Minutes IETF99: ace
Authentication and Authorization for Constrained Environments
||Minutes IETF99: ace
ACE Minutes 2017-07-17
Scribe: John Mattsson
- Open issue about PoP Key Semantics for CWTs
Similar CWT representation in two drafts. Mike arguing for CWT to be in its
Used by non-ACE. Independent draft can move on quicker.
Question: Separate document or keep in in the current WG document?
Decision: Crystal clear to have CWT in a separate document.
Chair: Update to charter not needed, but milestone needed.
- CBOR Web Token
1 open issue regarding the example.
Next steps: Update example -> Mike to talk to Jim & Samuel
Authorization using OAuth 2.0
Features useful for many profiles have been moved to framework.
Time sync to be done, discussion on which mechanism to use.
Discussion on how to confirm security properties of the framework. Security
properties need to be showed for each profile.
Discussion on which profiles to standardize.
Recommendation made to write a roadmap document (or to use the Wiki) to
explain which profiles is needed for which environment.
DTLS Profile for ACE
The request from IETF98 to also do TLS is still TODO
Discussion on some open issues
#12 No comments, author to come up with proposal
#13 Discussion which curve to mandate.
Discovery: AS discovery to be moved to framework Proposal to extend
Client-to-AS request to ensure freshness. Support to move to framework.
RPK in Client-to-AS Request: Who to authorize? Need to document in TLS
profile or framework. No comments.
Error handling and AS_info to be handled by framework document
Issues need to be resolved; further reviews needed.
OSCOAP profile of ACE
Feedback welcome. Asks for adoption.
IPsec profile of ACE
Comments that the solution might lead to security problems with ESP. Need to
Chair: How does this affect interoperability of IoT?
MQTT-TLS profile of ACE
Next step: More feedback
Ephemeral Diffie-Hellman Over COSE (EDHOC)
Next step: Interop, test vectors
EST over secure CoAP (EST-coaps)
Question: Ready for WG Draft?
Strong support for the work (in some WG)
Several people think ACE is the right group.
Discussion if the charter needs to be changed.
Discussion what ACE should prioritize at the moment.
Comments that current framework and profiles should be prioritised first.
Comments that the work is small and should be done in ACE now.
Comments that ACE is not the right group and that there is no current right
Chair Question: Should ACE do wrappers for EST? Unanswered.
CORE Chair: If not done in ACE this work could be done in CORE. But it is
Chair Question: Interested in doing this work in ACE or not.
Slight majority for doing the work in ACE.
AD: Not interfere with other work that is high priority.
Joining of OSCOAP multicast groups in ACE
Next step: Feedback
Discussion on the scalability of the AS knowing the public keys.
Discussion to be taken offline.
Raw-Public-Key and Pre-Shared-Key as OAuth client credentials
Suggestion that ACE is the right group and that it should eventually be
The chair will set up a wiki to discuss the profiles to adopt.
Interim meeting on certificate enrolment in constrained environments to be