# IETF 109 ACE Meeting WEDNESDAY, November 18, 2020 12:00-14:00 [codimd](https://codimd.ietf.org/notes-ietf-109-ace) [jabber](xmpp:ace@jabber.ietf.org?join) [video stream](https://meetings.conf.meetecho.com/ietf109/?group=ace&short=&item=1) [audio stream](http://mp3.conf.meetecho.com/ietf109/spring/1.m3u) [session](https://datatracker.ietf.org/meeting/109/session/ace) [wg documents](https://tools.ietf.org/wg/ace/) ## Agenda * agenda bashing 10 min Daniel * document status update dtls-authorize, oauth-authz, oauth-params are waiting to be sent to the IESG; OSCORE profile had WGLC but needs some more reviews, Christian and Marco offer to review; aif needs more reviews; mqtt-tls-profile being updated after WGLC; pubsub-profile needs to add MQTT, Francesca will coordinate with Cigdem * groupcom drafts: * [draft-ietf-ace-key-groupcomm](https://tools.ietf.org/wg/ace/draft-ietf-ace-key-groupcomm/) 10 min Francesca Issue with scope: how does the KDC know the format of the scope? Candidate solutions: 1. Prefix with byte agreed between RS and AS, if same scope is reused needs to sync with AS. 2. Register CBOR tag, one for each application profile (currently only one) 3. Register a new Token claim. Discussion: Do we need to add something inband to disambiguate, or can we agree out of band. Ben: It seems we need to add something inband, a CBOR Tag seems architecturally "cleaner", but does not say anything about implementation. Carsten: need to think more. 1-byte CBOR tag registration is restricted. Francesca brings this to the list. * [draft-ietf-ace-key-groupcomm-oscore](https://tools.ietf.org/html/draft-ietf-ace-key-groupcomm-oscore) 10 min Marco No comments * [draft-ietf-ace-oscore-gm-admin](https://tools.ietf.org/html/draft-ietf-ace-oscore-gm-admin) 10 Min Marco Christian: General question: ACE documents make use of resources starting with "/", how is entry point discovered? Preference for less static method. Ben: BCP190 allow for fixed strings once parent is discovered. * charter 30 min Discusson of what certificate enrolment work is in scope. Goeran: coap-est is done; est protected by oscore+edhoc is not done Merge of paragraphs mentioning EST and CMPv2. No objections from the meeting. Chair confirms the proposal on the list. * New topics * [draft-tiloca-ace-group-oscore-profile](https://tools.ietf.org/html/draft-tiloca-ace-group-oscore-profile) 10-15 min Marco ACE profile for resources accessed with Group OSCORE. Michael Richardson will review * draft-selander-ace-coap-est-oscore 10 min Goran Follows draft-ietf-ace-coap-est, but replaces DTLS with OSCORE/EDHOC. One key features is that the CoAP/HTTP proxy does not need to do anything EST-related, and thus does not need to be trusted. Who plans to review? Michael Richardson has been involved but is not currently listed as an author. Please provide any additional comments if you have any. Francesca and Michael will review * draft-selander-ace-ake-authz 10 min Goran Doing authentication, authorization, and certificate enrolment in sequence is inefficient. Ben: the authenticator V serves a role similar to a BRSKI join proxy? Goeran: V is more of a registrar than a proxy Michael: the join proxy is on the constrained link; not shown in this figure. Olle: any implementations? Goeran: multiple authors have plans; Michael may be able to say more Ben: the voucher RFC 8366 is not just a BRSKI thing Michael: yes, I am implementing. * [draft-tiloca-ace-revoked-token-notification](https://tools.ietf.org/html/draft-tiloca-ace-revoked-token-notification) 10-15 min Marco No comments * AOB Last words from chair on next steps: * monthly interim meetings going forward * need to finalize the work in progress before adopting new work * also need to finalize the rechartering ## Participants