Minutes interim-2020-ace-10: Mon 10:00
minutes-interim-2020-ace-10-202009071000-00
| Meeting Minutes | Authentication and Authorization for Constrained Environments (ace) WG | |
|---|---|---|
| Date and time | 2020-09-07 14:00 | |
| Title | Minutes interim-2020-ace-10: Mon 10:00 | |
| State | Active | |
| Other versions | plain text | |
| Last updated | 2020-09-08 |
minutes-interim-2020-ace-10-202009071000-00
interim-2020-ace-10 Monday 2020-09-07 14:00 UTC # Links [Datatracker](https://datatracker.ietf.org/meeting/interim-2020-ace-10/session/ace) [Webex](https://ietf.webex.com/webappng/sites/ietf/meeting/info/168045235929099520?MTID=m1f34280a8246b00df47684851bb987f7) [Etherpad](https://codimd.ietf.org/notes-ietf-interim-2020-ace-10-ace) # Agenda ## Chairs Slides * [Note Well Slide](https://docs.google.com/presentation/d/1Aug0vjm-4hCXzadszOgTJxMTBqYoS51BEIhb7nvfepc/edit?usp=sharing) * minute taker * blue sheet ## OSCORE profile Francesca 10 min - Slides: https://www.ietf.org/proceedings/interim-2020-ace-10/slides/slides-interim-2020-ace-10-sessa-oscore-profile-00 * discussion of the IANA registration of new parameters. * FP: Plan to generate new names for the message type C-RS and send to Hannes as DE and see if he complains. * FP: Requets for comments on where to put OSCORE Security Context registry? Ludwig says ACE, I think CORE might be better * JS: Vagely think that ACE is better * FP: Identifiers negotiation: * JM: Problem is collisions or long messages - long random makes it harder * JM: Swap roles and more than one RS - * JS: DOn't understand the situation - * GS: Both getting tokens and posting to the other side? - Getting separate tokens for C and RS? * JS: I would expect that C would reject token based on RS id collision. * JS: Previously had discussed the problem and now suddenly care about it. * FP: Worried about getting collisions between doing EDHOC and then getting an AS token. * JS: I think this is excelent BIS material. * FP: Can't version - new profile? * JS: Might be able to do this in a later version and choose behavior based on presence of items. * JS: I don't understand the context swapping case and don't beleive it is a problem. * If you post to multiple RS then you can determine a change by trial decryption on the C so that is not an issue. * FP: Please add comments to the mail list - small change in text, but major change in concepts. * JS: Unsure what security issues are being introduced by this. Need to have better idea of this to figure out what is changing. * FP: THink that the case of identifiers in the token are ignored by the C and RS would cause complications to occur. * DM: Could have a diff to see what the changes would be * FP: Can do this in a separate branch on github. * ## AOB Request to review the MQTT document - currently in last call. # Participants * Daniel Migault Ericsson * Jim Schaad, August Cellars * Marco Tiloca, RISE * Francesca Palombini, Ericsson * Cigdem Sengul, Brunel University * Rikard Höglund, RISE * Göran Selander, Ericsson * Peter Yee * John Mattsson ## Minutes