Minutes interim-2020-ace-10: Mon 10:00
minutes-interim-2020-ace-10-202009071000-00

Meeting Minutes Authentication and Authorization for Constrained Environments (ace) WG
Title Minutes interim-2020-ace-10: Mon 10:00
State Active
Other versions plain text
Last updated 2020-09-08

Meeting Minutes
minutes-interim-2020-ace-10-202009071000

interim-2020-ace-10

Monday 2020-09-07 14:00 UTC

# Links

[Datatracker](https://datatracker.ietf.org/meeting/interim-2020-ace-10/session/ace)
[Webex](https://ietf.webex.com/webappng/sites/ietf/meeting/info/168045235929099520?MTID=m1f34280a8246b00df47684851bb987f7)
[Etherpad](https://codimd.ietf.org/notes-ietf-interim-2020-ace-10-ace)

# Agenda

## Chairs Slides
* [Note Well
Slide](https://docs.google.com/presentation/d/1Aug0vjm-4hCXzadszOgTJxMTBqYoS51BEIhb7nvfepc/edit?usp=sharing)
* minute taker * blue sheet

## OSCORE profile Francesca 10 min
- Slides:
https://www.ietf.org/proceedings/interim-2020-ace-10/slides/slides-interim-2020-ace-10-sessa-oscore-profile-00
* discussion of the IANA registration of new parameters. * FP: Plan to generate
new names for the message type C-RS and send to Hannes as DE and see if he
complains. * FP: Requets for comments on where to put OSCORE Security Context
registry?  Ludwig says ACE, I think CORE might be better * JS: Vagely think
that ACE is better * FP: Identifiers negotiation: * JM: Problem is collisions
or long messages - long random makes it harder * JM: Swap roles and more than
one RS - * JS: DOn't understand the situation - * GS: Both getting tokens and
posting to the other side?  - Getting separate tokens for C and RS? * JS: I
would expect that C would reject token based on RS id collision. * JS:
Previously had discussed the problem and now suddenly care about it. * FP:
Worried about getting collisions between doing EDHOC and then getting an AS
token. * JS: I think this is excelent BIS material. * FP: Can't version - new
profile? * JS: Might be able to do this in a later version and choose behavior
based on presence of items. * JS: I don't understand the context swapping case
and don't beleive it is a problem. * If you post to multiple RS then you can
determine a change by trial decryption on the C so that is not an issue. * FP:
Please add comments to the mail list - small change in text, but major change
in concepts. * JS: Unsure what security issues are being introduced by this. 
Need to have better idea of this to figure out what is changing. * FP: THink
that the case of identifiers in the token are ignored by the C and RS would
cause complications to occur. * DM: Could have a diff to see what the changes
would be * FP: Can do this in a separate branch on github. *

## AOB
    Request to review the MQTT document - currently in last call.

# Participants
* Daniel Migault Ericsson
* Jim Schaad, August Cellars
* Marco Tiloca, RISE
* Francesca Palombini, Ericsson
* Cigdem Sengul, Brunel University
* Rikard Höglund, RISE
* Göran Selander, Ericsson
* Peter Yee
* John Mattsson

## Minutes