Hi, reading what RFC9200, it is not fully clear whether the client is allowed to set request a particular ACE profile (eg. by sending ace_profile=2), or whether the only choice the client has in that is whether or not to ask the AS to send which profile the AS picked (by sending ace_profile=null) in the C-AS message. The document talks a lot about the null value being allowed in requests (section 5.8.1. and 5.8.4.3.), but neither allows nor forbids regular values.
This has led to some disagreement on [1], which I originally intended to clarify by filing an erratum -- but I wouldn't even know what to put in as proposed text. Note that with the profiles I currently know, there's not a lot of chance for ambiguity; for example, if a client supports both the ACE-OSCORE profile and the ACE-EDHOC-OSCORE profile, it will either send an almost empty token request (for OSCORE), or a token request with its own cnf set (for EDHOC), so the AS will have a good idea already, but that's basically just a furtunate coincidence; as more profiles get added, the space for requests that could be ambiguous grows. While in most cases it likely makes sense for the AS to decide the profile, I think it does make good sense for the client to pick one profile or the other in some cases (eg. depending on power available, expected connection duration or round-trip time), within what the AS considers acceptable. Is there text we missed in RFC9200 that would clarify this one way or the other, or is this indeed unclear, and then, what's the intended design? BR Christian [1]: https://github.com/namib-project/dcaf-rs/issues/28 -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list -- ace@ietf.org To unsubscribe send an email to ace-le...@ietf.org
