless any concern is raised, we plan to soon merge this PR (and the other > ones related to other received reviews), and to submit the result as > version -09 of the document. > > Thanks, > /Marco > > [PR] https://github.com/ace-wg/ace-revoked-token-notification/pull/17 > > > On 2024-07-06 15:32, Deb Cooley via Datatracker wrote: > > Deb Cooley has entered the following ballot position for > draft-ietf-ace-revoked-token-notification-08: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C970c5fc6a6de4b05ba7308dc9dc00998%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638558695329472322%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AV32d%2FHdDlzyyMg2xyB67jrY3Seopa2jHLtsso28F%2F4%3D&reserved=0 > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found > here:https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-revoked-token-notification%2F&data=05%7C02%7Cmarco.tiloca%40ri.se%7C970c5fc6a6de4b05ba7308dc9dc00998%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638558695329482887%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=28GU%2F3gyDtFwfsJ6jbpFXXsEJeLdFUW1KszKlicjH%2BY%3D&reserved=0 > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Kyle Rose for doing the secdir review of this draft. Also thanks > to the authors for the discussions and improvements. > > I have one last (easy?) question: > > Section 13: I expected to see some discussion on whether it is possible for > an > attacker to remove a revoked access token from the TRL allowing a registered > device with a revoked access token to continue to participate. Conversely, is > it possible for an attacker to add an access token to the TRL, which would > deny > service to the registered device. If these situations are not possible, what > feature protects the TRL both at the AS and in transit? > > > ==>MT > > Just to clarify and be sure: the AS indeed stores active **access tokens** > that it has issued (e.g., in order to serve requests of token introspection > from Resource Servers). However, the TRL specifically includes **token > hashes** corresponding to issued access tokens, i.e., those that have been > revoked and are not expired yet. > > > If we consider an external adversary that is not in control of the AS, > then the attacks suggested in the comment are not possible. > > First of all, a registered device or an administrator always relies on > secure communications when interacting with the AS, as per Section 5 "The > TRL Endpoint" and Section 9 "Registration at the Authorization Server". > This is also aligned with Section 5 of RFC 9200 and with the security > considerations of RFC 9200 that are simply inherited by this document as > stated in its Section 13.0. > > Furthermore, as per the interface at the AS defined in Section 5, > registered devices and administrators can access the TRL endpoint at the AS > exclusively in read-only mode. That is, the TRL endpoint at the AS supports > only the GET method (see the fourth paragraph of Section 5). > > It follows that accesses to the TRL are performed exclusively by sending > protected and authenticated GET requests to the TRL endpoint, which by > definition are safe in the REST sense and do not alter the content of the > TRL. > > In fact, the content of the TRL can be updated only internally by the AS, > in the two circumstances described in Section 4.1 "Update of the TRL". > > > An adversary that has compromised and taken control of the AS is indeed > able to update the content of the TRL, just like the AS would normally do. > In particular, by appropriately updating the TRL content to become not > aligned with the current set of access tokens that have been revoked but > are not expired yet, such an adversary can practically perform the attacks > suggested in the comment above. > > However, an adversary in control of the AS would be able to perform > actions with considerably more severe and harmful consequences, such as > revoking access tokens for no good reasons, issuing access token > inconsistently with the installed access control policies, or providing > wrong information to Resource Servers that ask the AS to perform token > introspection. > > > In the document, we have extended Section 13.1 "Content Retrieval from the > TRL" by adding the following new text at its end. > > NEW: > > Note that the TRL endpoint supports only the GET method (see Section 5). > Therefore, as detailed in Section 6 and Section 7, accesses to the TRL > endpoint are performed only by means of protected and authenticated GET > requests, which by definition are safe in the REST sense and do not alter > the content of the TRL. That is, registered devices and administrators can > perform exclusively read-only operations when accessing the TRL endpoint. > > > > In fact, the content of the TRL can be updated only internally by the > AS, in the two circumstances described in Section 4.1. Therefore, an > adversary that is not in control of the AS cannot manipulate the content of > the TRL, e.g., by removing a token hash and thereby fraudulently allowing a > Client to access protected resources in spite of a revoked access token, or > by adding a token hash and thereby fraudulently stopping a Client from > accessing protected resources in spite of an access token being still valid. > > <== > > > Received: from GVZP280MB0975.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f7::17) > by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Sun, 7 Jul 2024 > 07:00:37 +0000 > Received: from DU2PR04CA0026.eurprd04.prod.outlook.com (2603:10a6:10:3b::31) > by GVZP280MB0975.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f7::17) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Sun, 7 Jul > 2024 07:00:35 +0000 > Received: from DU6PEPF0000B622.eurprd02.prod.outlook.com > (2603:10a6:10:3b:cafe::b8) by DU2PR04CA0026.outlook.office365.com > (2603:10a6:10:3b::31) with Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35 via Frontend > Transport; Sun, 7 Jul 2024 07:00:35 +0000 > Authentication-Results: spf=pass (sender IP is 50.223.129.194) > smtp.mailfrom=ietf.org; dkim=none (message not signed) > header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass > reason=100 > Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates > 50.223.129.194 as permitted sender) receiver=protection.outlook.com; > client-ip=50.223.129.194; helo=mail.ietf.org; pr=C > Received: from mail.ietf.org (50.223.129.194) by > DU6PEPF0000B622.mail.protection.outlook.com (10.167.8.139) with Microsoft > SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17 > via Frontend Transport; Sun, 7 Jul 2024 07:00:34 +0000 > Received: by ietfa.amsl.com (Postfix, from userid 65534) > id 82C92C151991; Sun, 7 Jul 2024 00:00:32 -0700 (PDT) > X-Original-To: draft-tiloca-ace-authcred-dtls-prof...@ietf.org > Delivered-To: xfilter-draft-tiloca-ace-authcred-dtls-prof...@ietfa.amsl.com > Received: from [10.244.2.27] (unknown [104.131.183.230]) > by ietfa.amsl.com (Postfix) with ESMTP id 42B9CC1516E1 > for <draft-tiloca-ace-authcred-dtls-prof...@ietf.org> > <draft-tiloca-ace-authcred-dtls-prof...@ietf.org>; Sun, 7 Jul 2024 00:00:32 > -0700 (PDT) > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: 8bit > To: <draft-tiloca-ace-authcred-dtls-prof...@ietf.org> > <draft-tiloca-ace-authcred-dtls-prof...@ietf.org> > Subject: Expiration impending: <draft-tiloca-ace-authcred-dtls-profile-01.txt> > X-Test-IDTracker: no > X-IETF-IDTracker: 12.17.1 > Auto-Submitted: auto-generated > Precedence: bulk > Message-ID: <172033563194.274.5459272935872629627@dt-celery-86db7666db-4xkn5> > Date: Sun, 07 Jul 2024 00:00:31 -0700 > From: IETF Secretariat <ietf-secretariat-re...@ietf.org> > <ietf-secretariat-re...@ietf.org> > Resent-From: <alias-boun...@ietf.org> <alias-boun...@ietf.org> > Resent-To: john.matts...@ericsson.com, marco.til...@ri.se > Resent-Message-Id: <20240707070032.82c92c151...@ietfa.amsl.com> > <20240707070032.82c92c151...@ietfa.amsl.com> > Resent-Date: Sun, 7 Jul 2024 00:00:32 -0700 (PDT) > Return-Path: forwardingalgori...@ietf.org > X-MS-Exchange-Organization-ExpirationStartTime: 07 Jul 2024 07:00:34.5120 > (UTC) > X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit > X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 > X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit > X-MS-Exchange-Organization-Network-Message-Id: > 5abb92d8-e10c-4736-b7f3-08dc9e527f9a > X-EOPAttributedMessage: 0 > X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0 > X-MS-Exchange-Organization-MessageDirectionality: Incoming > X-MS-PublicTrafficType: Email > X-MS-TrafficTypeDiagnostic: > DU6PEPF0000B622:EE_|GVZP280MB0975:EE_|GVYP280MB0464:EE_ > X-MS-Exchange-Organization-AuthSource: > DU6PEPF0000B622.eurprd02.prod.outlook.com > X-MS-Exchange-Organization-AuthAs: Anonymous > X-MS-Office365-Filtering-Correlation-Id: 5abb92d8-e10c-4736-b7f3-08dc9e527f9a > X-MS-Exchange-AtpMessageProperties: SA|SL > X-MS-Exchange-Organization-SCL: 1 > X-Microsoft-Antispam: BCL:0;ARA:13230040|12012899012|2092899012; > X-Forefront-Antispam-Report: > > CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(12012899012)(2092899012);DIR:INB; > X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2024 07:00:34.1995 > (UTC) > X-MS-Exchange-CrossTenant-Network-Message-Id: > 5abb92d8-e10c-4736-b7f3-08dc9e527f9a > X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8 > X-MS-Exchange-CrossTenant-AuthSource: > DU6PEPF0000B622.eurprd02.prod.outlook.com > X-MS-Exchange-CrossTenant-AuthAs: Anonymous > X-MS-Exchange-CrossTenant-FromEntityHeader: Internet > X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVZP280MB0975 > X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0584539 > X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016 > X-Microsoft-Antispam-Mailbox-Delivery: > > dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198); > X-Microsoft-Antispam-Message-Info: > =?utf-8?B?NnNUdHBLRDFrWlY3U3FBZFQ4QkhXaHFieDdxdUN4NnpjaS9HNXFPbGNoNzFV?= > =?utf-8?B?SHFCTTl0WnZMODNmV3pLK2NWVEFMYmxtSEIxNWhQdWpXWDJMTDVwNm11M21p?= > =?utf-8?B?dzRwVklva29nR1VSbkI0ZDJVdGpHVjU2OTVpYWxHWUoyUG02UE9pVlltNys3?= > =?utf-8?B?TUE5bkZIWllrTUNPZW05aE4zeXhZOE1Qdm9KM0J4ZDVzdUFFVGlxWHhKTFNE?= > =?utf-8?B?THMzNTd1djg3MEdPbCtiNXlZeFJJajJsRU5PazRTb25iM1VGWS9mYnZzVEFu?= > =?utf-8?B?bmQyQ3FjcStSQ1RJdGdnTmZ6TUJPYThOSjZpUkdsN1o1TWdaSlB4QnVnVGQ3?= > =?utf-8?B?U09QSkdDaXFCVld0S0pwMEhlNlJJem1LWFRlLy9wcTVtZmpNcnBWVTRYby9p?= > =?utf-8?B?eW5EOHM2NHpCNGlTa0h1ZGhLR2VVY1ZFa3cyTHN6cnhvd0VBYmc1UW9BZEpQ?= > =?utf-8?B?ME9id240UGJlUS9qU1p4N0JNMHhNWmpwOTZMMmU5bVFjUVI5ZXJ2YWhPQkhZ?= > =?utf-8?B?Y1dFQ2d5WUdIb2RIMmtab29Qb0RJRlVNaXBnWkIva0l4a3ZKSHNDMXkxRjhq?= > =?utf-8?B?NVFWR214ZUdEaEpTQnRoWUhIbFFCOHhsQjMzdFJXWVU3bXc5UVAreTc4Vlpn?= > =?utf-8?B?LzA1UUFFdEY4eHI4QTdLbFhpN2hnMyt0RVZYZk5iMDhkM3hMMndPZUdzTUds?= > =?utf-8?B?ajBoOXNSUW1QaWY1bWZlcm8rT3lId29iMWxHWGQ3RkpsYW5abUFrc2tCdm1a?= > =?utf-8?B?Zkg2WXJTaU8zWHlPZUZKTFhqMEtMdVUxeXhHK0pud3ZGU0IwNUlHNlNaV2xz?= > =?utf-8?B?SkR2MnVPWjNCQVVxa2lIS3ZsMms2VmhNcklFOVNwUzBCQ21COTFJaHNQdG5N?= > =?utf-8?B?OWl1MWxtdW9HcUJlUGZ0TkxoUzI3b2tDa21ndUZaTHpQQ0lZUW9nd3o3YVkx?= > =?utf-8?B?VzBCdWVyV3ljOEExRVMyTy96a0tSS082SXFOdXRIQm8xQ3oxdCtIQXJKTE15?= > =?utf-8?B?S2xCNllLT25FbmhlMDUrbC9NMElYMXM3S2ZaS1Rnck9TVUp6TzlrVXJEUlQ3?= > =?utf-8?B?ZnNXY3VDWnZxZzVCQWRMQ01tdE5Nakg4RnNaMUFyU2dvSE9MMjZCK3BLOFBj?= > =?utf-8?B?YTd6b3MzM3UyVTF2a0s2WTdrRnJMMkFuU3BsTUhScWhiUkppdjNaQXFENjBE?= > =?utf-8?B?by9EVEdKYjBJeFlPd0p0cTRTZHgwbFlaOEtGeVFaUlI2SDdOa1FXeTRJYzU3?= > =?utf-8?B?S2dqU3lSbzVvM3lqdFdLMmFwdzNyNlVkbDJHRXA2ZmJkZFFwQVZEVllTWTcy?= > =?utf-8?B?cTRhSkFMeThhZSswb0FCNHVoWWRucW1WN3E3VnV6MDlaSDBtYWl1WkJuRnJH?= > =?utf-8?B?T1NUamhGb1dya1c3dTdrR3NxZGFNSUlkczN2SXd5OFEwVHdOcS9JSjRzeG5i?= > =?utf-8?B?eHNjWGUzdWU4MXBiaDlpTGloZnFoRVdHZVphZ3dKQWVnanJEbGtLWjh5NWJ5?= > =?utf-8?B?MUNLUW1UV0VXS1oxNko2czNVQVRvZmRVMG1lR2FPUSs5Mnk4eloycHZ6SEh2?= > =?utf-8?B?c3N5WTNwL2Y1OFdBa1JidSs2ZTMvb3l0SDFZMnlKUkNLZVozdkNaQ2RRREtL?= > =?utf-8?B?WldCUkl6SXlWamY5T0pVVFI0SXc1S3RsYmJtT1pMb0V2dDl1T0NldXFERTVz?= > =?utf-8?B?NHRKQUFxVUxJQWdSUmgxVlg2WjNMeVluQzNSV2d6aWZ3a05OVjZtYW56M1d1?= > =?utf-8?B?UCtvZkpGbG9HOU5rclVzUWdpQ2ROSk41L3U0aitUL2pYNTNreFB2VDh1YUdE?= > =?utf-8?B?d2ZQY2dscDNZSXFMczBYSkswYWpnak5RaG5HSlhQOTNCZGR3dGU5YWlpbjRK?= > =?utf-8?B?ZDZKTDNhWldSdHN2YTMvOU95RUFtRG5Dd09XdHFId3dUUEJ6dURHdEsyMit6?= > =?utf-8?B?THV0N1dsYzVVcDVxZTh5Y0VvTVRIcHJhQk9MdzdFOVdpcnAxbGpxRFBZQ3dY?= > =?utf-8?B?KzFaUDJIaGozSXpqQkZCNUczRk9MMllrZCtNcGs0RjNyRFl6VlphV0dITUNi?= > =?utf-8?B?MVl5eG5LdUZXdkVMWWt6NzgyTHBtM2Ixcnp4RWJXd21mTXBNRTRBYzZHRU1y?= > =?utf-8?B?RHM4ZEpWNnowRzRKSWM0d2FIWjlqQ1oxK2R3VzZTUm11cER0QWR5Slh0Y09D?= > =?utf-8?B?WnpWWlQrRC85RzJkUjVZYjBkUkFNOEJ0cCtucStmQWNGV0VrRGV1RVFHdXZE?= > =?utf-8?B?bWtpNks2MVhtcmdnSkdNRWtzdEFueHNBWmdhcW5scWlrWGx5eVdQQ3YwQW44?= > =?utf-8?B?YW5jWVlCeDJkV2U3aEJjekVFd0tTZWt5QVdPVlplQkVWanNHRkRZcG5lNmFN?= > =?utf-8?B?UlZNTldWQ0hIWkxVUWpSOElGb1V6TFcxekNzVUFvQzYyaDE2MDFvbkI5N0ZW?= > =?utf-8?B?VTV0T3VtUkFPWnRYL3pWK25kdmlZWkN5M01tOWxZMlBvL0dQVlkrRXYyZmk5?= > =?utf-8?B?TmVWN01LcHVDbCttSWVGckN3Tm5jSXUxR3FEQ3F4ZFM4V2xVLzFrYXlPOU9Z?= > =?utf-8?B?d3ZvSmJUcDI4Y1dpbFNleVlaZjY5NmRhOTZ0eUpEc2FtNTZ3cFMyY3ZkOGZw?= > =?utf-8?B?TVpTUWFIZEFjL1BLUnY1YVVINzRoNWNVV29keWIxK1Vsc0JvNTkwTjZGRFE1?= > =?utf-8?B?bnBaUTRITTM5WDJSL3ZCL0VnK01nVUVBSGpJZ0xIaktnL3FKY21Ga1pwQ1Fj?= > =?utf-8?B?dTVPZFM1OUhaMGVJVFBORFJpL0p0S0tCZDRFUG4wODRJV21VR0tGTytBRDBn?= > =?utf-8?B?PT0=?= > MIME-Version: 1.0 > > The following Internet-Draft will expire soon: > > Name: draft-tiloca-ace-authcred-dtls-profile > Title: Additional Formats of Authentication Credentials for the Datagram > Transport Layer Security (DTLS) Profile for Authentication and Authorization > for Constrained Environments (ACE) > State: I-D Exists > Expires: 2024-07-13 (in 5 days, 23 hours) > > > Received: from GV3P280MB0827.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f2::5) by > GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM with HTTPS; Sun, 7 Jul 2024 07:00:37 > +0000 > Received: from AS9P251CA0015.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:50f::29) > by GV3P280MB0827.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f2::5) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Sun, 7 Jul > 2024 07:00:35 +0000 > Received: from AMS1EPF00000041.eurprd04.prod.outlook.com > (2603:10a6:20b:50f:cafe::a7) by AS9P251CA0015.outlook.office365.com > (2603:10a6:20b:50f::29) with Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.34 via Frontend > Transport; Sun, 7 Jul 2024 07:00:35 +0000 > Authentication-Results: spf=pass (sender IP is 50.223.129.194) > smtp.mailfrom=ietf.org; dkim=none (message not signed) > header.d=none;dmarc=pass action=none header.from=ietf.org;compauth=pass > reason=100 > Received-SPF: Pass (protection.outlook.com: domain of ietf.org designates > 50.223.129.194 as permitted sender) receiver=protection.outlook.com; > client-ip=50.223.129.194; helo=mail.ietf.org; pr=C > Received: from mail.ietf.org (50.223.129.194) by > AMS1EPF00000041.mail.protection.outlook.com (10.167.16.38) with Microsoft > SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7762.17 > via Frontend Transport; Sun, 7 Jul 2024 07:00:34 +0000 > Received: by ietfa.amsl.com (Postfix, from userid 65534) > id 4C4B8C16940C; Sun, 7 Jul 2024 00:00:33 -0700 (PDT) > X-Original-To: draft-ietf-ace-oscore-gm-admin-co...@ietf.org > Delivered-To: xfilter-draft-ietf-ace-oscore-gm-admin-co...@ietfa.amsl.com > Received: from [10.244.2.27] (unknown [104.131.183.230]) > by ietfa.amsl.com (Postfix) with ESMTP id DB046C1522B9; > Sun, 7 Jul 2024 00:00:32 -0700 (PDT) > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: 8bit > To: <draft-ietf-ace-oscore-gm-admin-co...@ietf.org> > <draft-ietf-ace-oscore-gm-admin-co...@ietf.org> > Cc: ace-cha...@ietf.org, paul.wout...@aiven.io > Subject: Expiration impending: <draft-ietf-ace-oscore-gm-admin-coral-01.txt> > X-Test-IDTracker: no > X-IETF-IDTracker: 12.17.1 > Auto-Submitted: auto-generated > Precedence: bulk > Message-ID: <172033563255.274.9265451665620885998@dt-celery-86db7666db-4xkn5> > Date: Sun, 07 Jul 2024 00:00:32 -0700 > From: IETF Secretariat <ietf-secretariat-re...@ietf.org> > <ietf-secretariat-re...@ietf.org> > Resent-From: <alias-boun...@ietf.org> <alias-boun...@ietf.org> > Resent-To: marco.til...@ri.se, rikard.hogl...@ri.se > Resent-Message-Id: <20240707070033.4c4b8c169...@ietfa.amsl.com> > <20240707070033.4c4b8c169...@ietfa.amsl.com> > Resent-Date: Sun, 7 Jul 2024 00:00:33 -0700 (PDT) > Return-Path: forwardingalgori...@ietf.org > X-MS-Exchange-Organization-ExpirationStartTime: 07 Jul 2024 07:00:35.2287 > (UTC) > X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit > X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 > X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit > X-MS-Exchange-Organization-Network-Message-Id: > 26f577d6-a8a7-41bc-125e-08dc9e528008 > X-EOPAttributedMessage: 0 > X-EOPTenantAttributedMessage: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8:0 > X-MS-Exchange-Organization-MessageDirectionality: Incoming > X-MS-PublicTrafficType: Email > X-MS-TrafficTypeDiagnostic: > AMS1EPF00000041:EE_|GV3P280MB0827:EE_|GVYP280MB0464:EE_ > X-MS-Exchange-Organization-AuthSource: > AMS1EPF00000041.eurprd04.prod.outlook.com > X-MS-Exchange-Organization-AuthAs: Anonymous > X-MS-Office365-Filtering-Correlation-Id: 26f577d6-a8a7-41bc-125e-08dc9e528008 > X-MS-Exchange-AtpMessageProperties: SA|SL > X-MS-Exchange-Organization-SCL: 1 > X-Microsoft-Antispam: BCL:0;ARA:13230040|12012899012|2092899012; > X-Forefront-Antispam-Report: > > CIP:50.223.129.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.ietf.org;PTR:mail.ietf.org;CAT:NONE;SFS:(13230040)(12012899012)(2092899012);DIR:INB; > X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2024 07:00:34.9006 > (UTC) > X-MS-Exchange-CrossTenant-Network-Message-Id: > 26f577d6-a8a7-41bc-125e-08dc9e528008 > X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8 > X-MS-Exchange-CrossTenant-AuthSource: > AMS1EPF00000041.eurprd04.prod.outlook.com > X-MS-Exchange-CrossTenant-AuthAs: Anonymous > X-MS-Exchange-CrossTenant-FromEntityHeader: Internet > X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV3P280MB0827 > X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.7249057 > X-MS-Exchange-Processed-By-BccFoldering: 15.20.7741.016 > X-Microsoft-Antispam-Mailbox-Delivery: > > dwl:1;ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(831239)(255002)(410001)(930097)(140003)(1420198); > X-Microsoft-Antispam-Message-Info: > =?utf-8?B?cXE1V3V2a252cTlwYWR2SlpTaGdJL1VRMk9CaGNxekJuUC9hL3FxdEhqZk5q?= > =?utf-8?B?L0FDa0hPOGJtQjZkZitxMVBocVY3R05mTTJkbXIyekFEQXAvOHU2Z043aWVo?= > =?utf-8?B?VjkxbnIrUGdVTEFjeFlKemlDNUJoL0pGOHI4V3BvWnpkb1ZhVlJQOGJnV2ZR?= > =?utf-8?B?Z0ttRHUzS0ozRGlockMxaFdFQk5ZdTZjSkpYL2R3bDhXdEh0VGRNSVpWb045?= > =?utf-8?B?akx5RC9LOHpWQ2kzTEQyeXgvQnBaZWF5QS9iNHZjQmNCMmR1bS9jWmZ4SURJ?= > =?utf-8?B?SlVrbEMyNFZWclBkN28xQkNaaklZdkRRdG91TXFNRTB6MDRUaVVHUnVSeUM3?= > =?utf-8?B?MnBDbFArWTlLSzhIR29RWXRNSnROVm4wYnZpRkNuRW9RMWFFYjZSdFl4VWt2?= > =?utf-8?B?ejdJKzZDQldEcXI5UlRnUW1Rb3RBWU15YXlyTmRYemRzcDRobm4rdTUwYTVy?= > =?utf-8?B?dm54MTVKNHJsbzNBVkNsMEEyTmREOHFjelNKRk1XaTc5Mi9RdEs3blBCTXZU?= > =?utf-8?B?dFo1M2c5U3V4bUVWb2h3bG84Q0Nkalh5eEoyYjk1SXl2RjY4TFBLbS9OZkdK?= > =?utf-8?B?UFZPcGNRV0RxZ29KNXRDaWVNNkJuL0JRZDl5cVN0WjRQeUJVVmVhY05xUkdT?= > =?utf-8?B?ejZpbmpWWHJaaFZXb0ZZM1hXTTdzRHlPdmZ1TGpKcjJPT0FMNUU4R2k2c2Zt?= > =?utf-8?B?NzRlZGpXRThyTmJ1VldPVkpJdWt1OGpBbGtjZElxQTcxWU00ZmdWS09YbTNJ?= > =?utf-8?B?U1NIS1pkSnBvS1o5Q0FSRkRIeDI5dGVBNU1ZenQyZ2hnWHp4OVB1cG5aRzlI?= > =?utf-8?B?VnArSHFPbVVjbDJoUXlidG1zMVRKNTYxOGF5TzUwWEIzTUNTejdlanNiVjhS?= > =?utf-8?B?Z2pGYkpDck90Q2twNzY4dlJ4SFBuUjFMWjliN08rR3l1NEJqczAzUnJKeVl4?= > =?utf-8?B?WEdldTF5VjBXWkswdjI3cjYvSVE0T1hxSzE2NlZjTExUT0djR3M4MWVIblpD?= > =?utf-8?B?QVo1ZWl0bUp0R1BpakRGYkdQUmxGMHY0RXp5S0Z3VjhJOWxFTkpQSXRuNnFY?= > =?utf-8?B?L2duWmZaR0hPRUNtN2s3VDZKWDM3bVJ1ZjNVbGFpMEl5NmxVR084RC9LMmtX?= > =?utf-8?B?Qk5BdUZkUmMrUzhXenF4eUhkck1uWThMWHh6L2ROUVZCUE0zY2M2WmZOdWIz?= > =?utf-8?B?eFZWMnE3aFR2SXc4eFlZaHVWdkJ5YWE2WXVvazBMVWdISldiOE42UU15L3pk?= > =?utf-8?B?dU8vWmprOEwyclBRQ3FtMkVsOGNzaG5FNjl3VzNlbEp6L05DKytFRG56azlw?= > =?utf-8?B?S2NZUGphbS82OEtVL2dTb25Sa0pzYWU3aVo0SHY4UFhWOXNYMHc0T1BDNWh6?= > =?utf-8?B?UjNUb0dvbTFNNWZHckhpMkRsUkFQNHZpdUJkV0pyL01vVGhLTno5b2J3cTAy?= > =?utf-8?B?S2U3dFJvZWtDa25kR2JSZzBpL2pqb0FYZ0I3RytzNXZhUGZOMEJiYTMreHFV?= > =?utf-8?B?b2xrczVmSnpNYWZ2TDduWndjZkMvdnNYZ3NzeVVyWVZDMXlSUk9iM3N4Zmp4?= > =?utf-8?B?V3dnMi9STFhTZDMrb3Rta0JpVHZCbmUyTnN3bGcvK2RYWTE3VGdzdmdBMUdB?= > =?utf-8?B?cGFnVWR0YjF5MnBsdTBwSko0RHRJdnpld1NIT1YwcGwvc09KNjB5Qm8yd3VK?= > =?utf-8?B?YlhPOVJWbDNnUUp3THRPcjR0eXh0RTlaWWVBQnpCOC9nUlJRbGIyL3VPZGoz?= > =?utf-8?B?UGJ5N1ozTlZsaTZpMXhZRDRZd2QvSWh6M25Nd1VuNzNpVEplcVZUMGxsRWRN?= > =?utf-8?B?R2J1NzVoUzdNSUdqTkN2T0lzak5YNXRUQVFXQmhUb3RXUFMwVmsrR1JlczVv?= > =?utf-8?B?N3RSZk9QZjRVWUhBTVNGT3plY3BqWEFCbklNYWtLa3JLMitQYVdJd2ttTlEy?= > =?utf-8?B?WXZ3d0tLZk5hYmdicTRGUmlNM3g2MzNMVXh0aDdRSm9UTXhZVExuTFVpNkZW?= > =?utf-8?B?TVJpNEhpdElxb3pxSDVqZXNBU21vb3ZuaDlZV1gxTThQY2RnbS9Sd1R5R1Ev?= > =?utf-8?B?MlJNZGNnYTgxamhyemEyZjRERU9IZS9DRVEya1JlaW9YQzAxRk8rQTNSZXlP?= > =?utf-8?B?bENWKy8wOG1qTVFGUzNOR0l4R21PR1FNcVhXejgyWk5LdDRweXU5Wlc3ZFZH?= > =?utf-8?B?UVAxcEdOQ3puKzJuVGFMVGI3LzVodjJXVzU0cVMxRFNISkV3eE1lVzlBYWJ0?= > =?utf-8?B?TmUyamNqamVlSHJvdmdENlFiNWNYOExGWFBqV1Irdmk2VjFpRDBKS3FWOXk3?= > =?utf-8?B?S2tKM2N4RG1HaVQyQVpmcnEzYVpLWUlsWFR4cG5mYk1oSFAydXZObEJweEFE?= > =?utf-8?B?cXQ1L081dUc4Ukl6SmY3c3hJMTNsL1I1NXZyeTlRNkw5OEpCbWJqSjA5Qmp0?= > =?utf-8?B?OHVBS2MxSzdSZnYrUStoU3dSL0xIa21KajJTdGFqL3RFN1BVNXgraE5pc3Ni?= > =?utf-8?B?alR1VG1rK1RTRFZ1L2RoK1R1cUg4N3JpUlZmcE5QSGs2aXJCbDdFSjNjdUJM?= > =?utf-8?B?OWhYVjFPL05zakxmaEFHWmd4cEVOOWMyVmxlR0dORlJxM05aRmY3aGZURit3?= > =?utf-8?B?dy9CaVZFU3Zad212T1RYRC9jSGlxNG9lMld5LzdlMEtOOUN1Vzg5dVlYTVU0?= > =?utf-8?B?c3BpL1VhSmpaTXpyN0tXaXhNdFduSFN0SmJFbHlxeHVlMFFySW9yY3JRSFgz?= > =?utf-8?B?bHZnYjhEb1VwY2lpSEdpVUp3bGpTSTdHQkF2K2RoNDMwTDFsVFdTNlpEZStB?= > =?utf-8?B?PT0=?= > MIME-Version: 1.0 > > The following Internet-Draft will expire soon: > > Name: draft-ietf-ace-oscore-gm-admin-coral > Title: Using the Constrained RESTful Application Language (CoRAL) with the > Admin Interface for the OSCORE Group Manager > State: I-D Exists > Expires: 2024-07-17 (in 1 week, 2 days) > > > > -- > Marco Tiloca > Ph.D., Senior Researcher > > Phone: +46 (0)70 60 46 501 > > RISE Research Institutes of Sweden AB > Box 1263 > 164 29 Kista (Sweden) > > Division: Digital Systems > Department: Computer Science > Unit: Cybersecurity > https://www.ri.se > >
_______________________________________________ Ace mailing list -- ace@ietf.org To unsubscribe send an email to ace-le...@ietf.org
