Minutes IETF99: ace
minutes-99-ace-00

Meeting Minutes Authentication and Authorization for Constrained Environments (ace) WG
Date and time 2017-07-17 07:30
Title Minutes IETF99: ace
State Active
Other versions plain text
Last updated 2017-07-26

minutes-99-ace-00
ACE Minutes 2017-07-17
----------------------

Scribe: John Mattsson

- Open issue about PoP Key Semantics for CWTs

   Similar CWT representation in two drafts. Mike arguing for CWT to be in its
   own draft.

   Used by non-ACE. Independent draft can move on quicker.

   Question: Separate document or keep in in the current WG document?

   Decision: Crystal clear to have CWT in a separate document.

   Chair: Update to charter not needed, but milestone needed.

- CBOR Web Token

  1 open issue regarding the example.

  Next steps: Update example -> Mike to talk to Jim & Samuel

Authorization using OAuth 2.0

   Features useful for many profiles have been moved to framework.
   Time sync to be done, discussion on which mechanism to use.

   Discussion on how to confirm security properties of the framework. Security
   properties need to be showed for each profile.

   Discussion on which profiles to standardize.

   Recommendation made to write a roadmap document (or to use the Wiki) to
   explain which profiles is needed for which environment.

DTLS Profile for ACE

   The request from IETF98 to also do TLS is still TODO

   Discussion on some open issues

   #12 No comments, author to come up with proposal

   #13 Discussion which curve to mandate.

   Discovery: AS discovery to be moved to framework Proposal to extend
   Client-to-AS request to ensure freshness. Support to move to framework.

   RPK in Client-to-AS Request: Who to authorize? Need to document in TLS
   profile or framework. No comments.

   Error handling and AS_info to be handled by framework document

   Issues need to be resolved; further reviews needed.

OSCOAP profile of ACE

   Feedback welcome. Asks for adoption.

   No decisions.

IPsec profile of ACE

   Comments that the solution might lead to security problems with ESP. Need to
   be checked.

   Chair: How does this affect interoperability of IoT?

   No decisions.

MQTT-TLS profile of ACE

   Next step: More feedback

   No decisions.

Ephemeral Diffie-Hellman Over COSE (EDHOC)

   Next step: Interop, test vectors

   No decisions.

EST over secure CoAP (EST-coaps)

  Question: Ready for WG Draft?

  Strong support for the work (in some WG)

  Several people think ACE is the right group.

  Discussion if the charter needs to be changed.

  Discussion what ACE should prioritize at the moment.

  Comments that current framework and profiles should be prioritised first.

  Comments that the work is small and should be done in ACE now.

  Comments that ACE is not the right group and that there is no current right
  group.

  Chair Question: Should ACE do wrappers for EST? Unanswered.

  CORE Chair: If not done in ACE this work could be done in CORE. But it is
  security.

  Chair Question: Interested in doing this work in ACE or not.

  Slight majority for doing the work in ACE.

  AD: Not interfere with other work that is high priority.

Joining of OSCOAP multicast groups in ACE

  Next step: Feedback

  Discussion on the scalability of the AS knowing the public keys.

  Discussion to be taken offline.

  No decisions.

Raw-Public-Key and Pre-Shared-Key as OAuth client credentials

  Suggestion that ACE is the right group and that it should eventually be
  adopted.

  No decisions.

Wrap-up

  The chair will set up a wiki to discuss the profiles to adopt.

  Interim meeting on certificate enrolment in constrained environments to be
  held.