From nobody Mon Jan 2 11:33:43 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8143129454 for ; Mon, 2 Jan 2017 11:33:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.001 X-Spam-Level: X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uISEYRZsCWRf for ; Mon, 2 Jan 2017 11:33:39 -0800 (PST) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8ACA12944A for ; Mon, 2 Jan 2017 11:33:39 -0800 (PST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id A746C2055B for ; Mon, 2 Jan 2017 14:52:36 -0500 (EST) Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 62521638D5 for ; Mon, 2 Jan 2017 14:33:38 -0500 (EST) From: Michael Richardson To: ace X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [Ace] some comments on draft-ietf-cose-msg-24 and draft-ietf-ace-cbor-web-token-01 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jan 2017 19:33:42 -0000 --=-=-= Content-Type: text/plain I am implementing some Ruby code to validate the claims shown in the appendix A of draft-ietf-ace-cbor-web-token-01. It wasn't obvious at first, or maybe I just don't get it, but the examples there are not, I think, signed. We are looking at the content that would get signed. What I see in A.2 is a claim about a public key, but no signature: "This is then packaged signed and encrypted using COSE." Are there any plans to provide a signed test vector as part of CWT? It also seems that perhaps CWT doesn't not need all of the modes that ietf-cose-msg provides. Also, cose-msg has 10 further revisions since the -14 that cwt points to... I don't know if there are any things affecting it. I am currently making sure that I can validate some of the vectors in Appendix C of ietf-cose-msg. I think that the examples are from: https://github.com/cose-wg/Examples I wonder if the directories could say "c-1-1" or something in them? (or the other way around). I think that: C.1.1. Single Signature is ecdsa-01.json, which has a nice "title":"ECDSA-01: ECDSA - P-256" maybe that could be in the document? (My thanks for the LotR inspired keys!) I am aware that ietf-cose-msg-24 has past the WGLC... ietf-cose-msg-24 says on pg 11: protected: Contains parameters about the current layer that are to be cryptographically protected. This bucket MUST be empty if it and after explaining that a zero length string should be used, it says: "This avoids the problem of all parties needing to be able to do a common canonical encoding." Isn't saying it's a zero-length string, a canonical encoding? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlhqqxEACgkQgItw+93Q 3WWPQQgAqsW2XNP3yuTcOslyT8GbEwbiuBYfZ/VM8B11B8DC1tcp0Sq+sH798tTP tePACXCyaNG1hYWEFnT97yXgnNnQg4c6W9a856uXM72e1+rSD4t/t2WRy7b62fgn q7vewGdX5qokWtnZJouR0PiMIpe5DUCQkGm5uuqSqY9EWWPB058q6PfkwUn5l5lG BzF+5uTBXS15lfosAlU1XRdeHA0s2s9h1kdg8xs+HyA1mWa0vhUZUwGCnoV5bgB7 rRRzEMrJ49hWNN8gc0gPdAGfsq5dEK2AD+Gd/lQ4GJRUeFruqLfQKd5Zj8sb3KpJ 0CFWnhMomKNWPJ/FKnQy3M6C3qojhQ== =WqWK -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Jan 2 12:41:23 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 388EE12949E for ; Mon, 2 Jan 2017 12:41:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.001 X-Spam-Level: X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6UH3fhNrJSQP for ; Mon, 2 Jan 2017 12:41:19 -0800 (PST) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05C461294A2 for ; Mon, 2 Jan 2017 12:41:18 -0800 (PST) Received: from hebrews (50.45.239.150) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 2 Jan 2017 13:00:48 -0800 From: Jim Schaad To: 'Michael Richardson' , 'ace' References: <28841.1483385618@obiwan.sandelman.ca> In-Reply-To: <28841.1483385618@obiwan.sandelman.ca> Date: Mon, 2 Jan 2017 12:41:09 -0800 Message-ID: <007101d26538$8df2a8b0$a9d7fa10$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Content-Language: en-us Thread-Index: AQKFlWr9FVCnXbcH8w/I50uc0STp4J+/RctQ X-Originating-IP: [50.45.239.150] Archived-At: Subject: Re: [Ace] some comments on draft-ietf-cose-msg-24 and draft-ietf-ace-cbor-web-token-01 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jan 2017 20:41:21 -0000 Quick note on the samples in cose-msg. Will look at the rest later Look in the directory spec-examples for the cose-msg examples. Some are basically duplicated in other locations. I need to do a rename of the files since I added a new appendix. That is Appendix_B_1_1.json is the example for appendix C.1.1 Jim > -----Original Message----- > From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Michael Richardson > Sent: Monday, January 02, 2017 11:34 AM > To: ace > Subject: [Ace] some comments on draft-ietf-cose-msg-24 and draft-ietf-ace- > cbor-web-token-01 > > > I am implementing some Ruby code to validate the claims shown in the appendix > A of draft-ietf-ace-cbor-web-token-01. It wasn't obvious at first, or maybe I just > don't get it, but the examples there are not, I think, signed. > We are looking at the content that would get signed. > > What I see in A.2 is a claim about a public key, but no signature: > "This is then packaged signed and encrypted using COSE." > > Are there any plans to provide a signed test vector as part of CWT? > > It also seems that perhaps CWT doesn't not need all of the modes that ietf-cose- > msg provides. Also, cose-msg has 10 further revisions since the -14 that cwt > points to... I don't know if there are any things affecting it. > > I am currently making sure that I can validate some of the vectors in > Appendix C of ietf-cose-msg. I think that the examples are from: > https://github.com/cose-wg/Examples > > I wonder if the directories could say "c-1-1" or something in them? > (or the other way around). I think that: > C.1.1. Single Signature > > is ecdsa-01.json, which has a nice > "title":"ECDSA-01: ECDSA - P-256" > > maybe that could be in the document? > > (My thanks for the LotR inspired keys!) > > I am aware that ietf-cose-msg-24 has past the WGLC... > > ietf-cose-msg-24 says on pg 11: > protected: Contains parameters about the current layer that are to > be cryptographically protected. This bucket MUST be empty if it > > and after explaining that a zero length string should be used, it > says: > "This avoids the problem of all > parties needing to be able to do a common canonical encoding." > > Isn't saying it's a zero-length string, a canonical encoding? > > > -- > Michael Richardson , Sandelman Software Works -= > IPv6 IoT consulting =- > > From nobody Sat Jan 7 04:44:17 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1881294B1 for ; Sat, 7 Jan 2017 04:44:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.098 X-Spam-Level: X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1EdMK8UOMpqH for ; Sat, 7 Jan 2017 04:44:14 -0800 (PST) Received: from out0-136.mail.aliyun.com (out0-136.mail.aliyun.com [140.205.0.136]) by ietfa.amsl.com (Postfix) with ESMTP id CDA12129442 for ; Sat, 7 Jan 2017 04:44:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1483793049; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=2l1rYElA1+fRBm/TAT7zKTpDqgKEWrn8+N1aOiBCuTQ=; b=kZFTbGQCYTZpGYFPW2zvVGAg6p8WLiOFPAV+hkuMs6Dsc4RHwOgG957Nlw+GqcNs0n4DK8pUQcxHLUOXd3lk4Pv4AU3ZFv14txvX/VSrmFfbZ+VP5dsdzXLSBLWry8xAuDa8KXXJeAnqlpD+sAN6e6Z9L3u0mWeFkaDYzTy1TAc= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R461e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03294; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=3; SR=0; TI=SMTPD_---.7P6SSQ1_1483793038; Received: from 30.39.2.47(mailfrom:kepeng.lkp@alibaba-inc.com ip:42.120.73.202) by smtp.aliyun-inc.com(127.0.0.1); Sat, 07 Jan 2017 20:44:02 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Sat, 07 Jan 2017 20:43:57 +0800 From: "Kepeng Li" To: ace Message-ID: Thread-Topic: Doodle for ACE virtual interim meeting References: In-Reply-To: Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3566666642_6641499" Archived-At: Cc: Kathleen Moriarty , Hannes Tschofenig Subject: [Ace] Doodle for ACE virtual interim meeting X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jan 2017 12:44:15 -0000 > 此邮件使用 MIME 格式。由于邮件阅读程序不能识别 此格式,因此,可能无法识别该邮件的分部或部分内容。 --B_3566666642_6641499 Content-type: text/plain; charset="GB2312" Content-transfer-encoding: 7bit Hi all, To speed up our progress on group communication security draft, we plan to have a virtual interim meeting in the middle of Feb. I proposed four options for the meeting time: 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. Please indicate your available time from the doodle poll: http://doodle.com/poll/v6nbeggazekaq2ut We will mainly discuss this draft: https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ Thanks, Kind Regards Kepeng --B_3566666642_6641499 Content-type: text/html; charset="GB2312" Content-transfer-encoding: quoted-printable
Hi all,

To speed up our progress = on group communication security draft, we plan to have a virtual interim mee= ting in the middle of Feb.

I proposed four options = for the meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2. 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesd= ay, GMT 14:00 ~ 15:00.
4. 14th Feb, Tuesday, GMT 15:00 ~ 15:5= 9.

Please indicate your available time from the doo= dle poll:

We will mainly discuss this draft:

Thank= s,

Kind Regards
Kepeng 

--B_3566666642_6641499-- From nobody Sun Jan 8 18:57:42 2017 Return-Path: X-Original-To: ace@ietf.org Delivered-To: ace@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 10023129A58; Sun, 8 Jan 2017 18:57:40 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Meeting Session Request Tool\"" To: X-Test-IDTracker: no X-IETF-IDTracker: 6.40.3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148393066003.769.2889270207440556966.idtracker@ietfa.amsl.com> Date: Sun, 08 Jan 2017 18:57:40 -0800 Archived-At: Cc: Kathleen.Moriarty.ietf@gmail.com, ace-chairs@ietf.org, ace@ietf.org, kepeng.lkp@alibaba-inc.com Subject: [Ace] ace - New Meeting Session Request for IETF 98 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2017 02:57:40 -0000 A new meeting session request has just been submitted by Kepeng Li, a Chair of the ace working group. --------------------------------------------------------- Working Group Name: Authentication and Authorization for Constrained Environments Area Name: Security Area Session Requester: Kepeng Li Number of Sessions: 1 Length of Session(s): 2.5 Hours Number of Attendees: 100 Conflicts to Avoid: First Priority: core oauth saag lwig tokbind tls Special Requests: Avoid entire SEC areas. Please avoid a session on Friday! --------------------------------------------------------- From nobody Mon Jan 9 20:36:51 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C5BD129E91 for ; Mon, 9 Jan 2017 20:36:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.993 X-Spam-Level: X-Spam-Status: No, score=-3.993 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0REJEpvaaEN for ; Mon, 9 Jan 2017 20:36:46 -0800 (PST) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44EB1129E8F for ; Mon, 9 Jan 2017 20:36:46 -0800 (PST) Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 9 Jan 2017 20:56:13 -0800 From: Jim Schaad To: Date: Mon, 9 Jan 2017 20:36:38 -0800 Message-ID: <013a01d26afb$233ef5f0$69bce1d0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdJqFjktU/bHwE2RRn6LNdkksHiqaQ== Content-Language: en-us X-Originating-IP: [24.21.96.37] Archived-At: Cc: 'ace' Subject: [Ace] draft-somaraju-ace-multicast X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jan 2017 04:36:49 -0000 Why restriction on reading messages? It is not like an external observer is not going to be able to see the lights go on or off. I am not sure what you mean by synchronous manner. Does this mean that the light needs to change state between the command and the response message? (As opposed to an asynchronous manner.) Or do you mean in a synchronized manner where everything happens at a given time relative to the command (which could be all at the same time). The solution in section 4 does not seem to meet the following requirement "Only authorized members of the application group must be able to read and process messages." The statement is made that AT-R tokens with references are more efficient from a bandwidth point of view. Does this mean that there is going to be a recommendation that these be provided prior to the first command so that all n devices dereferencing the pointer will not kill the bandwidth? This document needs to have a solution for dealing with nonce space allocation for the cases where more than one sender is going be able to use the same key. This is going to be part of the problems with replay detection as well as security considerations. Should the algorithms be using high water detection of sequence numbers rather than the case of not yet used? Or is that an application specific type thing? How does section 5.2 Token Verification reconcile with the idea of doing references in AT-R tokens? In section 6.3, if a device has multiple security domains, why could they not come from multiple KDCs? The term low latency needs to be much more clearly defined about what it means in this context. In a manufacturing facility, I might have a tighter latency requirement for communicating commands to valves that I would on dealing with lights that might take a while to come on anyway. Does that mean that you feel that this would be an ideal solution for such an environment? The same thing might easily be said for emergency alarms. I want all of them to come on and come on fast in the event of an emergency. A better description of what is meant by low-latency is clearly needed. I do not think that the current security requirements is sufficiently strident to reflect both the threat of breakage, cross-breakage and restrictions on where it should be used to pass muster. Jim From nobody Fri Jan 13 01:45:10 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AC6312943B for ; Fri, 13 Jan 2017 01:45:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yszo17fVOXK6 for ; Fri, 13 Jan 2017 01:45:06 -0800 (PST) Received: from out0-153.mail.aliyun.com (out0-153.mail.aliyun.com [140.205.0.153]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9D91270B4 for ; Fri, 13 Jan 2017 01:44:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1484300684; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=9LoAjMk+I7fucgOfwhUyJzZBU5O8lXRoViHtbcc4krM=; b=HWYbuYd2VVA1+39UCI789LfGFL68lc3yhbnxCzioy7V8WtFZALrQZXSCEVutS0cQVQBOJjAuM10M95i44+x95n6R/el815rMtA+DND7K+xydWU9W0M2qwx/B/ju9sl1PtZ+CJoqBbpz6ijbrYVkiKgcsrQ1wFZDq6VucgziJ5uU= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R281e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03310; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=4; SR=0; TI=SMTPD_---.7RUSlcB_1484300676; Received: from 30.6.247.23(mailfrom:kepeng.lkp@alibaba-inc.com ip:42.120.74.103) by smtp.aliyun-inc.com(127.0.0.1); Fri, 13 Jan 2017 17:44:41 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Fri, 13 Jan 2017 17:44:35 +0800 From: "Kepeng Li" To: "Kepeng Li" , "ace" Message-ID: Thread-Topic: [Ace] Doodle for ACE virtual interim meeting Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3567174281_20109584" Archived-At: Cc: Kathleen Moriarty , Hannes Tschofenig Subject: Re: [Ace] Doodle for ACE virtual interim meeting X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2017 09:45:08 -0000 > 此邮件使用 MIME 格式。由于邮件阅读程序不能识别 此格式,因此,可能无法识别该邮件的分部或部分内容。 --B_3567174281_20109584 Content-type: text/plain; charset="GB2312" Content-transfer-encoding: quoted-printable Hallo all, According to the doodle poll, let=A1=AFs have a call on 14th Feb, GMT 15:00 ~ 15:59. We have the same amount of participants about Option 1, 2, and 4. Considering that Mike has strong position about this draft, so I accommodat= e his choice to allow him to participate. Authors, please prepare some slides for the discussion. I will send the WebEx information later. Thanks, Kind Regards Kepeng =B7=A2=BC=FE=C8=CB: Ace on behalf of Li Kepeng =C8=D5=C6=DA: Saturday, 7 January 2017 at 8:43 PM =D6=C1: ace =B3=AD=CB=CD: Kathleen Moriarty , Hannes Tschofenig =D6=F7=CC=E2: [Ace] Doodle for ACE virtual interim meeting Hi all, To speed up our progress on group communication security draft, we plan to have a virtual interim meeting in the middle of Feb. I proposed four options for the meeting time: 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. Please indicate your available time from the doodle poll: http://doodle.com/poll/v6nbeggazekaq2ut We will mainly discuss this draft: https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ Thanks, Kind Regards Kepeng=20 _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace --B_3567174281_20109584 Content-type: text/html; charset="GB2312" Content-transfer-encoding: quoted-printable
Hallo all,

<= div>According to the doodle poll, let’s have a call on 14th Feb, GMT 1= 5:00 ~ 15:59.

We have the same amount of participan= ts about Option 1, 2, and 4. 

Considering that= Mike has strong position about this draft, so I accommodate his choice to a= llow him to participate.

Authors, please prepare so= me slides for the discussion.

I will send the WebEx= information later.

Thanks,

Kind Regards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bounce= s@ietf.org> on behalf of Li Kepeng <kepeng.lkp@alibaba-inc.com>
=C8=D5=C6=DA: Saturday, 7 January 2017 at 8:43 PM
=D6=C1: ace <ace@ietf.or= g>
=B3=AD=CB=CD: Kathleen Moriarty = <kathleen.moriarty.ietf= @gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
=D6=F7=CC=E2: [Ace] Doodle for ACE virtual interim meeting
Hi all,

To speed up our progress on group= communication security draft, we plan to have a virtual interim meeting in = the middle of Feb.

I proposed four options for the = meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2= . 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesday, GMT = 14:00 ~ 15:00.
4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59.
=

Please indicate your available time from the doodle poll= :

We will mainly discuss this draft:
Thanks,
=

Ace@ietf.org https://www.ietf.org/ma= ilman/listinfo/ace --B_3567174281_20109584-- From nobody Fri Jan 13 08:28:42 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87F61129785 for ; Fri, 13 Jan 2017 08:28:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.898 X-Spam-Level: X-Spam-Status: No, score=-5.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3cQtnzJHTAGo for ; Fri, 13 Jan 2017 08:28:37 -0800 (PST) Received: from resqmta-ch2-12v.sys.comcast.net (resqmta-ch2-12v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51B57129882 for ; Fri, 13 Jan 2017 08:28:37 -0800 (PST) Received: from resomta-ch2-08v.sys.comcast.net ([69.252.207.104]) by resqmta-ch2-12v.sys.comcast.net with SMTP id S4hbcsuUclNFyS4iScDJMN; Fri, 13 Jan 2017 16:28:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20161114; t=1484324916; bh=ZWp/WTWePyjM7pfnN6D13P2PJk7uZP9ZuZCmxBs6GhQ=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=HhgbMBtMi1GmsVsW3FCHOX5PatJHuhVeytJfmhPZ7mdocmG2xY4EIhiqAmvLIqBBw BWUrM9znIYOT1rGP9ysGNTMcLvjj5plGlP4ILPKJgjt6MmZkQp7c2RrKOU1KXJVXrP WUkS9ColU6NO6T16xhwt//w1+jQ9kdQPDDW8t6L1qza2LJMhTBj/UiVSoidfKv/42T 7rYevlucZlRhy95alpCFnPJcrVDW5cmT0r/R3WliSgwYnxi7xyAKNLexWZr2Tji7Nk iaXDP8EEF8Cpgy7gKKxxlemjzmyYRH7bBzPFYyebb/im4In6kXN/tjNzfSWZOCyde/ MNHMCG1PGnFog== Received: from [IPv6:2601:152:4400:9b5f:ad50:5e6:d889:54c2] ([IPv6:2601:152:4400:9b5f:ad50:5e6:d889:54c2]) by resomta-ch2-08v.sys.comcast.net with SMTP id S4iRcK3XsaYRCS4iScoVSH; Fri, 13 Jan 2017 16:28:36 +0000 To: ace@ietf.org References: From: Michael StJohns Message-ID: Date: Fri, 13 Jan 2017 11:28:39 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------C22E8F8840A30B9C08605E6E" X-CMAE-Envelope: MS4wfGazllUDHwQQaGv8qvQlqt6W+Y7CSowP3WCqI+xpryqSgxjgL62jD5PQfW1DHA+XqXURcNwbqOT8bb0hcj03TCjWKzEQ0ws22rBw9pWQOFQogEtU0ObV +vFHi2GdNoTG/Z2O3NNEG3/4ZkIoz4uierGtzS58lpi/kWncgfRortDDkXJdpS0Gq0KnO/X2FfgX1Q== Archived-At: Subject: Re: [Ace] Doodle for ACE virtual interim meeting X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2017 16:28:40 -0000 This is a multi-part message in MIME format. --------------C22E8F8840A30B9C08605E6E Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 1/13/2017 4:44 AM, Kepeng Li wrote: > Hallo all, > > According to the doodle poll, let鈥檚 have a call on 14th Feb, GMT 15:00 > ~ 15:59. > > We have the same amount of participants about Option 1, 2, and 4. > > Considering that Mike has strong position about this draft, so I > accommodate his choice to allow him to participate. Sorry what? I'm assuming by "Mike" you mean me. I missed the original doodle call and haven't actually made a choice. I can't actually make the 14th as I'm on a plane. I can make either of the Thursday 9 February times though. In any event, if the slides are ready ahead of time I'll just provide some commentary on the mailing list. I note that the authors haven't engaged with the comments provided by Jim Schaad and it would be useful if they do so. WRT to the document, its difficult to make any judgements or suggest any improvements without understanding the goals of the document. As a bare minimum, up front the document should a) define "low latency" including each element that contributes to the calculation (this has been a moving target - it was something like 250ms for DICE and appears to have moved downward in ACE) and b) define the security services that are to be provided when using the keys served up by this protocol. (e.g. it currently appears that the document is proposing a key management scheme for group confidentiality, group integrity and group authentication). Lastly, the document needs to include any other constraints. In the instant case, low latency may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the document - low/no cost for the build of the product (it's referred to obliquely as processing cost for the constrained device and is more properly attributed to the BOM). If there is any other application besides lighting that has a use for this protocol - now is the time to bring it forward. Finally, a statement of security requirements for the exemplar application (lighting) should be provided so that the protocol can be evaluated against those requirements to see if we've actually managed to come up with something that meets the needs. Mike > > Authors, please prepare some slides for the discussion. > > I will send the WebEx information later. > > Thanks, > > Kind Regards > Kepeng > > 鍙戜欢浜: Ace > on > behalf of Li Kepeng > > 鏃ユ湡: Saturday, 7 January 2017 at 8:43 PM > 鑷: ace > > 鎶勯: Kathleen Moriarty >, Hannes Tschofenig > > > 涓婚: [Ace] Doodle for ACE virtual interim meeting > > Hi all, > > To speed up our progress on group communication security draft, we > plan to have a virtual interim meeting in the middle of Feb. > > I proposed four options for the meeting time: > 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. > 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. > 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. > 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. > > Please indicate your available time from the doodle poll: > http://doodle.com/poll/v6nbeggazekaq2ut > > We will mainly discuss this draft: > https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ > > Thanks, > > Kind Regards > Kepeng > > _______________________________________________ Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace --------------C22E8F8840A30B9C08605E6E Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
On 1/13/2017 4:44 AM, Kepeng Li wrote:
Hallo all,

According to the doodle poll, let鈥檚 have a call on 14th Feb, GMT 15:00 ~ 15:59.

We have the same amount of participants about Option 1, 2, and 4.聽

Considering that Mike has strong position about this draft, so I accommodate his choice to allow him to participate.
Sorry what?聽聽 I'm assuming by "Mike" you mean me. I missed the original doodle call and haven't actually made a choice.聽 I can't actually make the 14th as I'm on a plane.

I can make either of the Thursday 9 February times though.

In any event, if the slides are ready ahead of time I'll just provide some commentary on the mailing list.聽聽 I note that the authors haven't engaged with the comments provided by Jim Schaad and it would be useful if they do so.

WRT to the document, its difficult to make any judgements or suggest any improvements without understanding the goals of the document.聽 As a bare minimum, up front the document should a) define "low latency" including each element that contributes to the calculation聽 (this has been a moving target - it was something like 250ms for DICE and appears to have moved downward in ACE) and b) define the security services that are to be provided when using the keys served up by this protocol.聽聽 (e.g. it currently appears that the document is proposing a key management scheme for group confidentiality, group integrity and group authentication).聽聽 Lastly, the document needs to include any other constraints.聽 In the instant case, low latency may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the document - low/no cost for the build of the product (it's referred to obliquely as processing cost for the constrained device and is more properly attributed to the BOM).

If there is any other application besides lighting that has a use for this protocol - now is the time to bring it forward.

Finally, a statement of security requirements for the exemplar application (lighting) should be provided so that the protocol can be evaluated against those requirements to see if we've actually managed to come up with something that meets the needs.

Mike



Authors, please prepare some slides for the discussion.

I will send the WebEx information later.

Thanks,

Kind Regards
Kepeng

鍙戜欢浜: Ace <ace-bounces@ietf.org> on behalf of Li Kepeng <kepeng.lkp@alibaba-inc.com>
鏃ユ湡: Saturday, 7 January 2017 at 8:43 PM
鑷: ace <ace@ietf.org>
鎶勯: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
涓婚: [Ace] Doodle for ACE virtual interim meeting

Hi all,

To speed up our progress on group communication security draft, we plan to have a virtual interim meeting in the middle of Feb.

I proposed four options for the meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2. 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00.
4.聽14th Feb, Tuesday, GMT 15:00 ~ 15:59.

Please indicate your available time from the doodle poll:

We will mainly discuss this draft:

Thanks,

Kind Regards
Kepeng聽

_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace 

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace


--------------C22E8F8840A30B9C08605E6E-- From nobody Fri Jan 13 18:01:04 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85B3212960F for ; Fri, 13 Jan 2017 18:01:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kma36Vqjggrz for ; Fri, 13 Jan 2017 18:00:59 -0800 (PST) Received: from out0-153.mail.aliyun.com (out0-153.mail.aliyun.com [140.205.0.153]) by ietfa.amsl.com (Postfix) with ESMTP id 8AD1E129609 for ; Fri, 13 Jan 2017 18:00:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1484359250; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=m3QutC491rEp8vHz1rM2iJRsbLL0n8S9HpbG1acMs2w=; b=fJfL+gYKz3eVM4KyfgUCZeM0NDu9sit48cAEh1UrW/azrhbHtNHqsh/0l5OCl5Q1w9RqqIRW5AvQnjAGKXbDTTt/FX+yqZwNuyhLG4CBQSq+UhbhqzFCkwvHg+Ry9p7kavFhvtUplZaCABZLgbWULboOxTKVcqR/Md3YWRakYug= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R201e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03289; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=2; SR=0; TI=SMTPD_---.7RcA8iv_1484359237; Received: from 30.39.3.146(mailfrom:kepeng.lkp@alibaba-inc.com ip:42.120.73.202) by smtp.aliyun-inc.com(127.0.0.1); Sat, 14 Jan 2017 10:00:43 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Sat, 14 Jan 2017 10:00:36 +0800 From: "Kepeng Li" To: Michael StJohns , Message-ID: Thread-Topic: [Ace] Doodle for ACE virtual interim meeting References: In-Reply-To: Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3567232843_20572741" Archived-At: Subject: Re: [Ace] Doodle for ACE virtual interim meeting X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2017 02:01:02 -0000 > 此邮件使用 MIME 格式。由于邮件阅读程序不能识别 此格式,因此,可能无法识别该邮件的分部或部分内容。 --B_3567232843_20572741 Content-type: text/plain; charset="GB2312" Content-transfer-encoding: quoted-printable Oh, sorry, my mistake. I made a mistake between you and Mike Jones. Let=A1=AFs change our call to Option 1, 9th Feb, Thursday, GMT 14:00 ~ 15:00. I will send out the WebEx info later. Kind Regards Kepeng =B7=A2=BC=FE=C8=CB: Ace on behalf of Michael StJohns =C8=D5=C6=DA: Saturday, 14 January 2017 at 12:28 AM =D6=C1: =D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual interim meeting =20 =20 On 1/13/2017 4:44 AM, Kepeng Li wrote: =20 =20 > =20 > Hallo all, > =20 >=20 > =20 > =20 > According to the doodle poll, let=A1=AFs have a call on 14th Feb, GMT 15:00 ~ > 15:59. > =20 >=20 > =20 > =20 > We have the same amount of participants about Option 1, 2, and 4. > =20 >=20 > =20 > =20 > Considering that Mike has strong position about this draft, so I accommod= ate > his choice to allow him to participate. > =20 Sorry what? I'm assuming by "Mike" you mean me. I missed the original doodle call and haven't actually made a choice. I can't actually make the 14th as I'm on a plane. =20 I can make either of the Thursday 9 February times though. =20 In any event, if the slides are ready ahead of time I'll just provide some commentary on the mailing list. I note that the authors haven't engaged with the comments provided by Jim Schaad and it would be useful if they do so. =20 WRT to the document, its difficult to make any judgements or suggest any improvements without understanding the goals of the document. As a bare minimum, up front the document should a) define "low latency" including eac= h element that contributes to the calculation (this has been a moving target - it was something like 250ms for DICE and appears to have moved downward i= n ACE) and b) define the security services that are to be provided when using the keys served up by this protocol. (e.g. it currently appears that the document is proposing a key management scheme for group confidentiality, group integrity and group authentication). Lastly, the document needs to include any other constraints. In the instant case, low latency may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the document - low/no cost for the build of the product (it's referred to obliquely as processing cost for the constrained device and is more properly attributed to the BOM). =20 If there is any other application besides lighting that has a use for this protocol - now is the time to bring it forward. =20 Finally, a statement of security requirements for the exemplar application (lighting) should be provided so that the protocol can be evaluated against those requirements to see if we've actually managed to come up with something that meets the needs. =20 Mike =20 =20 =20 > =20 >=20 > =20 > =20 > Authors, please prepare some slides for the discussion. > =20 >=20 > =20 > =20 > I will send the WebEx information later. > =20 >=20 > =20 > =20 > Thanks, > =20 >=20 > =20 > =20 > Kind Regards > =20 > Kepeng > =20 >=20 > =20 > =20 > =B7=A2=BC=FE=C8=CB: Ace on behalf of Li Kepeng > > =C8=D5=C6=DA: Saturday, 7 January 2017 at 8:43 PM > =D6=C1: ace > =B3=AD=CB=CD: Kathleen Moriarty , Hannes Tsch= ofenig > > =D6=F7=CC=E2: [Ace] Doodle for ACE virtual interim meeting > =20 > =20 >=20 > =20 > =20 > =20 > =20 > Hi all, > =20 > =20 >=20 > =20 > =20 > To speed up our progress on group communication security draft, we plan t= o > have a virtual interim meeting in the middle of Feb. > =20 >=20 > =20 > =20 > I proposed four options for the meeting time: > =20 > 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. > =20 > 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. > =20 > 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. > =20 > 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. > =20 >=20 > =20 > =20 > Please indicate your available time from the doodle poll: > =20 > http://doodle.com/poll/v6nbeggazekaq2ut > =20 >=20 > =20 > =20 > We will mainly discuss this draft: > =20 > https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ > =20 > =20 >=20 > =20 > =20 > =20 > Thanks, > =20 > =20 >=20 > =20 > =20 > =20 > Kind Regards > =20 > Kepeng=20 > =20 >=20 > =20 > =20 > =20 > =20 > _______________________________________________ Ace mailing list Ace@iet= f.org > https://www.ietf.org/mailman/listinfo/ace > =20 > =20 > _______________________________________________ > Ace mailing list > Ace@ietf.orghttps://www.ietf.org/mailman/listinfo/ace > =20 =20 =20 =20 _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace --B_3567232843_20572741 Content-type: text/html; charset="GB2312" Content-transfer-encoding: quoted-printable
Oh, sorry, my mistake.

I made a mistake between you and Mike Jones.

<= /div>
Let’s change our call to Option 1, 9th Feb, Thursday, GMT 14= :00 ~ 15:00.

I will send out the WebEx info later.<= /div>

Kind Regards
Kepeng

<= span id=3D"OLK_SRC_BODY_SECTION">
=B7=A2=BC=FE=C8=CB: Ace <ace-bounces@ietf.org> on behalf of Michael StJohns <<= a href=3D"mailto:mstjohns@comcast.net">mstjohns@comcast.net>
=C8=D5=C6=DA: Saturday, 14 January 2017 at 12:28 AM<= br>=D6=C1: <ace@ietf.org>
=D6=F7=CC=E2: Re:= [Ace] Doodle for ACE virtual interim meeting

On 1/13/2017 4:44 AM, Kepeng Li wrote:
=
Hallo all,

According to the doodle poll, let’s have a call on 14th Fe= b, GMT 15:00 ~ 15:59.

We have the same amount of participants about Option 1, 2, and 4. 

Considering that Mike has strong position about this draft, so I accommodate his choice to allow him to participate.
Sorry what?   I'm assuming by "Mike" you mean me. I missed th= e original doodle call and haven't actually made a choice.  I can't actually make the 14th as I'm on a plane.

I can make either of the Thursday 9 February times though.

In any event, if the slides are ready ahead of time I'll just provide some commentary on the mailing list.   I note that th= e authors haven't engaged with the comments provided by Jim Schaad and it would be useful if they do so.

WRT to the document, its difficult to make any judgements or suggest any improvements without understanding the goals of the document. = As a bare minimum, up front the document should a) define "low latency" including each element that contributes to the calculation&nbs= p; (this has been a moving target - it was something like 250ms for DICE and appears to have moved downward in ACE) and b) define the security services that are to be provided when using the keys served up by this protocol.   (e.g. it currently appears that the do= cument is proposing a key management scheme for group confidentiality, group integrity and group authentication).   Lastly, the docu= ment needs to include any other constraints.  In the instant case, low latency may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the document - low/no cost for the build of the product (it's referred to obliquely as processing cost for the constrained device and is more properly attributed to the BOM).

If there is any other application besides lighting that has a use for this protocol - now is the time to bring it forward.

Finally, a statement of security requirements for the exemplar application (lighting) should be provided so that the protocol can be evaluated against those requirements to see if we've actually managed to come up with something that meets the needs.

Mike



Authors, please prepare some slides for the discussion.

I will send the WebEx information later.

Thanks,

Kind Regards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bounces@ietf.org> on behalf of Li Kepeng <kepeng.lkp@alibaba-inc.com>
=C8=D5=C6=DA: Saturday, 7 January 2017 at 8:43 PM
=D6=C1: ace <ace@ietf.org>
=B3=AD=CB=CD: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
=D6=F7=CC=E2: [Ace] Doodle for ACE virtual interim meeting

Hi all,

To speed up our progress on group communication security draft, we plan to have a virtual interim meeting in the middle of Feb.

I proposed four options for the meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2. 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00.
4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59.

Please indicate your available time from the doodle poll:

We will mainly discuss this draft:

Thanks,

Kind Regards
Kepeng 

_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace 

_______________________________________________
Ace mailing list
Ace@ietf.org=
https://www.ietf.org/mailman/listinfo/ace


_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/ma= ilman/listinfo/ace --B_3567232843_20572741-- From nobody Fri Jan 13 18:31:07 2017 Return-Path: X-Original-To: ace@ietf.org Delivered-To: ace@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A2787129641; Fri, 13 Jan 2017 18:31:06 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.40.3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <148436106666.9748.15598068824988201665.idtracker@ietfa.amsl.com> Date: Fri, 13 Jan 2017 18:31:06 -0800 Archived-At: Cc: ace@ietf.org Subject: [Ace] I-D Action: draft-ietf-ace-cbor-web-token-02.txt X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2017 02:31:06 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Authentication and Authorization for Constrained Environments of the IETF. Title : CBOR Web Token (CWT) Authors : Michael B. Jones Erik Wahlstr枚m Samuel Erdtman Hannes Tschofenig Filename : draft-ietf-ace-cbor-web-token-02.txt Pages : 21 Date : 2017-01-13 Abstract: CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/ value pair consisting of a claim name and a claim value. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-cbor-web-token-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Jan 13 18:35:03 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A35A5129641 for ; Fri, 13 Jan 2017 18:35:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qbR4favDUwsH for ; Fri, 13 Jan 2017 18:35:00 -0800 (PST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0116.outbound.protection.outlook.com [104.47.42.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44481129542 for ; Fri, 13 Jan 2017 18:35:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3mgGlTAfVfWLSKDTs9h+5LaVglPlCxn7wERlI5+3TWc=; b=KpiUG/mcpVB/WiAWW37iA4dykodZKeoMoZcaHP7+qVHXfph8ORai08KI36DJviEXrsFaFv69M2hAVFIYcD6gmtIdKhY0MuAapZmvoMVU/ouYqO1ur0QHXByK2Y7l7cvTU8uNCQcpdcq8vTO7mRH4wqVFpmzLp0RFmPiVLONB8J4= Received: from BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) by BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.12; Sat, 14 Jan 2017 02:34:57 +0000 Received: from BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) by BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) with mapi id 15.01.0845.013; Sat, 14 Jan 2017 02:34:57 +0000 From: Mike Jones To: "ace@ietf.org" Thread-Topic: Media Type registration added to CBOR Web Token (CWT) Thread-Index: AdJuC71VEwe3pJGbRXmuXQEUKCJmEQ== Date: Sat, 14 Jan 2017 02:34:57 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-originating-ip: [2001:4898:80e8:d::27d] x-ms-office365-filtering-correlation-id: a69cd96c-7900-4d0e-f835-08d43c25ee6a x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BN3PR03MB2355; x-microsoft-exchange-diagnostics: 1; BN3PR03MB2355; 7:kY07s9rKCuIO3u668lOi5aEUctviejyKVNg/iJpENqEicOiFoLxjubYo176ZGkoR5paNJlfUD8lfGOi8tBRGKb9ijAmt2eqmQ+gN5r3Ebg62ZGLjdhu3QoEaEGbCsGAz000wBwdIH30Y/AR1VUXInZ6/5ga8huw12YPgVO3h8G/ATzfTeYCj19cfej0Pkf4ymzHItCII+RpUSfhMRT0CaM6TgY5Pu+YjeAfHq0hBBHEKoOnd/fpYL+OHD+YHpQgJ7FIdsTNOyDD2lIwWa013NqR9TESGSRrFkc2j4Gk3VhrK2h6IWtth4o36S5SUV4WQYCuXcYaREQe5uDL2xZFY658ztvSEjrzHRaMDA+czW3TezHNBI+KZUpyRQjNrgok5Zg8YfwTWuKCE1Lw0slLnzkO3haAKlmH4LByKsgVbqguKyNNiiRhvS3x28KcuP31DRN0JFLxUkQ5TOEvFE53KyQkemhyFjLy/cwsUsT8VK4o= x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(31418570063057)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(6072148)(6047074); SRVR:BN3PR03MB2355; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB2355; x-forefront-prvs: 0187F3EA14 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39860400002)(39450400003)(39840400002)(39850400002)(39410400002)(209900001)(199003)(189002)(122556002)(7736002)(5630700001)(3660700001)(33656002)(2501003)(2351001)(2906002)(81156014)(81166006)(86362001)(6306002)(86612001)(6916009)(1730700003)(790700001)(8676002)(54356999)(102836003)(7696004)(6116002)(10290500002)(50986999)(27001)(105586002)(106356001)(74316002)(7906003)(110136003)(6506006)(8990500004)(5005710100001)(8936002)(101416001)(606005)(6436002)(38730400001)(68736007)(19609705001)(10090500001)(54896002)(25786008)(5640700003)(107886002)(77096006)(55016002)(97736004)(2900100001)(189998001)(99286003)(450100001)(5660300001)(92566002)(9686003)(3280700002)(236005)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB2355; H:BN3PR03MB2355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BN3PR03MB2355EFB6043493CF4710E0E7F57B0BN3PR03MB2355namp_" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2017 02:34:57.5835 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2355 Archived-At: Subject: [Ace] Media Type registration added to CBOR Web Token (CWT) X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2017 02:35:02 -0000 --_000_BN3PR03MB2355EFB6043493CF4710E0E7F57B0BN3PR03MB2355namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The CBOR Web Token (CWT) specification now registers the "application/cwt" = media type, which accompanies the existing CoAP Content-Format ID registrat= ion for this media type. The description of nested CWTs, which uses this c= ontent type, was clarified. This draft also corrected some nits identified= by Ludwig Seitz. The specification is available at: * https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-02 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-02.htm= l -- Mike P.S. This notice was also posted at http://self-issued.info/?p=3D1626 and = as @selfissued. --_000_BN3PR03MB2355EFB6043493CF4710E0E7F57B0BN3PR03MB2355namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The CBOR Web Token (CWT) specification now registers= the “application= /cwt” media type, which accompanies the existing CoAP Content-= Format ID registration for this media type.  The description of nested CWTs, which uses this content type, was clarified.  This dr= aft also corrected some nits identified by Ludwig Seitz.

 

The specification is available at:

 

An HTML-formatted version is also available at:=

·      &n= bsp;  http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-02.ht= ml

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;        -- Mike

 

P.S.  This notice was also posted at http://self-issued.info/?p=3D1626 and as @selfissued.

--_000_BN3PR03MB2355EFB6043493CF4710E0E7F57B0BN3PR03MB2355namp_-- From nobody Sat Jan 14 04:00:39 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04B97129525 for ; Sat, 14 Jan 2017 04:00:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.72 X-Spam-Level: X-Spam-Status: No, score=-17.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7lhQ4snUDFab for ; Sat, 14 Jan 2017 04:00:32 -0800 (PST) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AF7C12951A for ; Sat, 14 Jan 2017 04:00:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=14962; q=dns/txt; s=iport; t=1484395232; x=1485604832; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=puePVsor8QBO28wolnqkpjU2IwE+DSaTS4Q4JiDgqNk=; b=EA2ATnXwICL8SfxCP6ljKFpYetwj75gHPpmZFWOALyHTmjHEFwK1YZqf qTZHsYZOUlBcgrzJnRXIz/Dbvd4qOMNXisXUfWawurS+BcusGMxqKA1UE m0kGTavZ/7VBDvVCPXJRrv2FL8gnJeIkE0dDx49yHN6kw8viwAqbS+6f0 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AiAQC0EXpY/4gNJK1eGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm9KAQEBAQEfX4EJjViRdh+IBId9hSuCCx8BCoV4AoIYPxgBAgE?= =?us-ascii?q?BAQEBAQFjKIRqAgQBAWwLEAIBCD8HIQYLFBECBA4FCYhfAxgOsw4rhw0NgkwBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEdhkWCAgiCXYJCDoUrgjEFmwI4AYZchn6EBIF?= =?us-ascii?q?3UYQ9iWiKGIhTAR84gUQVOhABhiFzAYkZAQEB?= X-IronPort-AV: E=Sophos;i="5.33,227,1477958400"; d="scan'208,217";a="371946329" Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Jan 2017 12:00:31 +0000 Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v0EC0U9C016437 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 14 Jan 2017 12:00:31 GMT Received: from xch-aln-005.cisco.com (173.36.7.15) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sat, 14 Jan 2017 06:00:29 -0600 Received: from xch-aln-005.cisco.com ([173.36.7.15]) by XCH-ALN-005.cisco.com ([173.36.7.15]) with mapi id 15.00.1210.000; Sat, 14 Jan 2017 06:00:29 -0600 From: "Eliot Lear (elear)" To: Kepeng Li Thread-Topic: [Ace] Doodle for ACE virtual interim meeting Thread-Index: AQHSbgoSulijqGcP8kO7xpyTliO6bqE334Qb Date: Sat, 14 Jan 2017 12:00:28 +0000 Message-ID: <1EFCA464-1701-411A-8144-728EB53082F4@cisco.com> References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: multipart/alternative; boundary="_000_1EFCA4641701411A8144728EB53082F4ciscocom_" MIME-Version: 1.0 Archived-At: Cc: Michael StJohns , "ace@ietf.org" Subject: Re: [Ace] Doodle for ACE virtual interim meeting X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2017 12:00:37 -0000 --_000_1EFCA4641701411A8144728EB53082F4ciscocom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I think at least one of the draft authors is away until the 8th. Can we pu= sh out a week? Eliot On Jan 13, 2017, at 6:01 PM, Kepeng Li > wrote: Oh, sorry, my mistake. I made a mistake between you and Mike Jones. Let's change our call to Option 1, 9th Feb, Thursday, GMT 14:00 ~ 15:00. I will send out the WebEx info later. Kind Regards Kepeng ???: Ace > on behalf of M= ichael StJohns > ??: Saturday, 14 January 2017 at 12:28 AM ?: > ??: Re: [Ace] Doodle for ACE virtual interim meeting On 1/13/2017 4:44 AM, Kepeng Li wrote: Hallo all, According to the doodle poll, let's have a call on 14th Feb, GMT 15:00 ~ 15= :59. We have the same amount of participants about Option 1, 2, and 4. Considering that Mike has strong position about this draft, so I accommodat= e his choice to allow him to participate. Sorry what? I'm assuming by "Mike" you mean me. I missed the original doo= dle call and haven't actually made a choice. I can't actually make the 14t= h as I'm on a plane. I can make either of the Thursday 9 February times though. In any event, if the slides are ready ahead of time I'll just provide some = commentary on the mailing list. I note that the authors haven't engaged w= ith the comments provided by Jim Schaad and it would be useful if they do s= o. WRT to the document, its difficult to make any judgements or suggest any im= provements without understanding the goals of the document. As a bare mini= mum, up front the document should a) define "low latency" including each el= ement that contributes to the calculation (this has been a moving target -= it was something like 250ms for DICE and appears to have moved downward in= ACE) and b) define the security services that are to be provided when usin= g the keys served up by this protocol. (e.g. it currently appears that th= e document is proposing a key management scheme for group confidentiality, = group integrity and group authentication). Lastly, the document needs to = include any other constraints. In the instant case, low latency may be acc= omplished by hardware for public key operations - but there is a constraint= never actually cited in the document - low/no cost for the build of the pr= oduct (it's referred to obliquely as processing cost for the constrained de= vice and is more properly attributed to the BOM). If there is any other application besides lighting that has a use for this = protocol - now is the time to bring it forward. Finally, a statement of security requirements for the exemplar application = (lighting) should be provided so that the protocol can be evaluated against= those requirements to see if we've actually managed to come up with someth= ing that meets the needs. Mike Authors, please prepare some slides for the discussion. I will send the WebEx information later. Thanks, Kind Regards Kepeng ???: Ace > on behalf of L= i Kepeng > ??: Saturday, 7 January 2017 at 8:43 PM ?: ace > ??: Kathleen Moriarty >, Hannes Tschofenig > ??: [Ace] Doodle for ACE virtual interim meeting Hi all, To speed up our progress on group communication security draft, we plan to = have a virtual interim meeting in the middle of Feb. I proposed four options for the meeting time: 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. Please indicate your available time from the doodle poll: http://doodle.com/poll/v6nbeggazekaq2ut We will mainly discuss this draft: https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ Thanks, Kind Regards Kepeng _______________________________________________ Ace mailing list Ace@ietf.o= rg https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.orghttps://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.o= rg https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace --_000_1EFCA4641701411A8144728EB53082F4ciscocom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
I think at least one of the draft authors is away until the 8th.  = ;Can we push out a week?

Eliot

On Jan 13, 2017, at 6:01 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:

Oh, sorry, my mistake.

I made a mistake between you and Mike Jones.

Let’s change our call to Option 1, 9th Feb, Thursday, GMT 14:00 = ~ 15:00.

I will send out the WebEx info later.

Kind Regards
Kepeng

发件人: Ace <<= a href=3D"mailto:ace-bounces@ietf.org">ace-bounces@ietf.org> on beha= lf of Michael StJohns <mstjohns@= comcast.net>
日期: Saturday, 14 Janu= ary 2017 at 12:28 AM
至: <ace@ietf.org>
主题: Re: [Ace] Doodle = for ACE virtual interim meeting

On 1/13/2017 4:44 AM, Kepeng Li wrote:
Hallo all,

According to the doodle poll, let’s have a call on 14th Feb, GMT= 15:00 ~ 15:59.

We have the same amount of participants about Option 1, 2, and 4. = ;

Considering that Mike has strong position about this draft, so I accom= modate his choice to allow him to participate.
Sorry what?   I'm assuming by "Mike" you mean me. I mis= sed the original doodle call and haven't actually made a choice.  I ca= n't actually make the 14th as I'm on a plane.

I can make either of the Thursday 9 February times though.

In any event, if the slides are ready ahead of time I'll just provide some = commentary on the mailing list.   I note that the authors haven't= engaged with the comments provided by Jim Schaad and it would be useful if= they do so.

WRT to the document, its difficult to make any judgements or suggest any im= provements without understanding the goals of the document.  As a bare= minimum, up front the document should a) define "low latency" in= cluding each element that contributes to the calculation  (this has been a moving target - it was something like 250ms for DICE and = appears to have moved downward in ACE) and b) define the security services = that are to be provided when using the keys served up by this protocol.&nbs= p;  (e.g. it currently appears that the document is proposing a key management scheme for group confidentiality, g= roup integrity and group authentication).   Lastly, the document = needs to include any other constraints.  In the instant case, low late= ncy may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the doc= ument - low/no cost for the build of the product (it's referred to obliquel= y as processing cost for the constrained device and is more properly attrib= uted to the BOM).

If there is any other application besides lighting that has a use for this = protocol - now is the time to bring it forward.

Finally, a statement of security requirements for the exemplar application = (lighting) should be provided so that the protocol can be evaluated against= those requirements to see if we've actually managed to come up with someth= ing that meets the needs.

Mike



Authors, please prepare some slides for the discussion.

I will send the WebEx information later.

Thanks,

Kind Regards
Kepeng

发件人: Ace <<= a moz-do-not-send=3D"true" href=3D"mailto:ace-bounces@ietf.org">ace-bounces= @ietf.org> on behalf of Li Kepeng <kepeng.lkp@alibaba-inc.com>=
日期: Saturday, 7 Janua= ry 2017 at 8:43 PM
至: ace <ace@ietf.org>
抄送: Kathleen Moriarty= <kathleen.moriarty.ietf@gmail.com>, Hannes Tschofenig <hannes.ts= chofenig@gmx.net>
主题: [Ace] Doodle for = ACE virtual interim meeting

Hi all,

To speed up our progress on group communication security draft, we pla= n to have a virtual interim meeting in the middle of Feb.

I proposed four options for the meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2. 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00.
4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59.

Please indicate your available time from the doodle poll:

We will mainly discuss this draft:

Thanks,

Kind Regards
Kepeng 

_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace 

_______________________________________________
Ace mailing list
Ace@ietf=
.orghttps://www.ietf.org/mailman/listinfo/ace


_______________________________________________ Ace mailing list Ace@ietf.org http= s://www.ietf.org/mailman/listinfo/ace
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.iet= f.org/mailman/listinfo/ace
--_000_1EFCA4641701411A8144728EB53082F4ciscocom_-- From nobody Mon Jan 16 05:56:06 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D34B126B6D for ; Mon, 16 Jan 2017 05:56:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.598 X-Spam-Level: X-Spam-Status: No, score=-0.598 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCaVNGSftaU1 for ; Mon, 16 Jan 2017 05:56:01 -0800 (PST) Received: from out0-133.mail.aliyun.com (out0-133.mail.aliyun.com [140.205.0.133]) by ietfa.amsl.com (Postfix) with ESMTP id 6C7EF1294D1 for ; Mon, 16 Jan 2017 05:55:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1484574954; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=MeEVjA6DlVjqWwCSwaFg9qNbYNmedF6mtRqOeodY+Vk=; b=mB7KQtACR+WxkTrye4cbGfeVVe8iTnpKCoj1DXjTcia4W0wnfHmYZqLcbaa4WkLxwuFvXWpMbpCxXIWwcGGw6lEjiTEhvwCxQY7NTULVuxJUwY7rM4XXkBpV89Pu3GIJ/NpvcOZN9+YYe39RgZ66HI/v7Mtuud1aTrD9eyH1dHs= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R131e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03310; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=3; SR=0; TI=SMTPD_---.7SXhe9B_1484574943; Received: from 30.39.18.3(mailfrom:kepeng.lkp@alibaba-inc.com ip:42.120.73.207) by smtp.aliyun-inc.com(127.0.0.1); Mon, 16 Jan 2017 21:55:46 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Mon, 16 Jan 2017 21:55:40 +0800 From: "Kepeng Li" To: "Eliot Lear (elear)" Message-ID: Thread-Topic: [Ace] Doodle for ACE virtual interim meeting References: <1EFCA464-1701-411A-8144-728EB53082F4@cisco.com> In-Reply-To: <1EFCA464-1701-411A-8144-728EB53082F4@cisco.com> Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3567448544_24936401" Archived-At: Cc: Michael StJohns , "ace@ietf.org" Subject: Re: [Ace] Doodle for ACE virtual interim meeting X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2017 13:56:05 -0000 > 此邮件使用 MIME 格式。由于邮件阅读程序不能识别 此格式,因此,可能无法识别该邮件的分部或部分内容。 --B_3567448544_24936401 Content-type: text/plain; charset="GB2312" Content-transfer-encoding: quoted-printable OK.=20 I added two more options in the original doodle poll: Option 5. 16th Feb, Thursday, GMT 14:00 ~ 15:00. Option 6. 16th Feb, Thursday, GMT 15:00 ~ 15:59. Please fill out the two additional doodle poll options: http://doodle.com/poll/v6nbeggazekaq2ut I will check the results at the end of this week. Thanks, Kind Regards Kepeng =B7=A2=BC=FE=C8=CB: "Eliot Lear (elear)" =C8=D5=C6=DA: Saturday, 14 January 2017 at 8:00 PM =D6=C1: Li Kepeng =B3=AD=CB=CD: Michael StJohns , "ace@ietf.org" =D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual interim meeting I think at least one of the draft authors is away until the 8th. Can we push out a week? Eliot On Jan 13, 2017, at 6:01 PM, Kepeng Li wrote: > Oh, sorry, my mistake. >=20 > I made a mistake between you and Mike Jones. >=20 > Let=A1=AFs change our call to Option 1, 9th Feb, Thursday, GMT 14:00 ~ 15:00. >=20 > I will send out the WebEx info later. >=20 > Kind Regards > Kepeng >=20 > =B7=A2=BC=FE=C8=CB: Ace on behalf of Michael StJohns > > =C8=D5=C6=DA: Saturday, 14 January 2017 at 12:28 AM > =D6=C1: > =D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual interim meeting >=20 > On 1/13/2017 4:44 AM, Kepeng Li wrote: >> Hallo all, >>=20 >> According to the doodle poll, let=A1=AFs have a call on 14th Feb, GMT 15:00 = ~ >> 15:59. >>=20 >> We have the same amount of participants about Option 1, 2, and 4. >>=20 >> Considering that Mike has strong position about this draft, so I accommo= date >> his choice to allow him to participate. > Sorry what? I'm assuming by "Mike" you mean me. I missed the original d= oodle > call and haven't actually made a choice. I can't actually make the 14th = as > I'm on a plane. >=20 > I can make either of the Thursday 9 February times though. >=20 > In any event, if the slides are ready ahead of time I'll just provide som= e > commentary on the mailing list. I note that the authors haven't engaged= with > the comments provided by Jim Schaad and it would be useful if they do so. >=20 > WRT to the document, its difficult to make any judgements or suggest any > improvements without understanding the goals of the document. As a bare > minimum, up front the document should a) define "low latency" including e= ach > element that contributes to the calculation (this has been a moving targ= et - > it was something like 250ms for DICE and appears to have moved downward i= n > ACE) and b) define the security services that are to be provided when usi= ng > the keys served up by this protocol. (e.g. it currently appears that th= e > document is proposing a key management scheme for group confidentiality, = group > integrity and group authentication). Lastly, the document needs to incl= ude > any other constraints. In the instant case, low latency may be accomplis= hed > by hardware for public key operations - but there is a constraint never > actually cited in the document - low/no cost for the build of the product > (it's referred to obliquely as processing cost for the constrained device= and > is more properly attributed to the BOM). >=20 > If there is any other application besides lighting that has a use for thi= s > protocol - now is the time to bring it forward. >=20 > Finally, a statement of security requirements for the exemplar applicatio= n > (lighting) should be provided so that the protocol can be evaluated again= st > those requirements to see if we've actually managed to come up with somet= hing > that meets the needs. >=20 > Mike >=20 >=20 >>=20 >> Authors, please prepare some slides for the discussion. >>=20 >> I will send the WebEx information later. >>=20 >> Thanks, >>=20 >> Kind Regards >> Kepeng >>=20 >> =B7=A2=BC=FE=C8=CB: Ace on behalf of Li Kepeng >> >> =C8=D5=C6=DA: Saturday, 7 January 2017 at 8:43 PM >> =D6=C1: ace >> =B3=AD=CB=CD: Kathleen Moriarty , Hannes Tscho= fenig >> >> =D6=F7=CC=E2: [Ace] Doodle for ACE virtual interim meeting >>=20 >> Hi all, >>=20 >> To speed up our progress on group communication security draft, we plan = to >> have a virtual interim meeting in the middle of Feb. >>=20 >> I proposed four options for the meeting time: >> 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. >> 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. >> 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. >> 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. >>=20 >> Please indicate your available time from the doodle poll: >> http://doodle.com/poll/v6nbeggazekaq2ut >>=20 >> We will mainly discuss this draft: >> https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ >>=20 >> Thanks, >>=20 >> Kind Regards >> Kepeng=20 >>=20 >> _______________________________________________ Ace mailing list Ace@iet= f.org >> https://www.ietf.org/mailman/listinfo/ace >> =20 >> _______________________________________________ >> Ace mailing list >> Ace@ietf.orghttps://www.ietf.org/mailman/listinfo/ace >=20 > _______________________________________________ Ace mailing list Ace@ietf= .org > https://www.ietf.org/mailman/listinfo/ace > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace --B_3567448544_24936401 Content-type: text/html; charset="GB2312" Content-transfer-encoding: quoted-printable
OK. 

I added two more options in the original doodle poll:
Opti= on 5. 16th Feb, Thursday, GMT 14:00 ~ 15:00.
Option 6. 16th Feb, T= hursday, GMT 15:00 ~ 15:59.

Please fill out t= he two additional doodle poll options:

I will check the res= ults at the end of this week.

Thanks,
Kin= d Regards
Kepeng

=B7= =A2=BC=FE=C8=CB: "Eliot Lear (elear)" <ele= ar@cisco.com>
=C8=D5=C6=DA: Saturda= y, 14 January 2017 at 8:00 PM
=D6=C1: = Li Kepeng <kepeng.lkp@alibaba= -inc.com>
=B3=AD=CB=CD: Michael StJ= ohns <mstjohns@comcast.net>,= "ace@ietf.org" <ace@ietf.org>
=D6=F7=CC=E2: = Re: [Ace] Doodle for ACE virtual interim meeting

I think at least one of the draft authors is away until th= e 8th.  Can we push out a week?

Eliot

On Jan 13, 2017, at 6:01 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:

Oh, sorry, my mistake.

I m= ade a mistake between you and Mike Jones.

Let’= ;s change our call to Option 1, 9th Feb, Thursday, GMT 14:00 ~ 15:00.
<= div>
I will send out the WebEx info later.

Kind Regards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bou= nces@ietf.org> on behalf of Michael StJohns <mstjohns@comcast.net>
=C8=D5=C6=DA: Saturday, 14 January 2017 at 12:28 AM
=D6=C1: <ace@ietf.org&g= t;
=D6=F7=CC=E2: Re: [Ace] Doodle for ACE v= irtual interim meeting

On 1/13/2017 4:44 AM, Kepeng Li w= rote:
Hallo all,

According to the = doodle poll, let’s have a call on 14th Feb, GMT 15:00 ~ 15:59.

We have the same amount of participants about Option 1, 2,= and 4. 

Considering that Mike has strong posi= tion about this draft, so I accommodate his choice to allow him to participa= te.
Sorry what?   I'm assuming by "Mike" you mean me. I missed the or= iginal doodle call and haven't actually made a choice.  I can't actuall= y make the 14th as I'm on a plane.

I can make either of the Thursday 9 February times though.

In any event, if the slides are ready ahead of time I'll just provide some = commentary on the mailing list.   I note that the authors haven't = engaged with the comments provided by Jim Schaad and it would be useful if t= hey do so.

WRT to the document, its difficult to make any judgements or suggest any im= provements without understanding the goals of the document.  As a bare = minimum, up front the document should a) define "low latency" including each= element that contributes to the calculation  (this has been a moving target - it was something like 250ms for DICE and = appears to have moved downward in ACE) and b) define the security services t= hat are to be provided when using the keys served up by this protocol. =   (e.g. it currently appears that the document is proposing a key management scheme for group confidentiality, g= roup integrity and group authentication).   Lastly, the document n= eeds to include any other constraints.  In the instant case, low latenc= y may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the doc= ument - low/no cost for the build of the product (it's referred to obliquely= as processing cost for the constrained device and is more properly attribut= ed to the BOM).

If there is any other application besides lighting that has a use for this = protocol - now is the time to bring it forward.

Finally, a statement of security requirements for the exemplar application = (lighting) should be provided so that the protocol can be evaluated against = those requirements to see if we've actually managed to come up with somethin= g that meets the needs.

Mike



Authors, please prepare some slides = for the discussion.

I will send the WebEx informati= on later.

Thanks,

Kind Reg= ards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bounces@ietf.org> on behalf of Li Kepeng <<= a moz-do-not-send=3D"true" href=3D"mailto:kepeng.lkp@alibaba-inc.com">kepeng.lkp= @alibaba-inc.com>
=C8=D5=C6=DA: Satu= rday, 7 January 2017 at 8:43 PM
=D6=C1: ace <ace@ietf.org>
=B3=AD=CB=CD: Kathleen Moriarty <= kat= hleen.moriarty.ietf@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net= >
=D6=F7=CC=E2: [Ace] Doodle for ACE= virtual interim meeting

Hi all,

To speed up our progress o= n group communication security draft, we plan to have a virtual interim meet= ing in the middle of Feb.

I proposed four options f= or the meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2. 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesda= y, GMT 14:00 ~ 15:00.
4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59= .

Please indicate your available time from the dood= le poll:

We will mainly discuss this = draft:

Thanks,

=
Kind Regards
Kepeng 
=

_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace 

__________________________=
_____________________
Ace mailing list
Ace@ietf.org=
https://www.ietf.org/mailman/listinfo/ace

_______________________________________________ Ace mailing list Ace@ietf.org https:= //www.ietf.org/mailman/listinfo/ace
_______________________________________________
Ace mailing list
A= ce@ietf.org
https://www.ietf.org/mailman/listinfo/ace
 --B_3567448544_24936401-- From nobody Mon Jan 16 15:00:02 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25CD8129854; Mon, 16 Jan 2017 15:00:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.4 X-Spam-Level: X-Spam-Status: No, score=-7.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4EV8-g4_5L_M; Mon, 16 Jan 2017 14:59:59 -0800 (PST) Received: from xenon21.um.es (xenon21.um.es [155.54.212.161]) by ietfa.amsl.com (Postfix) with ESMTP id DD48612984C; Mon, 16 Jan 2017 14:59:58 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by xenon21.um.es (Postfix) with ESMTP id 15C723F818; Mon, 16 Jan 2017 23:59:56 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon21.um.es Received: from xenon21.um.es ([127.0.0.1]) by localhost (xenon21.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id RoTKwFlfBNRl; Mon, 16 Jan 2017 23:59:56 +0100 (CET) Received: from [192.168.1.206] (40.red-81-33-45.dynamicip.rima-tde.net [81.33.45.40]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dan.garcia@um.es) by xenon21.um.es (Postfix) with ESMTPSA id 93C143F807; Mon, 16 Jan 2017 23:59:53 +0100 (CET) From: =?utf-8?Q?Dan_Garc=C3=ADa_Carrillo?= Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 16 Jan 2017 23:59:52 +0100 Message-Id: To: core@ietf.org, ace@ietf.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) Archived-At: Cc: =?utf-8?Q?Dan_Garc=C3=ADa_Carrillo?= Subject: [Ace] App-layer security for CoAP using (D)TLS record layer X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2017 23:00:01 -0000 Hello all:=20 We submitted some time ago an I-D proposing the use of an active (D)TLS = Record (e.g. running DTLS over CoAP or presenting a token with crypto = material that is used to create the required keys for the DTLS record) = to provide application level security for CoAP.=20 = https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-reco= rd-00 The idea is to use an active (D)TLS record to protect part of the CoAP = message following the rules established for OSCOAP: - The content to protect of a CoAP message (code, version, options to = protect and payload if any) is fed to the (D)TLS record.=20 - The output is the CoAP content to protect with a (D)TLS record header = prepended. - That would be set into the payload of a modified version of the = original CoAP message (before it is protected) that only contains = options that do not need to be protected. We think this could add to an interesting discussion to the subject of = Security for CoAP at application layer.=20 Comments are welcome,=20 Best Regards.= From nobody Wed Jan 18 13:04:38 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C66671293E4; Wed, 18 Jan 2017 13:04:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.721 X-Spam-Level: X-Spam-Status: No, score=-17.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UEuPhbha1sBl; Wed, 18 Jan 2017 13:04:35 -0800 (PST) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 327AD127077; Wed, 18 Jan 2017 13:04:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1794; q=dns/txt; s=iport; t=1484773475; x=1485983075; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Zgt7CbbSWYwiNvpEEvj+vpBTZNBAXMGNptb5TDmrSvU=; b=PVGCzqMy9IHEbK6+jYQ4ynSIWe8LXfdLf8pBSxNvZt+qVD8zsLhQUBOU xV9Bj4r5jfPB7nVEg8ZBBXY5YaUaIamweTNgtF9qnjeakiXwxh2eBb4Ba /Ffbh690d90ye31YdjaQruXuSsjq7lYF/7UcLHmFJVoaLARbNqtmLdCy1 U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AVAQD01n9Y/5ldJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgzkBAQEBAR9ggQkHjVKSApUsggsfDYV2AoIEPxgBAgEBAQEBAQF?= =?us-ascii?q?jKIRpAQEBBAEBZQcXBAIBCBEEAQEoBycLFAkIAgQBEgiIew6yPYpAAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBGAWGS4Ruii0Fj2eLWgGGXop6kHaSbgEfOIFEFTqGM3O?= =?us-ascii?q?HdAGBDAEBAQ?= X-IronPort-AV: E=Sophos;i="5.33,250,1477958400"; d="scan'208";a="194888106" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jan 2017 21:04:34 +0000 Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v0IL4YdW025806 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Jan 2017 21:04:34 GMT Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 18 Jan 2017 15:04:33 -0600 Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Wed, 18 Jan 2017 15:04:33 -0600 From: "Panos Kampanakis (pkampana)" To: =?iso-8859-1?Q?Dan_Garc=EDa_Carrillo?= , "core@ietf.org" , "ace@ietf.org" Thread-Topic: [Ace] App-layer security for CoAP using (D)TLS record layer Thread-Index: AQHScExKzJMWx75El0epERyGvy0pMqE+ujrA Date: Wed, 18 Jan 2017 21:04:33 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [64.102.61.131] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Ace] App-layer security for CoAP using (D)TLS record layer X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2017 21:04:37 -0000 Hi Dan, So if I understand this correctly, the intention of this draft is to descri= be how COAP header fields, options and data can be protected with DTLS (hen= ce DTLS record) regardless of the key exchange mechanism. Is it intended as= an alternative to OSCOAP/EDHOC? Thanks, Panos -----Original Message----- From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Dan Garc=EDa Carrillo Sent: Monday, January 16, 2017 6:00 PM To: core@ietf.org; ace@ietf.org Cc: Dan Garc=EDa Carrillo Subject: [Ace] App-layer security for CoAP using (D)TLS record layer Hello all:=20 We submitted some time ago an I-D proposing the use of an active (D)TLS Rec= ord (e.g. running DTLS over CoAP or presenting a token with crypto materia= l that is used to create the required keys for the DTLS record) to provide = application level security for CoAP.=20 https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-reco= rd-00 The idea is to use an active (D)TLS record to protect part of the CoAP mess= age following the rules established for OSCOAP: - The content to protect of a CoAP message (code, version, options to prot= ect and payload if any) is fed to the (D)TLS record.=20 - The output is the CoAP content to protect with a (D)TLS record header pr= epended. - That would be set into the payload of a modified version of the original= CoAP message (before it is protected) that only contains options that do n= ot need to be protected. We think this could add to an interesting discussion to the subject of Secu= rity for CoAP at application layer.=20 Comments are welcome,=20 Best Regards. _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace From nobody Thu Jan 19 10:15:36 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDE861294A2; Thu, 19 Jan 2017 10:15:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.42 X-Spam-Level: X-Spam-Status: No, score=-7.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pEKaJUqMzBSf; Thu, 19 Jan 2017 10:15:30 -0800 (PST) Received: from xenon23.um.es (xenon23.um.es [155.54.212.163]) by ietfa.amsl.com (Postfix) with ESMTP id 1DE46129499; Thu, 19 Jan 2017 10:15:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by xenon23.um.es (Postfix) with ESMTP id 62D668003; Thu, 19 Jan 2017 19:15:29 +0100 (CET) X-Virus-Scanned: by antispam in UMU at xenon23.um.es Received: from xenon23.um.es ([127.0.0.1]) by localhost (xenon23.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id pGKLkCVtiIUA; Thu, 19 Jan 2017 19:15:29 +0100 (CET) Received: from [192.168.0.101] (unknown [84.236.168.161]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dan.garcia@um.es) by xenon23.um.es (Postfix) with ESMTPSA id DE7628000; Thu, 19 Jan 2017 19:15:26 +0100 (CET) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: =?iso-8859-1?Q?Dan_Garc=EDa_Carrillo?= In-Reply-To: Date: Thu, 19 Jan 2017 19:15:25 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <8DA0C70A-59FE-4AB3-948C-EE5D91B6A170@um.es> References: To: "Panos Kampanakis (pkampana)" X-Mailer: Apple Mail (2.3124) Archived-At: Cc: "core@ietf.org" , =?iso-8859-1?Q?Dan_Garc=EDa_Carrillo?= , "ace@ietf.org" Subject: Re: [Ace] App-layer security for CoAP using (D)TLS record layer X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2017 18:15:32 -0000 Hi Panos,=20 Thank you for your question. Yes, it can be considered as an alternative.=20 The starting point of our work was to leverage the existing source code = for DTLS in the nodes.=20 Thus, we would save additional resources (e.g. code wise) since we would = re-use a DTLS implementation to achieve (object) security at CoAP level = (application layer)=20 Best Regards,=20 Dan. > El 18 ene 2017, a las 22:04, Panos Kampanakis (pkampana) = escribi=F3: >=20 > Hi Dan, > So if I understand this correctly, the intention of this draft is to = describe how COAP header fields, options and data can be protected with = DTLS (hence DTLS record) regardless of the key exchange mechanism. Is it = intended as an alternative to OSCOAP/EDHOC? > Thanks, > Panos >=20 >=20 > -----Original Message----- > From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Dan Garc=EDa = Carrillo > Sent: Monday, January 16, 2017 6:00 PM > To: core@ietf.org; ace@ietf.org > Cc: Dan Garc=EDa Carrillo > Subject: [Ace] App-layer security for CoAP using (D)TLS record layer >=20 > Hello all:=20 >=20 > We submitted some time ago an I-D proposing the use of an active = (D)TLS Record (e.g. running DTLS over CoAP or presenting a token with = crypto material that is used to create the required keys for the DTLS = record) to provide application level security for CoAP.=20 >=20 > = https://tools.ietf.org/html/draft-garcia-core-app-layer-sec-with-dtls-reco= rd-00 >=20 >=20 > The idea is to use an active (D)TLS record to protect part of the CoAP = message following the rules established for OSCOAP: > - The content to protect of a CoAP message (code, version, options to = protect and payload if any) is fed to the (D)TLS record.=20 > - The output is the CoAP content to protect with a (D)TLS record = header prepended. > - That would be set into the payload of a modified version of the = original CoAP message (before it is protected) that only contains = options that do not need to be protected. >=20 > We think this could add to an interesting discussion to the subject of = Security for CoAP at application layer.=20 >=20 > Comments are welcome,=20 > Best Regards. > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace From nobody Mon Jan 23 00:10:28 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2958512949E for ; Mon, 23 Jan 2017 00:10:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.955 X-Spam-Level: X-Spam-Status: No, score=-6.955 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-1.156, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W228bIuONXhK for ; Mon, 23 Jan 2017 00:10:25 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5604B12949A for ; Mon, 23 Jan 2017 00:10:22 -0800 (PST) Received: from [192.168.91.170] ([195.149.223.63]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LfTC1-1cBIyP2vrF-00p4RU for ; Mon, 23 Jan 2017 09:10:16 +0100 To: "Ace@ietf.org" From: Hannes Tschofenig Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9 Message-ID: Date: Mon, 23 Jan 2017 09:10:14 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eo1Mgi3OipdFoHhAW5REm6D3u7vFteimk" X-Provags-ID: V03:K0:rPWU187k54/c/ZjFQonQPfJTQsjBZ7l3iaPeps6bAsRUMM79hxK LFXWN2UWjHnLxgXL4p3s1Rk1/BdErokY3FFPKoaPasT8HAf2YorG17zKO+7Q7+Mu6pyJSC6 fEnHE0lWh/X+PztVc8hx6qX9RnmsuGPV7n8a67NKxzCeN/ixNesj/KjukG6a62gI1K3M+T6 LEKSzRx5Bbk2LESgb95WQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:0LCKYjn4Srw=:dSRmwgJfVCW2hXGOg6OYHo 5oY7mdWgbhhCl1y58QLHpSQDuz6G15NFLyipGH/zK0tuNvs6Ua99Cw20axqLfP8WjyORnM6nS 98FsTpI2EB5OVMpGcsCkuL8FL9BO8+E3UcqMX7IJugYTHDf0qz6A+yiSBNinA3C3UY2RjeXR8 kUthEoerZuX9s7jdUvcz8Pj1l6BLSIJCuA+ZGL2Zi6afpFhvYhZbX2iEljKs9X2Yb2d75miRV 42XU0h46gVeep3J/G63RLaLVB3JxZ4vyfcS5U7UmF5Yr1rlezgSKSyKIBI18sI7w7Ol4itlUX IIwFKLhC4OhZgbxGoWIuBWHau8aBSy0/TsZZFfTTNLh6nIDl2w8ifjNpyEOLcQPDG+8kjVHPv MzdLHIJlIChGbOanLukRU40vnK/uM0NnZ/ndFr6XtctpnKA1au9UMLTfHqe0rYn6IQNdSRPH9 lG+Q3tt3E0FqOe0iTR6IBlO6IpJWcgmI06EllhejVUiZll/Q4ooTCqvheVpLMcf5FIwPq2JlH LULeTsJXkJY5NX3xXmie4DWDa1qlPdix9K97AvVRYiPshkqdnLMsQOvKJdSsKAeSL/uBnQdW5 5/lWKKUyciIYKW/MCv5VXqLHCvF+IVorhptd3/VCPWFPjafINcQnPWUBOOmWLlmO+dpvs7TjL DA6pYdbzplUAAYGxgHDd2JvmlST5BjoGT/mzMi3PXK5v2UkJ/rq0XMURd60Q2PX/zLkXDLDdR 0Tqd2FoErXuO2kTbf91O+XrJGYgAyvozY0ChM2qfsOV9M5T2II6AN/vSose/Kqr10wx1tB5AS 4dntbxTUKtyNaXLNjYpaGEc9Ieu2PJig67N7jEKnOSQDqKi1nA6492tX7JsicFzu8zwsU8ki3 LdL54uyE3hfesuqWufKcB+fePjea7mW7t242Hz5P38EdlfPYM1a9JuG97I51ytdQGGE3cK7YC 9XEmk/EDZm4WoB6s+mpA7plFaiRggNwtdbtS0VhPjE/FZ9Y1SNF1j23SENI3bGqU8dxAxpOFI Df4oJqeX0dvaPaPI0+7EJXQJHwXyTGyJW4LSCrqQiKFu Archived-At: Subject: [Ace] draft-vanderstok-core-coap-est-00 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2017 08:10:27 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eo1Mgi3OipdFoHhAW5REm6D3u7vFteimk Content-Type: multipart/mixed; boundary="Swt3jtDLQ07ep4NxdJhfLWIg1rOUNSgo0"; protected-headers="v1" From: Hannes Tschofenig To: "Ace@ietf.org" Message-ID: Subject: draft-vanderstok-core-coap-est-00 --Swt3jtDLQ07ep4NxdJhfLWIg1rOUNSgo0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Peter, Hi Sandeep, thanks for putting this document together. I read through it and have some high-level questions regarding the envisioned scope and purpose of the document. The abstract, the introduction and the references suggest that the proposed mechanism is suitable for an IEEE 802.15.4 mesh network using 6lowpan in context of ANIMA using public key-based crypto only. This sounds like a lot of constraints and I wonder whether this focus is just a result of your personal interest or whether you believe this work cannot just be a new transport for EST. EST itself makes many of the features of the protocol optional already and there are essentially only two functions that really have to be implemented, namely * Simple PKI messages (using PKCS#10) * CA certificate retrieval Do you believe that those two features are the onces that should be mandatory to implement or is there less? Is there more? How much text from other RFCs should be replicated in this document, particularly from the EST RFC? Wouldn't it be useful to refer to RFC 7925 instead of writing new text for the use of DTLS security? Do you have some early implementation experience with the suggested approach? Ciao Hannes --Swt3jtDLQ07ep4NxdJhfLWIg1rOUNSgo0-- --eo1Mgi3OipdFoHhAW5REm6D3u7vFteimk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQEcBAEBCgAGBQJYhbpmAAoJEGhJURNOOiAtdoUH/A/jJ5S67TaJh56lsvb6krF5 tyUfP8o9Zilj631IFKMpZym7esS/yKdguu054HfwotKierjdSONUx+DhT6HnTBS6 qoKAMTo+c1QFgBsRWsZLQG+cdODwS829dNh8cHE4zCKBozSTKikBVqDTO708Ny9a HEMUgLx/JzgWwnzZg+EupImT5fj4vjgmAF7hJDw1Js+N/vOhICOGG2FDsoas2ymm qse6wBBO2D8fCK8W+3WDuy+ApqqMeVxpZdVMYr+ruFOSe5zo2vWPqg+EkXLyhzO3 U/UmU3vHXFL+5tTKxOe5H2FCmeU13KM89UA8WthL2cfHM+nTxe+KMRXH4FSLW9M= =reDL -----END PGP SIGNATURE----- --eo1Mgi3OipdFoHhAW5REm6D3u7vFteimk-- From nobody Mon Jan 23 19:59:58 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A094C129536 for ; Mon, 23 Jan 2017 19:59:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zZADRdc_nrgZ for ; Mon, 23 Jan 2017 19:59:54 -0800 (PST) Received: from out0-157.mail.aliyun.com (out0-157.mail.aliyun.com [140.205.0.157]) by ietfa.amsl.com (Postfix) with ESMTP id 52B7312955D for ; Mon, 23 Jan 2017 19:59:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1485230391; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=0LR1ECY42ha7GNpvqMmRIZiQTSS37St125UaKUynjig=; b=UvNW9rlgDxfE4znYAYKY8kqLid7hYSaOgseZ/48kOasIY6V7qrV3GJWNnBK1dLjw96ls/jzXjQ4tXfXKPaSjJFKJtCX8/vvNM1ySKfXEuCLaqeOadkc4gOJYbG4nkF84VY08GN70ds3uDvjXp29R+nkef2VPcsma+6ikgCKgWD8= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R171e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e01l10425; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=4; SR=0; TI=SMTPD_---.7VfnyF1_1485230381; Received: from 30.6.247.23(mailfrom:kepeng.lkp@alibaba-inc.com ip:42.120.74.103) by smtp.aliyun-inc.com(127.0.0.1); Tue, 24 Jan 2017 11:59:46 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Tue, 24 Jan 2017 11:59:40 +0800 From: "Kepeng Li" To: "Kepeng Li" , "=?GBK?B?RWxpb3QgTGVhciAoZWxlYXIp?=" Message-ID: Thread-Topic: [Ace] ACE virtual interim meeting on 9th Feb, GMT 14:00 ~ 15:00 Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3568103986_6184644" Archived-At: Cc: Michael StJohns , "ace@ietf.org" Subject: [Ace] ACE virtual interim meeting on 9th Feb, GMT 14:00 ~ 15:00 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2017 03:59:57 -0000 > 此邮件使用 MIME 格式。由于邮件阅读程序不能识别 此格式,因此,可能无法识别该邮件的分部或部分内容。 --B_3568103986_6184644 Content-type: text/plain; charset="GB2312" Content-transfer-encoding: quoted-printable Hello all, According to the doodle poll results, we keep our conference call on 9th Feb, Thursday, GMT 14:00 ~ 15:00. I will send the WebEx info later. Kind Regards Kepeng =B7=A2=BC=FE=C8=CB: Ace on behalf of Li Kepeng =C8=D5=C6=DA: Monday, 16 January 2017 at 9:55 PM =D6=C1: "Eliot Lear (elear)" =B3=AD=CB=CD: Michael StJohns , "ace@ietf.org" =D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual interim meeting OK.=20 I added two more options in the original doodle poll: Option 5. 16th Feb, Thursday, GMT 14:00 ~ 15:00. Option 6. 16th Feb, Thursday, GMT 15:00 ~ 15:59. Please fill out the two additional doodle poll options: http://doodle.com/poll/v6nbeggazekaq2ut I will check the results at the end of this week. Thanks, Kind Regards Kepeng =B7=A2=BC=FE=C8=CB: "Eliot Lear (elear)" =C8=D5=C6=DA: Saturday, 14 January 2017 at 8:00 PM =D6=C1: Li Kepeng =B3=AD=CB=CD: Michael StJohns , "ace@ietf.org" =D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual interim meeting I think at least one of the draft authors is away until the 8th. Can we push out a week? Eliot On Jan 13, 2017, at 6:01 PM, Kepeng Li wrote: > Oh, sorry, my mistake. >=20 > I made a mistake between you and Mike Jones. >=20 > Let=A1=AFs change our call to Option 1, 9th Feb, Thursday, GMT 14:00 ~ 15:00. >=20 > I will send out the WebEx info later. >=20 > Kind Regards > Kepeng >=20 > =B7=A2=BC=FE=C8=CB: Ace on behalf of Michael StJohns > > =C8=D5=C6=DA: Saturday, 14 January 2017 at 12:28 AM > =D6=C1: > =D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual interim meeting >=20 > On 1/13/2017 4:44 AM, Kepeng Li wrote: >> Hallo all, >>=20 >> According to the doodle poll, let=A1=AFs have a call on 14th Feb, GMT 15:00 = ~ >> 15:59. >>=20 >> We have the same amount of participants about Option 1, 2, and 4. >>=20 >> Considering that Mike has strong position about this draft, so I accommo= date >> his choice to allow him to participate. > Sorry what? I'm assuming by "Mike" you mean me. I missed the original d= oodle > call and haven't actually made a choice. I can't actually make the 14th = as > I'm on a plane. >=20 > I can make either of the Thursday 9 February times though. >=20 > In any event, if the slides are ready ahead of time I'll just provide som= e > commentary on the mailing list. I note that the authors haven't engaged= with > the comments provided by Jim Schaad and it would be useful if they do so. >=20 > WRT to the document, its difficult to make any judgements or suggest any > improvements without understanding the goals of the document. As a bare > minimum, up front the document should a) define "low latency" including e= ach > element that contributes to the calculation (this has been a moving targ= et - > it was something like 250ms for DICE and appears to have moved downward i= n > ACE) and b) define the security services that are to be provided when usi= ng > the keys served up by this protocol. (e.g. it currently appears that th= e > document is proposing a key management scheme for group confidentiality, = group > integrity and group authentication). Lastly, the document needs to incl= ude > any other constraints. In the instant case, low latency may be accomplis= hed > by hardware for public key operations - but there is a constraint never > actually cited in the document - low/no cost for the build of the product > (it's referred to obliquely as processing cost for the constrained device= and > is more properly attributed to the BOM). >=20 > If there is any other application besides lighting that has a use for thi= s > protocol - now is the time to bring it forward. >=20 > Finally, a statement of security requirements for the exemplar applicatio= n > (lighting) should be provided so that the protocol can be evaluated again= st > those requirements to see if we've actually managed to come up with somet= hing > that meets the needs. >=20 > Mike >=20 >=20 >>=20 >> Authors, please prepare some slides for the discussion. >>=20 >> I will send the WebEx information later. >>=20 >> Thanks, >>=20 >> Kind Regards >> Kepeng >>=20 >> =B7=A2=BC=FE=C8=CB: Ace on behalf of Li Kepeng >> >> =C8=D5=C6=DA: Saturday, 7 January 2017 at 8:43 PM >> =D6=C1: ace >> =B3=AD=CB=CD: Kathleen Moriarty , Hannes Tscho= fenig >> >> =D6=F7=CC=E2: [Ace] Doodle for ACE virtual interim meeting >>=20 >> Hi all, >>=20 >> To speed up our progress on group communication security draft, we plan = to >> have a virtual interim meeting in the middle of Feb. >>=20 >> I proposed four options for the meeting time: >> 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. >> 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. >> 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. >> 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. >>=20 >> Please indicate your available time from the doodle poll: >> http://doodle.com/poll/v6nbeggazekaq2ut >>=20 >> We will mainly discuss this draft: >> https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ >>=20 >> Thanks, >>=20 >> Kind Regards >> Kepeng=20 >>=20 >> _______________________________________________ Ace mailing list Ace@iet= f.org >> https://www.ietf.org/mailman/listinfo/ace >> =20 >> _______________________________________________ >> Ace mailing list >> Ace@ietf.orghttps://www.ietf.org/mailman/listinfo/ace >=20 > _______________________________________________ Ace mailing list Ace@ietf= .org > https://www.ietf.org/mailman/listinfo/ace > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace --B_3568103986_6184644 Content-type: text/html; charset="GB2312" Content-transfer-encoding: quoted-printable
Hello all,

<= div>According to the doodle poll results, we keep our conference call on 9th= Feb, Thursday, GMT 14:00 ~ 15:00.

I will send the = WebEx info later.

Kind Regards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bounces@ietf.org> on behalf of Li = Kepeng <kepeng.lkp@alibaba-in= c.com>
=C8=D5=C6=DA: Monday, 16 Jan= uary 2017 at 9:55 PM
=D6=C1: "Eliot Le= ar (elear)" <elear@cisco.com>
= =B3=AD=CB=CD: Michael StJohns <mstjohns@comcast.net>, "ace@ietf.org" <ace@ietf.org= >
=D6=F7=CC=E2: Re: [Ace] Doodle fo= r ACE virtual interim meeting

OK. 

I added two more options in the ori= ginal doodle poll:
Option 5. 16th Feb, Thursday, GMT 14:00 ~ = 15:00.
Option 6. 16th Feb, Thursday, GMT 15:00 ~ 15:59.

Please fill out the two additional doodle poll options:=

I will check the results at the end of this week.

Thanks,
Kind Regards
Kepeng
<= br>
=B7=A2=BC=FE=C8=CB: "Eliot Lear (elear)" &l= t;elear@cisco.com>
=C8=D5=C6=DA: Saturday, 14 January 2017 at 8:00 PM
=D6=C1: Li Kepeng <kepeng.lkp@alibaba-inc.com>
=B3=AD=CB=CD: Michael StJohns <mstjohns@comcast.net>, "ace@ie= tf.org" <ace@ietf.org>
=D6=F7=CC=E2: Re: [Ace] Doodle for ACE virtual inte= rim meeting

I think at least one= of the draft authors is away until the 8th.  Can we push out a week?
Eliot

On Jan 13, 2017, at 6:01 PM, Kepeng Li <kepeng.lkp@alibaba-inc.com> wrote:

Oh, sorry, my mistake.

I m= ade a mistake between you and Mike Jones.

Let’= ;s change our call to Option 1, 9th Feb, Thursday, GMT 14:00 ~ 15:00.
<= div>
I will send out the WebEx info later.

Kind Regards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bou= nces@ietf.org> on behalf of Michael StJohns <mstjohns@comcast.net>
=C8=D5=C6=DA: Saturday, 14 January 2017 at 12:28 AM
=D6=C1: <ace@ietf.org&g= t;
=D6=F7=CC=E2: Re: [Ace] Doodle for ACE v= irtual interim meeting

On 1/13/2017 4:44 AM, Kepeng Li w= rote:
Hallo all,

According to the = doodle poll, let’s have a call on 14th Feb, GMT 15:00 ~ 15:59.

We have the same amount of participants about Option 1, 2,= and 4. 

Considering that Mike has strong posi= tion about this draft, so I accommodate his choice to allow him to participa= te.
Sorry what?   I'm assuming by "Mike" you mean me. I missed the or= iginal doodle call and haven't actually made a choice.  I can't actuall= y make the 14th as I'm on a plane.

I can make either of the Thursday 9 February times though.

In any event, if the slides are ready ahead of time I'll just provide some = commentary on the mailing list.   I note that the authors haven't = engaged with the comments provided by Jim Schaad and it would be useful if t= hey do so.

WRT to the document, its difficult to make any judgements or suggest any im= provements without understanding the goals of the document.  As a bare = minimum, up front the document should a) define "low latency" including each= element that contributes to the calculation  (this has been a moving target - it was something like 250ms for DICE and = appears to have moved downward in ACE) and b) define the security services t= hat are to be provided when using the keys served up by this protocol. =   (e.g. it currently appears that the document is proposing a key management scheme for group confidentiality, g= roup integrity and group authentication).   Lastly, the document n= eeds to include any other constraints.  In the instant case, low latenc= y may be accomplished by hardware for public key operations - but there is a constraint never actually cited in the doc= ument - low/no cost for the build of the product (it's referred to obliquely= as processing cost for the constrained device and is more properly attribut= ed to the BOM).

If there is any other application besides lighting that has a use for this = protocol - now is the time to bring it forward.

Finally, a statement of security requirements for the exemplar application = (lighting) should be provided so that the protocol can be evaluated against = those requirements to see if we've actually managed to come up with somethin= g that meets the needs.

Mike



Authors, please prepare some slides = for the discussion.

I will send the WebEx informati= on later.

Thanks,

Kind Reg= ards
Kepeng

=B7=A2=BC=FE=C8=CB: Ace <ace-bounces@ietf.org> on behalf of Li Kepeng <<= a moz-do-not-send=3D"true" href=3D"mailto:kepeng.lkp@alibaba-inc.com">kepeng.lkp= @alibaba-inc.com>
=C8=D5=C6=DA: Satu= rday, 7 January 2017 at 8:43 PM
=D6=C1: ace <ace@ietf.org>
=B3=AD=CB=CD: Kathleen Moriarty <= kat= hleen.moriarty.ietf@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net= >
=D6=F7=CC=E2: [Ace] Doodle for ACE= virtual interim meeting

Hi all,

To speed up our progress o= n group communication security draft, we plan to have a virtual interim meet= ing in the middle of Feb.

I proposed four options f= or the meeting time:
1. 9th Feb, Thursday, GMT 14:00 ~ 15:00.
2. 9th Feb, Thursday, GMT 15:00 ~ 15:59.
3. 14th Feb, Tuesda= y, GMT 14:00 ~ 15:00.
4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59= .

Please indicate your available time from the dood= le poll:

We will mainly discuss this = draft:

Thanks,

=
Kind Regards
Kepeng 
=

_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace 

__________________________=
_____________________
Ace mailing list
Ace@ietf.org=
https://www.ietf.org/mailman/listinfo/ace

_______________________________________________ Ace mailing list Ace@ietf.org https:= //www.ietf.org/mailman/listinfo/ace
_______________________________________________
Ace mailing list
A= ce@ietf.org
https://www.ietf.org/mailman/listinfo/ace
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/ma= ilman/listinfo/ace --B_3568103986_6184644-- From nobody Tue Jan 24 09:05:26 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6E5412959F for ; Tue, 24 Jan 2017 09:05:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wg5Ad6epVkit for ; Tue, 24 Jan 2017 09:05:24 -0800 (PST) Received: from mail-ot0-x229.google.com (mail-ot0-x229.google.com [IPv6:2607:f8b0:4003:c0f::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8391B12959C for ; Tue, 24 Jan 2017 09:05:24 -0800 (PST) Received: by mail-ot0-x229.google.com with SMTP id 73so132099579otj.0 for ; Tue, 24 Jan 2017 09:05:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=ErC99zBBRmu0O28FsYdlDRaf4XjPYxkwkCuP+KEXNVk=; b=YMuWqig09PjJCIm4vG65Yf19xpAR6lK2sWPyCEMA3uxpqEyk0WcNlcJpIscoF1lHqp D1wv6TBD1RcERnUOsSyc7kjrJpAwu/F1NiAMmkbjKNMi/oOZUUCV9hcT2fyDKKhJlzE5 DWbzC5HX6QhobMA8ykccrdCOCJ9CIvID4ItxbVov8eV6aw+O9x4yqMNiLjVHHM4fKQb3 bwc+orim1MAymQpzg9Hiz7BQ3P7o79clWIbt7tVXfnJTmGw5zz/7zatFiyRrkA35G9ON gjj7ORsMNLzDfBf54QwSfI04XGgZqLGV4u9CSWGaEdXXhBArALKO8CUDQ0taa3wUDulA DCLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ErC99zBBRmu0O28FsYdlDRaf4XjPYxkwkCuP+KEXNVk=; b=DzWIeUxFcoTA8uDpNdzAcdbbxBdQnicW2wo9QnAgtXwln+W8YLxGwNeVQqC2AJ4Es+ ra88RZT3fVURHTpOGpZqIleldoNkS8Ig+q8UZjHe7GPE9YQ6RbWR09BY16aAw0f49Hc9 d1iibkApEP70LVrwBz5CUeH1QLqQbl/gM4skIlqE6+8akxNoyGJwFE0OrL+59zckVMsA GKAajwCdD6VmAGB1iYpRVmjEdjFzTEZhE9Z/71iwVQ5Cb6Um8ablarCiyc4Jq45tRL/C 2yUEtXzmAm3WhHzP3Xjh1Ub/7+kjoxNo737GLFpw51D1N7ZKB8W/eK9y8CUPzsU0Bstc lLtA== X-Gm-Message-State: AIkVDXJjmWXn8WAVmHLwl63slfIquTPFt4MywYbZFurqAv+wwcOhZbld0z0T9Vh+TCwmtQsk7AMufg4oPS4LDw== X-Received: by 10.157.40.171 with SMTP id s40mr18840691ota.68.1485277523456; Tue, 24 Jan 2017 09:05:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.182.68.83 with HTTP; Tue, 24 Jan 2017 09:05:22 -0800 (PST) From: Cigdem Sengul Date: Tue, 24 Jan 2017 17:05:22 +0000 Message-ID: To: ace@ietf.org Content-Type: multipart/alternative; boundary=001a113cfdc82db8ab0546da1fe1 Archived-At: Subject: [Ace] New Version Notification for draft-sengul-kirby-ace-mqtt-tls-profile-00.txt X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2017 17:05:25 -0000 --001a113cfdc82db8ab0546da1fe1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi all, We have just submitted a first version of the mqtt_tls profile for the ACE framework. The work was motivated but the core document=E2=80=99s inclusion of MQTT to= the protocols envisioned to be supported by ACE in the future. The document describes methods to transport and use the PoP token for message authorisation in a publish/subscribe system. We tried to consider all aspects of an MQTT-based publish/subscribe system and proposed ways to integrate it with an ACE-based authentication and authorisation framework. Therefore, the work extends other proposals that use OAuth2 tokens in MQTT protocol (referenced in the draft). We thank Ludwig Seitz for his helpful comments getting the draft to this state. We are hoping the work is of interest, and looking forward to comments. Kind Regards, --Cigdem *Cigdem Sengul, PhD* Senior Researcher DD: +44 (0)1865 332256 E: cigdem.sengul@nominet.uk --001a113cfdc82db8ab0546da1fe1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi all,

We= have just submitted a first version of the mqtt_tls profile for the ACE fr= amework.
= The work was motivated but the core document=E2=80=99s inclusion of MQTT to= the protocols envisioned to be supported by ACE in the future.

The document describes m= ethods to transport and use the PoP token for message authorisation in a pu= blish/subscribe system.=C2=A0=C2=A0We tried to consider all aspects of an M= QTT-based publish/subscribe system and proposed ways to integrate it with a= n ACE-based authentication and authorisation framework.
Therefore, the work extends = other proposals that use OAuth2 tokens in MQTT protocol (referenced in the = draft).
<= br>
We th= ank Ludwig Seitz for his helpful comments getting the draft to this state.<= /div>

We are hoping= the work is of interest, and looking forward to comments.

Kind Regards,
--Cigdem=C2=A0

<= span lang=3D"EN-GB" style=3D"color:rgb(158,159,158)">Cigdem Sengul, PhD

Senior Researcher=C2=A0

=C2=A0

DD: +44 (0)1865 332256 =C2=A0 =C2=A0E:=C2=A0cigdem.sengul@nominet.u= k

--001a113cfdc82db8ab0546da1fe1-- From nobody Tue Jan 24 22:32:10 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81AF4129853 for ; Tue, 24 Jan 2017 22:32:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -17.721 X-Spam-Level: X-Spam-Status: No, score=-17.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id byYDi2OsaBh5 for ; Tue, 24 Jan 2017 22:32:05 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F590129850 for ; Tue, 24 Jan 2017 22:32:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3884; q=dns/txt; s=iport; t=1485325925; x=1486535525; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=lCktzWU4zxAIW0JEoEbBSiJYQDgLNjznA9F3TEz1unQ=; b=lbcgY0/QYEOUojvFaGfWgd+K0SL0vLqGfH326x00OKpqg0MZFC33FA1f 69SW3SRBOO2Fs3rwCONVh/eAHyH2Lw8EwyFouz0n4Sj+cvAY/0et39HNQ 3s+tQsMPe0NwxLFLUQijzjckRvCqrg9a5pozg7KnDPQKN+6RVhSEm01vF w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BDAQC/RYhY/5hdJa1eGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgygNAQEBAQEfgWkHg02KCJIHlS6CDYYiAhqCCT8YAQIBAQEBAQE?= =?us-ascii?q?BYiiEaQEBAQMBHQYRSgcEAgEIEQQBAQMCIwMCAgIwFAEICAIEARIIiQwIrh6CJ?= =?us-ascii?q?YpiAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYELhUCEb4dPgl8Fm04BkWeCAIhchhu?= =?us-ascii?q?SeAEfOIFIFYZ0c4ZsgQ0BAQE?= X-IronPort-AV: E=Sophos;i="5.33,282,1477958400"; d="scan'208";a="199711290" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jan 2017 06:32:04 +0000 Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v0P6W4KP006772 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 25 Jan 2017 06:32:04 GMT Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 25 Jan 2017 00:32:03 -0600 Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Wed, 25 Jan 2017 00:32:03 -0600 From: "Panos Kampanakis (pkampana)" To: Hannes Tschofenig , "Ace@ietf.org" Thread-Topic: [Ace] draft-vanderstok-core-coap-est-00 Thread-Index: AQHSdVAr8XNAtHc2lkGTmnoFlkeZl6FIuoAA Date: Wed, 25 Jan 2017 06:32:03 +0000 Message-ID: <1c1a5af5d1c8494fbdbecd19c877d4c6@XCH-ALN-010.cisco.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.82.233.188] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Ace] draft-vanderstok-core-coap-est-00 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2017 06:32:08 -0000 SGkgSGFubmVzLA0KDQpUaGFuayB5b3UuIExldCBtZSB0cnkgdG8gYWRkcmVzcyBzb21lIG9mIHlv dXIgcXVlc3Rpb25zLg0KDQo+IFRoaXMgc291bmRzIGxpa2UgYSBsb3Qgb2YgY29uc3RyYWludHMg YW5kIEkgd29uZGVyIHdoZXRoZXIgdGhpcyBmb2N1cyBpcyBqdXN0IGEgcmVzdWx0IG9mIHlvdXIg cGVyc29uYWwgaW50ZXJlc3Qgb3Igd2hldGhlciB5b3UgYmVsaWV2ZSB0aGlzIA0Kd29yayBjYW5u b3QganVzdCBiZSBhIG5ldyB0cmFuc3BvcnQgZm9yIEVTVC4NCg0KRVNUIGlzIHVzZWQgaW4gQU5J TUEncyBCUlNLSSB1c2VkIGZvciBib290c3RyYXBwaW5nIGVuZHBvaW50cy4gV2UgaGF2ZSBhIGZl dyB1c2VjYXNlcyB0aGF0IGNhbGwgZm9yIHJ1bm5pbmcgRVNUL0JSU0tJIG92ZXIgQ09BUCBhcyBh biBjb25zaXN0ZW50IGNvbW1vbiBwcm90b2NvbCBpbiBzb21lIGNvbnN0cmFpbmVkIGVudmlyb25t ZW50cy4gU28gdGhhdCBpcyBob3cgdGhpcyBkcmFmdCB3YXMgc3RhcnRlZC4NCg0KDQo+IERvIHlv dSBiZWxpZXZlIHRoYXQgdGhvc2UgdHdvIGZlYXR1cmVzIGFyZSB0aGUgb25lcyB0aGF0IHNob3Vs ZCBiZSBtYW5kYXRvcnkgdG8gaW1wbGVtZW50IG9yIGlzIHRoZXJlIGxlc3M/IElzIHRoZXJlIG1v cmU/DQoNCmNhY2VydHMsIGVucm9sbCwgcmVlbnJvbGwgYW5kIEFOSU1BIEJSU0tJJ3Mgdm91Y2hl cnJlcXVlc3QsIHZvdWNoZXJfc3RhdHVzIGFyZSBwcm9iYWJseSBnb2luZyB0byBiZSB0aGUgTVRJ Lg0KDQoNCj4gSG93IG11Y2ggdGV4dCBmcm9tIG90aGVyIFJGQ3Mgc2hvdWxkIGJlIHJlcGxpY2F0 ZWQgaW4gdGhpcyBkb2N1bWVudCwgcGFydGljdWxhcmx5IGZyb20gdGhlIEVTVCBSRkM/DQoNCkdv b2QgcG9pbnQuIFdlIHNob3VsZCBjbGVhbiB1cCByZXBldGl0aW9ucyBmcm9tIG90aGVyIGRyYWZ0 cy4NCg0KDQo+IFdvdWxkbid0IGl0IGJlIHVzZWZ1bCB0byByZWZlciB0byBSRkMgNzkyNSBpbnN0 ZWFkIG9mIHdyaXRpbmcgbmV3IHRleHQgZm9yIHRoZSB1c2Ugb2YgRFRMUyBzZWN1cml0eT8NCg0K R29vZCBwb2ludC4gVGhlcmUgd2lsbCBiZSBzb21lIG1vcmUgRVNUIHJlbGF0ZWQgRFRMUyBleHBs YW5hdGlvbnMgKGZvciBleGFtcGxlIFBPUCkgaW4gdGhlIG5leHQgaXRlcmF0aW9uLCBidXQgbGV2 ZXJhZ2luZyBSRkM3OTI1IGFuZCBjbGVhbiB1cCBvdmVybGFwcGluZyB0ZXh0IGlzIGFsc28gaW1w b3J0YW50DQoNCg0KPiBEbyB5b3UgaGF2ZSBzb21lIGVhcmx5IGltcGxlbWVudGF0aW9uIGV4cGVy aWVuY2Ugd2l0aCB0aGUgc3VnZ2VzdGVkIGFwcHJvYWNoPw0KDQpJbmRlZWQuIFRoZSBOZXh1cyBH cm91cCBhbmQgU0lDUyBoYXZlIGFuIGluaXRpYWwgaW1wbGVtZW50YXRpb24uDQoNCg0KUmdzLA0K UGFub3MNCg0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBBY2UgW21haWx0 bzphY2UtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIEhhbm5lcyBUc2Nob2ZlbmlnDQpT ZW50OiBNb25kYXksIEphbnVhcnkgMjMsIDIwMTcgMzoxMCBBTQ0KVG86IEFjZUBpZXRmLm9yZw0K U3ViamVjdDogW0FjZV0gZHJhZnQtdmFuZGVyc3Rvay1jb3JlLWNvYXAtZXN0LTAwDQoNCkhpIFBl dGVyLCBIaSBTYW5kZWVwLA0KDQp0aGFua3MgZm9yIHB1dHRpbmcgdGhpcyBkb2N1bWVudCB0b2dl dGhlci4NCg0KSSByZWFkIHRocm91Z2ggaXQgYW5kIGhhdmUgc29tZSBoaWdoLWxldmVsIHF1ZXN0 aW9ucyByZWdhcmRpbmcgdGhlIGVudmlzaW9uZWQgc2NvcGUgYW5kIHB1cnBvc2Ugb2YgdGhlIGRv Y3VtZW50Lg0KDQpUaGUgYWJzdHJhY3QsIHRoZSBpbnRyb2R1Y3Rpb24gYW5kIHRoZSByZWZlcmVu Y2VzIHN1Z2dlc3QgdGhhdCB0aGUgcHJvcG9zZWQgbWVjaGFuaXNtIGlzIHN1aXRhYmxlIGZvciBh biBJRUVFIDgwMi4xNS40IG1lc2ggbmV0d29yayB1c2luZyA2bG93cGFuIGluIGNvbnRleHQgb2Yg QU5JTUEgdXNpbmcgcHVibGljIGtleS1iYXNlZCBjcnlwdG8gb25seS4NCg0KVGhpcyBzb3VuZHMg bGlrZSBhIGxvdCBvZiBjb25zdHJhaW50cyBhbmQgSSB3b25kZXIgd2hldGhlciB0aGlzIGZvY3Vz IGlzIGp1c3QgYSByZXN1bHQgb2YgeW91ciBwZXJzb25hbCBpbnRlcmVzdCBvciB3aGV0aGVyIHlv dSBiZWxpZXZlIHRoaXMgd29yayBjYW5ub3QganVzdCBiZSBhIG5ldyB0cmFuc3BvcnQgZm9yIEVT VC4NCg0KRVNUIGl0c2VsZiBtYWtlcyBtYW55IG9mIHRoZSBmZWF0dXJlcyBvZiB0aGUgcHJvdG9j b2wgb3B0aW9uYWwgYWxyZWFkeSBhbmQgdGhlcmUgYXJlIGVzc2VudGlhbGx5IG9ubHkgdHdvIGZ1 bmN0aW9ucyB0aGF0IHJlYWxseSBoYXZlIHRvIGJlIGltcGxlbWVudGVkLCBuYW1lbHkNCg0KICog U2ltcGxlIFBLSSBtZXNzYWdlcyAodXNpbmcgUEtDUyMxMCkNCiAqIENBIGNlcnRpZmljYXRlIHJl dHJpZXZhbA0KDQpEbyB5b3UgYmVsaWV2ZSB0aGF0IHRob3NlIHR3byBmZWF0dXJlcyBhcmUgdGhl IG9uY2VzIHRoYXQgc2hvdWxkIGJlIG1hbmRhdG9yeSB0byBpbXBsZW1lbnQgb3IgaXMgdGhlcmUg bGVzcz8gSXMgdGhlcmUgbW9yZT8NCg0KDQpIb3cgbXVjaCB0ZXh0IGZyb20gb3RoZXIgUkZDcyBz aG91bGQgYmUgcmVwbGljYXRlZCBpbiB0aGlzIGRvY3VtZW50LCBwYXJ0aWN1bGFybHkgZnJvbSB0 aGUgRVNUIFJGQz8NCg0KV291bGRuJ3QgaXQgYmUgdXNlZnVsIHRvIHJlZmVyIHRvIFJGQyA3OTI1 IGluc3RlYWQgb2Ygd3JpdGluZyBuZXcgdGV4dCBmb3IgdGhlIHVzZSBvZiBEVExTIHNlY3VyaXR5 Pw0KDQpEbyB5b3UgaGF2ZSBzb21lIGVhcmx5IGltcGxlbWVudGF0aW9uIGV4cGVyaWVuY2Ugd2l0 aCB0aGUgc3VnZ2VzdGVkIGFwcHJvYWNoPw0KDQpDaWFvDQpIYW5uZXMNCg0K From nobody Tue Jan 24 23:59:33 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94327129875 for ; Tue, 24 Jan 2017 23:59:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sics.se Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-Sp6-s8kAgi for ; Tue, 24 Jan 2017 23:59:29 -0800 (PST) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51114129871 for ; Tue, 24 Jan 2017 23:59:29 -0800 (PST) Received: by mail-lf0-x231.google.com with SMTP id x1so37603014lff.0 for ; Tue, 24 Jan 2017 23:59:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sics.se; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=+iSOu8eJ/UGiS3N7YA3uC+KM5KkLejXXibv28YCS7Vc=; b=Cg3OshF0t5v0TsG85cS1V8Q/PtcWACvt0G/aBW/h7vA8yj4pBWenT8a0ZTEXP3UKQt KY/49bod5jSbyJ1DEi/Bg9mfJkO05S5FuoufecUGUmYUZH8O4cwXC1vPzkiRR9kgR2Qz vUsDYglCkpF108foBLwnJEA4hLmONPVzRANJj+EJ6ihdd20wi9edcK2yGNqXfZTjwA9p PmctSkiRQwOICQCQ1+f9sCYCbVcAv5gh71+WB7jCxSzyCREgzAXO8yohKjNXxKJVVp8I CjViZlXsajatBI5y6Wv0WTyXtoe5ljqK3I64cBTptDd0Mnqf8aIIinA5F+ABQDNKdXWs xEmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=+iSOu8eJ/UGiS3N7YA3uC+KM5KkLejXXibv28YCS7Vc=; b=I2RwRyhTxopXp9w+gRH449/YXZuzX0A2uA68phr0v78Pb6OyqBQoS45jk2C9BCjQqb 4Fd76e/EAKnjVCbRFpVLV84KSETdeyplp1xDmSGw5GnLJCGaaVrD/vjaiDO/Zml2iCPy JRkrB5W+fJRqVS8CZLxp3vsflzFIvypmE88F5G/qIyWmiGOIjHpGB+h9h6iIBH97Kly0 iWP5gBATksizBgpIU8vxyMN+gpZgkQN9XGx/X5acJuNYVHLIHW8Azz8R3qDkh1DLO9Sz 14C/jGBT+aXY6ETLM20cFv0rRDqzw/YyVq7BXIHvvzUScWywLiRF81XHNuOtfWJ7QS35 KGgA== X-Gm-Message-State: AIkVDXI7EpFXKCbKLC1sEzSN0XeiRP6f1tROXf0U0C0s2Fu1w2lYaSeweZDjY76TcY5igc0/ X-Received: by 10.46.83.19 with SMTP id h19mr15837229ljb.72.1485331167289; Tue, 24 Jan 2017 23:59:27 -0800 (PST) Received: from [192.168.0.166] ([85.235.12.155]) by smtp.gmail.com with ESMTPSA id h30sm8085958ljb.46.2017.01.24.23.59.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Jan 2017 23:59:26 -0800 (PST) To: ace@ietf.org References: From: Ludwig Seitz Message-ID: Date: Wed, 25 Jan 2017 08:59:26 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms010807070709020902070408" Archived-At: Subject: Re: [Ace] New Version Notification for draft-sengul-kirby-ace-mqtt-tls-profile-00.txt X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2017 07:59:31 -0000 This is a cryptographically signed message in MIME format. --------------ms010807070709020902070408 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2017-01-24 18:05, Cigdem Sengul wrote: > Hi all, > > We have just submitted a first version of the mqtt_tls profile for the > ACE framework. > The work was motivated but the core document=92s inclusion of MQTT to t= he > protocols envisioned to be supported by ACE in the future. > Note that the draft can be found here: https://datatracker.ietf.org/doc/draft-sengul-kirby-ace-mqtt-tls-profile/= (My explanation of the IETF draft naming scheme was less clear than I=20 had hoped for). /Ludwig --=20 Ludwig Seitz, PhD RISE ICT/SICS Ideon Science Park, Building Beta 2 Scheelev=E4gen 17, SE-223 70 Lund Phone +46(0)70-349 92 51 --------------ms010807070709020902070408 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CtQwggTqMIID0qADAgECAhAU4QcxMULaotNy8Yzm2pESMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwMzE0MDkzNDMyWhcNMTcwMzE0MDkzNDMyWjA4MRcwFQYDVQQDDA5sdWR3 aWdAc2ljcy5zZTEdMBsGCSqGSIb3DQEJARYObHVkd2lnQHNpY3Muc2UwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC9kgmm82Op78D9DXYNJrQW5bUdSxElnOC/CzAK/enHn+uF B/RLo8alI6Ukd35qsAtcje0I3e/RtbkRnkEuhKneH+aDRofy7YaWQO61CjIlcdndTx8FEmXK /swcafYX5PbyzQFGgApwtWFkVXcq3R87CDB3VbkHzTHIBmfwZ4hhDeEyuJoSuWEVWQppfTji /GpVLiDx6s+Zqm3qI5EkjvhQ+jX3tJxXqUf4w1BY6/sBLfvr7TOPGPoAmi6B2UOgyDSfX3c0 +jzlYFLNb6Eqc7uGvaQi7VN39kAJXz9f+qL/wokaNjboK3/JyTG/ikxsWymzO9E0/U9apn2Y z5SVUGSDAgMBAAGjggGxMIIBrTAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUH AwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwHQYDVR0OBBYEFN37NX1Db3Xp23cbQI1MpYPUMw84 MB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJKLUnSG1oMG8GCCsGAQUFBwEBBGMwYTAkBggr BgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkGCCsGAQUFBzAChi1odHRwOi8v YWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50MS5jcnQwOAYDVR0fBDEwLzAtoCug KYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVudDEuY3JsMBkGA1UdEQQSMBCB Dmx1ZHdpZ0BzaWNzLnNlMCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBG BgNVHSAEPzA9MDsGCysGAQQBgbU3AQIEMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3Rh cnRzc2wuY29tL3BvbGljeTANBgkqhkiG9w0BAQsFAAOCAQEAUy78MN+soYHwIz+6m9mMkzPF KfgIq7sLupWnis7K5U66U9zfKOVDReyfUvPmar7P7Tb9uNNrUlkk3lSISplqU30TMnVbtK5D I0mxdpa1hZxIAa8uWQnAh/oYJJYaMziKxpZgsUjel6/ZnD0z/QsuHo763I1boi2ghe4Knj0f qFO79ErRr9aJJBfQlFVwQ4gRoYtMz18/usC3eqGxFz8a/LCeRMWeZJagGJ/St1WW1HUBmMFd vRFweeUdCvDbzK+WjqbxhXyi7b0sH65lWIjINCBVQ0AvqOwm/aXEWcIQlAIJjr2kEC6c0VY6 V1aP16BAKooEgGGOTrmcDGeteXZRyjCCBeIwggPKoAMCAQICEGunin0K14jWUQr5WeTntOEw DQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x KzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMT IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE1MTIxNjAxMDAwNVoXDTMw MTIxNjAxMDAwNVowdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAn BgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFy dENvbSBDbGFzcyAxIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AL192vfDon2D9luC/dtbX64eG3XAtRmvmCSsu1d52DXsCR58zJQbCtB2/A5uFqNxWacpXGGt TCRk9dEDBlmixEd8QiLkUfvHpJX/xKnmVkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+Cevdf a89VLnUztRr2cgmCfyO9Otrh7LJDPG+4D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx 7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PIdopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4D IM8UlVS8pkIsoGGJtMuWjLL4tq2hYQuuN0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFg MA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0T AQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNv bS9zZnNjYS5jcmwwZgYIKwYBBQUHAQEEWjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5z dGFydHNzbC5jb20wMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRz L2NhLmNydDAdBgNVHQ4EFgQUJIFsOWG+SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvv GqRAW6UXaYcwyjRoQ9BBrvIwPwYDVR0gBDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wB i4StDwECW5zhIycjBL008HACblIf26HY0JdOruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspB OB/y5uzSns1lZwh7sG96bYBZpcGzGxpFNjDmQbcM3yl3WFIRS4WhNrsOY14V7y2IrUGsvets D+bjyOngCIVeC/GmsmtbuLOzJ606tEc9uRbhjTu/b0x2Fo+/e7UkQvKzNeo7OMhijixaULyI NBfCBJb+e29bLafgu6JqjOUJ9eXXj20p6q/CW+uVrZiSW57+q5an2P2i7hP85jQJcy5j4HzA 0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOvZ3UDsTDTagXpRDIKQLZo02wrlxY6iMFqvlzsemVf 1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOumZhLP+SWJQnjpLpSlUOj95uf1zo9oz9e0NgIJoz/ tdfrBzez76xtDsK0KfUDHt1/q59BvDI7RX6gVr0fQoCyMczNzCTcRXYHY0tq2J0oT+bsb6sH 2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO/ZskmSY8wtAk24orAc0vwXgYanqNsBX5Yv4sN4Z9 VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsNJQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1UeGp /2deoprGevfnxWB+vHNQiu85o6MxggPMMIIDyAIBATCBiTB1MQswCQYDVQQGEwJJTDEWMBQG A1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0Q29tIENsYXNzIDEgQ2xpZW50IENBAhAU4QcxMULa otNy8Yzm2pESMA0GCWCGSAFlAwQCAQUAoIICEzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0xNzAxMjUwNzU5MjZaMC8GCSqGSIb3DQEJBDEiBCCleAa3nArW GS+oxA/tE4uDzniWMzEftGPbko1GSUu52TBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQB KjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGaBgkrBgEEAYI3EAQxgYwwgYkwdTELMAkG A1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVu dCBDQQIQFOEHMTFC2qLTcvGM5tqREjCBnAYLKoZIhvcNAQkQAgsxgYyggYkwdTELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBD QQIQFOEHMTFC2qLTcvGM5tqREjANBgkqhkiG9w0BAQEFAASCAQB47X2hwwSDaQ47JCoJNmZP o0B95q8ALyndYMjduKItuZOGJXaf5zC8TXtS/ZrXcLYibivIx/416C1cJs8Y0KIIRnx7WIQe OUymzOuvh1OuFWTw7eFERERtL8Pn/fR1Nd5V5XTWsrMhQySSNz/rq3XvCamXe/afYa9b+hRN 05rPk2xp1n1lEjUQqrQsuzf0QYPJGnGV0jBsg8XwbDq7HAyKjFQV0DzAOtGF7Sv2DTTpm9mh bQXFTevptsrFNFhDNztQQ9PAwAqsdigRQFxuW1ASQ49igji1K1bLPdzu6qwzA/+8wW4oys8J kCG4ejmsBb3Cq2ch50TULOO6INxZ9pkNAAAAAAAA --------------ms010807070709020902070408-- From nobody Wed Jan 25 01:52:23 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72A6D1298A0 for ; Wed, 25 Jan 2017 01:52:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNjobs1DxdsX for ; Wed, 25 Jan 2017 01:52:21 -0800 (PST) Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0621112989E for ; Wed, 25 Jan 2017 01:52:21 -0800 (PST) Received: by mail-oi0-x235.google.com with SMTP id m124so114570942oif.1 for ; Wed, 25 Jan 2017 01:52:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KiG2JtZIkLHj3dlgJG2FwxylmvkQLro/z0GXQmrmgls=; b=uDm9GfFIkI6rtauMLn1bW0KhDwO59/2SpKCtxsbST4c6vgPevPaey1ctUEB4SGJsbd g/L9XVWOOzK15+0WYFT25Ga+XbvKmgiF3Cvmy27/ZNuaTYOiVwI8921ud0ghRAk38c+n b4rIi2NDvRx5YkhntJfI50WZVvTEuhGaK5a1Hl9vVixuj71XeMGadpdLXDvDLUu7Zotk Oq4VD0MjdVTy3K7CfJ75vlBape5H1590PM2acBAmt4ljam2KrkjIiq8W33fiWWzFYubm SV7GlavZTIS0IuSrjeJh7HhAxR7krAFg7h+PZtqMwf+SwxifBv6lrlT/STT6DbmBKVbF NlSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KiG2JtZIkLHj3dlgJG2FwxylmvkQLro/z0GXQmrmgls=; b=AKC8WmpIYXogvSNQR8Jp5OpQa3E05jDgH4bGHlxSDD8DwEiDXE5QuuamuRk3jHVguJ MfHeBDiOOgjoetwbM2h0F6gqWTRfMMbsHlItCy75z5WFImrU6ojMMK59ZdC18zeicUoS JNTtMwWL8A6ZB2un/BGaFR1f3FYUszcmmxOupPu2EoZ5bskMEhpNciQ2HVxx/zhIbmJE bnwvaWBPit87waxpPre51jcefC7d42isspjnF7345fEJnxk7gvEMXaOuCS2OqMgA4plJ OT9CvQwg81olFkRGczD2+1dhYRVMXA/jnO0XDnudCkZqh3zxcj3Ra8mIiejtXagFGuMB gXQw== X-Gm-Message-State: AIkVDXJDxSrFSxL2Kyau042v/yfRaNAmHXQo+x0sj37TRdDWOZ7BqjfvOHK/hXrkgH5hZrkYRh4867lIT99yEw== X-Received: by 10.202.170.8 with SMTP id t8mr19527958oie.174.1485337940293; Wed, 25 Jan 2017 01:52:20 -0800 (PST) MIME-Version: 1.0 Received: by 10.182.68.83 with HTTP; Wed, 25 Jan 2017 01:52:19 -0800 (PST) In-Reply-To: References: From: Cigdem Sengul Date: Wed, 25 Jan 2017 09:52:19 +0000 Message-ID: To: Ludwig Seitz Content-Type: multipart/alternative; boundary=001a113cbc0c4da0650546e8300e Archived-At: Cc: ace@ietf.org Subject: Re: [Ace] New Version Notification for draft-sengul-kirby-ace-mqtt-tls-profile-00.txt X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2017 09:52:22 -0000 --001a113cbc0c4da0650546e8300e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello Ludwig, Thanks - your instructions for clear, it was, obviously, my execution that was flawed! Corrected and now the draft is under: https://datatracker.ietf.org/doc/draft-sengul-ace-mqtt-tls-profile/ Apologies for the inconvenience. Best, --Cigdem On Wed, Jan 25, 2017 at 7:59 AM, Ludwig Seitz wrote: > On 2017-01-24 18:05, Cigdem Sengul wrote: > >> Hi all, >> >> We have just submitted a first version of the mqtt_tls profile for the >> ACE framework. >> The work was motivated but the core document=E2=80=99s inclusion of MQTT= to the >> protocols envisioned to be supported by ACE in the future. >> >> > Note that the draft can be found here: > > https://datatracker.ietf.org/doc/draft-sengul-kirby-ace-mqtt-tls-profile/ > > (My explanation of the IETF draft naming scheme was less clear than I had > hoped for). > > /Ludwig > > > > -- > Ludwig Seitz, PhD RISE ICT/SICS > Ideon Science Park, Building Beta 2 > Scheelev=C3=A4gen 17, SE-223 70 Lund > Phone +46(0)70-349 92 51 > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > --001a113cbc0c4da0650546e8300e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello Ludwig,

Thanks - your instruction= s for clear, it was, obviously, my execution that was flawed!=C2=A0

Corrected and now the draft is under:
ht= tps://datatracker.ietf.org/doc/draft-sengul-ace-mqtt-tls-profile/

Apologies for the inconvenience.

Best,
--Cigdem=C2=A0



On Wed, Jan 2= 5, 2017 at 7:59 AM, Ludwig Seitz <ludwig@sics.se> wrote:
On 2017-01-24 18:05, Cigdem Se= ngul wrote:
Hi all,

We have just submitted a first version of the mqtt_tls profile for the
ACE framework.
The work was motivated but the core document=E2=80=99s inclusion of MQTT to= the
protocols envisioned to be supported by ACE in the future.


 Note that the draft can be found here:

https://datatracker.ietf.or= g/doc/draft-sengul-kirby-ace-mqtt-tls-profile/

(My explanation of the IETF draft naming scheme was less clear than I had h= oped for).

/Ludwig



--
Ludwig Seitz, PhD=C2=A0 =C2=A0RISE ICT/SICS
Ideon Science Park, Building Beta 2
Scheelev=C3=A4gen 17, SE-223 70 Lund
Phone +46(0)70-349 92 51


_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace


--001a113cbc0c4da0650546e8300e-- From nobody Thu Jan 26 14:58:16 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 420DC129C4D for ; Thu, 26 Jan 2017 14:58:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.282 X-Spam-Level: X-Spam-Status: No, score=-1.282 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.156, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j740VnG-PVbQ for ; Thu, 26 Jan 2017 14:58:13 -0800 (PST) Received: from atl4mhob23.registeredsite.com (atl4mhob23.registeredsite.com [209.17.115.117]) by ietfa.amsl.com (Postfix) with ESMTP id 7B950129C49 for ; Thu, 26 Jan 2017 14:58:13 -0800 (PST) Received: from mailpod.hostingplatform.com ([10.30.71.204]) by atl4mhob23.registeredsite.com (8.14.4/8.14.4) with ESMTP id v0QMwBfC033302 for ; Thu, 26 Jan 2017 17:58:11 -0500 Received: (qmail 13742 invoked by uid 0); 26 Jan 2017 22:58:11 -0000 X-TCPREMOTEIP: 73.207.234.73 X-Authenticated-UID: rturner@amalfisystems.com Received: from unknown (HELO ?10.0.1.32?) (rturner@amalfisystems.com@73.207.234.73) by 0 with ESMTPA; 26 Jan 2017 22:58:11 -0000 Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Content-Type: text/html; charset=utf-8 X-Apple-Auto-Saved: 1 X-Apple-Mail-Remote-Attachments: YES From: Randy Turner X-Apple-Base-Url: x-msg://12/ In-Reply-To: X-Apple-Windows-Friendly: 1 Date: Thu, 26 Jan 2017 02:11:24 -0500 X-Apple-Mail-Signature: SKIP_SIGNATURE Content-Transfer-Encoding: quoted-printable Message-Id: <3A173362-507B-42BA-8B49-4FE3FADB2404@amalfisystems.com> References: X-Uniform-Type-Identifier: com.apple.mail-draft To: Ludwig Seitz X-Mailer: Apple Mail (2.3259) Archived-At: Cc: ace@ietf.org Subject: Re: [Ace] attribute based access control X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2017 22:58:15 -0000
Hi Ludwig,

Apologies for getting = back to you so late on your ABAC-related email reply =E2=80=94 your = approach sounds very similar to what we were thinking - originally, we = were looking at CBOR-encoded JSON that represented an equivalent XACML = authorization request.  However, we are also exploring ACE = credentials grant flows as well, interpreting one or more token fields = in our own way. 

I think an ABAC form of ACE would be a popular use-case going = forward, and I was thinking an ABAC profile of ACE could be a = =E2=80=9Cnormative=E2=80=9D thing, instead of an informational appendix = or other example text.  This would allow my client to work with = your AS, and other potential interoperable scenarios.  At the = moment, our interpretation of how to do this would be a proprietary use = of the token fields.

I looked at the ACE document collection and I=E2=80=99m not = sure I see a document wherein a normative profile of a credentials grant = for ABAC would fit.  Do you think an ABAC profile of ACE should be = spec=E2=80=99d as a standards track document ?

Thanks!
Randy


On Dec 16, 2016, at 3:47 AM, Ludwig Seitz <ludwig@sics.se> = wrote:

On 2016-12-16 07:28, Randy Turner = wrote:
HI,

I was looking at draft-ietf-ace-oauth-authz-04, specifically = the
client-to-AS section =E2=80=94 I am trying to = determine if it is possible to
use this OAUTH-based model = to implement attribute-based authorization
(ABAC). The = client-to-AS section of this draft refers the reader to
section 4 of RFC 6749, which provides a =E2=80=9Cclient-id=E2=80= =9D (good) and a
=E2=80=9Cscope=E2=80=9D to include in an = authorization request.


In addition, it looks like = the ACE draft adds to this the =E2=80=9Caud=E2=80=9D and
=E2=80=9Ccnf=E2=80=9D parameters.

I=E2=80=99m trying to map this client-to-AS request to a = traditional ABAC
authorization request which asks the = question =E2=80=9CIdentity <A> wants to
perform = action <B> on resource <C>=E2=80=9D =E2=80=A6 is this = allowed ?  (allow/deny
response)

In one of the ACE draft examples, it uses the =E2=80=9Caud=E2=80= =9D field to include
the name of a sensor = =E2=80=9CtempSensor4711=E2=80=9D  - this could be the = =E2=80=9Cresource=E2=80=9D
of the ABAC request, and the = =E2=80=9Cclient ID=E2=80=9D (RFC 6749) could be the
=E2=80=9Cidentity=E2=80=9D

I=E2=80= =99m missing the type of operation or =E2=80=9Caction=E2=80=9D that the = client is
trying to perform on a resource (=E2=80=9Cread=E2=80= =9D, =E2=80=9Cwrite=E2=80=9D, =E2=80=9Csomething else,
hopefully extensible=E2=80=9D) =E2=80=94 would this be the = =E2=80=9Cscope=E2=80=9D parameter ?

I did = see section 8.2 of the draft where it discusses a registry of
parameters which might allow additional parameters to a = client-to-AS
request, but I was looking for a way to do = ABAC without having to
register anything.

I=E2=80=99m specifically asking about obtaining an access = token to be used
later by a client accessing the actual = resource.

Has anyone tried combining = draft-ietf-ace-oauth-authz-04 with ABAC
systems ?

Yes I have. My approach is the = following:

I use the OAuth = client credentials grant flow to request an access token, and then I use = an XACML engine internally on the AS to decide on access token requests = base on the client's credentials and the "scope" and "aud" parameters of = the access token request.

When it comes to extracting an action and a = resource from an access token request, my understanding is that the = scope parameter actually gives you both in an application specific = way.

If you look at the = examples of how scope is used in https://www.brandur.org/oauth-scope you can see that e.g. = LinkedIn uses some kind of capability-like format for their scope = parameters (r_basicprofile r_emailaddress rw_groups w_messages). Thus = you could extract the action and the resource from scope with an = application specific processing module.

You could also have a look at
https://tools.ietf.org/html/draft-bormann-core-ace-aif-03which defines a = CoAP specific capability format. I was considering to use that as values = for the scope in CoAP-specific scenarios.

I would be happy to hear your take on this and = discuss the issue in more detail.

Regards,

Ludwig



-- 
Ludwig Seitz, PhD =   SICS Swedish ICT AB
Ideon Science Park, Building Beta = 2
Scheelev=C3=A4gen 17, SE-223 70 Lund
Phone +46(0)70-349 = 92 51

The RISE institutes = SP, Swedish ICT and Innventia are merging in order
to create a unified = institute sector and become a stronger innovation
partner for = businesses and society. At the end of the year we will
change our name to = RISE. Read more at www.ri.se/en/about-rise

= From nobody Tue Jan 31 07:27:26 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 118601294E6 for ; Tue, 31 Jan 2017 07:27:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alibaba-inc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvB4d7G1AglA for ; Tue, 31 Jan 2017 07:27:23 -0800 (PST) Received: from out0-149.mail.aliyun.com (out0-149.mail.aliyun.com [140.205.0.149]) by ietfa.amsl.com (Postfix) with ESMTP id 8304812959D for ; Tue, 31 Jan 2017 07:27:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1485876438; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; bh=vHMQOhBKxXmozD3MgukabNGPFdyqQh93LB437ahitFk=; b=ej4QFFxNAzfTEM0qXrNC0kYO5yZEwOYlSZS0mu1nZl1/OucYY5nBgXy4LBBFjZOAplNLj52gRryDnMfLuRCha+ZFPXLuPVRhV46CxL4lKtwc+I16RNJpeYjd8yPEz+FMqSGBsqAC8AlfX6Pf4t+BcHOB+ZXrWKDyTSRatnvT7bg= X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R161e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=e02c03303; MF=kepeng.lkp@alibaba-inc.com; NM=1; PH=DS; RN=1; SR=0; TI=SMTPD_---.7XaNGgM_1485876418; Received: from 30.39.1.26(mailfrom:kepeng.lkp@alibaba-inc.com ip:42.120.73.202) by smtp.aliyun-inc.com(127.0.0.1); Tue, 31 Jan 2017 23:27:05 +0800 User-Agent: Microsoft-MacOutlook/14.6.8.160830 Date: Tue, 31 Jan 2017 23:26:00 +0800 From: "Kepeng Li" To: "ace@ietf.org" Message-ID: Thread-Topic: ACE virtual interim meeting on 9th Feb Mime-version: 1.0 Content-type: multipart/alternative; boundary="B_3568750025_13403767" Archived-At: Subject: [Ace] ACE virtual interim meeting on 9th Feb X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2017 15:27:25 -0000 > 此邮件使用 MIME 格式。由于邮件阅读程序不能识别 此格式,因此,可能无法识别该邮件的分部或部分内容。 --B_3568750025_13403767 Content-type: text/html; charset="UTF-8" Content-transfer-encoding: quoted-printable
Hallo all,

=
Please find meeting details for the ACE virtual interim meeting o= n 9th Feb.

JOIN WEBEX MEETING
https://iet= f.webex.com/ietf/j.php?MTID=3Dma5ddd72ac9f969865db4871c641cde71
Meet= ing number (access code): 645 123 609
Host key: 986081
M= eeting password: gQDDPy2m

JOIN BY PHONE
1= -877-668-4493 Call-in toll free number (US/Canada) 
1-650-479= -3208 Call-in toll number (US/Canada)


<= div bgcolor=3D"#FFFFFF" text=3D"#000000">

Kind Regard= s
Kepeng & Hannes
--B_3568750025_13403767 Content-Type: text/calendar;method=REQUEST; charset="US-ASCII";name="meeting.ics" Content-transfer-encoding: 7bit BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Microsoft Corporation//Outlook for Mac MIMEDIR//EN METHOD:REQUEST BEGIN:VTIMEZONE TZID:Beijing, Chongqing, Hong Kong, Urumqi X-ENTOURAGE-TZID:39 X-ENTOURAGE-CFTIMEZONE:Asia/Hong_Kong BEGIN:STANDARD TZNAME:Standard TZOFFSETFROM:+0800 TZOFFSETTO:+0800 DTSTART:20140101T010000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:404E62F7-7309-4A81-9520-0DCC81E78E36 X-ENTOURAGE_UUID:404E62F7-7309-4A81-9520-0DCC81E78E36 DTSTAMP:20170131T152600Z DTSTART;TZID="Beijing, Chongqing, Hong Kong, Urumqi":20170209T220000 DTEND;TZID="Beijing, Chongqing, Hong Kong, Urumqi":20170209T230000 LAST-MODIFIED:20170131T152600Z SUMMARY:ACE virtual interim meeting on 9th Feb DESCRIPTION:Hallo all\,\n\nPlease find meeting details for the ACE virtual interim meeting on 9th Feb.\n\nJOIN WEBEX MEETING\nhttps://ietf.webex.com/ietf/j.php?MTID=ma5ddd72ac9f969865db4871c 641cde71\nMeeting number (access code): 645 123 609\nHost key: 986081\nMeeting password: gQDDPy2m\n\nJOIN BY PHONE\n1-877-668-4493 Call-in toll free number (US/Canada) \n1-650-479-3208 Call-in toll number (US/Canada)\n\nToll-free calling restrictions\nhttp://www.webex.com/pdf/tollfree_restrictions.pdf\n\nWe will mainly discuss this draft:\nhttps://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/\n\ nKind Regards\nKepeng & Hannes\n LOCATION:WebEx ORGANIZER:MAILTO:kepeng.lkp@alibaba-inc.com SEQUENCE:0 ATTENDEE;ROLE=REQ-PARTICIPANT;RSVP=TRUE;CN=ace@ietf.org;PARTSTAT=NEEDS-ACT ION:MAILTO:ace@ietf.org X-MICROSOFT-CDO-BUSYSTATUS:BUSY X-MICROSOFT-CDO-ALLDAYEVENT:FALSE X-MICROSOFT-CDO-INSTTYPE:0 BEGIN:VALARM ACTION:DISPLAY DESCRIPTION:REMINDER TRIGGER;RELATED=START:-PT00H15M00S END:VALARM END:VEVENT END:VCALENDAR --B_3568750025_13403767-- From nobody Tue Jan 31 13:10:20 2017 Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD2E1295A1 for ; Tue, 31 Jan 2017 13:10:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.099 X-Spam-Level: X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kqROoCx-xnTo for ; Tue, 31 Jan 2017 13:10:16 -0800 (PST) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 398C0129AD2 for ; Tue, 31 Jan 2017 13:10:15 -0800 (PST) Received: from hebrews (192.168.1.151) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 31 Jan 2017 13:33:05 -0800 From: Jim Schaad To: 'Kepeng Li' References: In-Reply-To: Date: Tue, 31 Jan 2017 13:09:57 -0800 Message-ID: <000801d27c06$6239f860$26ade920$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0009_01D27BC3.541BE880" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQLpalaAsyuqMRdg7pXgs8xWD+Hc8J8lN8aQ Content-Language: en-gb X-Originating-IP: [192.168.1.151] Archived-At: Cc: ace@ietf.org Subject: Re: [Ace] ACE virtual interim meeting on 9th Feb, GMT 14:00 ~ 15:00 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2017 21:10:18 -0000 ------=_NextPart_000_0009_01D27BC3.541BE880 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I had hoped to see responses to my email before now as well as an = updated draft. At this point, I have no intention of getting up in the = middle of the night to make this call given that nothing on the draft = has been happening =20 Jim =20 =20 From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Kepeng Li Sent: 23 January 2017 20:00 To: Kepeng Li ; Eliot Lear (elear) = Cc: Michael StJohns ; ace@ietf.org Subject: [Ace] ACE virtual interim meeting on 9th Feb, GMT 14:00 ~ 15:00 =20 Hello all, =20 According to the doodle poll results, we keep our conference call on 9th = Feb, Thursday, GMT 14:00 ~ 15:00. =20 I will send the WebEx info later. =20 Kind Regards Kepeng =20 =E5=8F=91=E4=BB=B6=E4=BA=BA: Ace > on behalf of Li Kepeng = > =E6=97=A5=E6=9C=9F: Monday, 16 January 2017 at 9:55 PM =E8=87=B3: "Eliot Lear (elear)" > =E6=8A=84=E9=80=81: Michael StJohns >, "ace@ietf.org " = > =E4=B8=BB=E9=A2=98: Re: [Ace] Doodle for ACE virtual interim meeting =20 OK.=20 =20 I added two more options in the original doodle poll: Option 5. 16th Feb, Thursday, GMT 14:00 ~ 15:00. Option 6. 16th Feb, Thursday, GMT 15:00 ~ 15:59. =20 Please fill out the two additional doodle poll options: http://doodle.com/poll/v6nbeggazekaq2ut =20 I will check the results at the end of this week. =20 Thanks, Kind Regards Kepeng =20 =E5=8F=91=E4=BB=B6=E4=BA=BA: "Eliot Lear (elear)" > =E6=97=A5=E6=9C=9F: Saturday, 14 January 2017 at 8:00 PM =E8=87=B3: Li Kepeng > =E6=8A=84=E9=80=81: Michael StJohns >, "ace@ietf.org " = > =E4=B8=BB=E9=A2=98: Re: [Ace] Doodle for ACE virtual interim meeting =20 I think at least one of the draft authors is away until the 8th. Can we = push out a week? Eliot On Jan 13, 2017, at 6:01 PM, Kepeng Li > wrote: Oh, sorry, my mistake. =20 I made a mistake between you and Mike Jones. =20 Let=E2=80=99s change our call to Option 1, 9th Feb, Thursday, GMT 14:00 = ~ 15:00. =20 I will send out the WebEx info later. =20 Kind Regards Kepeng =20 =E5=8F=91=E4=BB=B6=E4=BA=BA: Ace > on behalf of Michael StJohns = > =E6=97=A5=E6=9C=9F: Saturday, 14 January 2017 at 12:28 AM =E8=87=B3: > =E4=B8=BB=E9=A2=98: Re: [Ace] Doodle for ACE virtual interim meeting =20 On 1/13/2017 4:44 AM, Kepeng Li wrote: Hallo all, =20 According to the doodle poll, let=E2=80=99s have a call on 14th Feb, GMT = 15:00 ~ 15:59. =20 We have the same amount of participants about Option 1, 2, and 4.=20 =20 Considering that Mike has strong position about this draft, so I = accommodate his choice to allow him to participate. Sorry what? I'm assuming by "Mike" you mean me. I missed the original = doodle call and haven't actually made a choice. I can't actually make = the 14th as I'm on a plane. I can make either of the Thursday 9 February times though. In any event, if the slides are ready ahead of time I'll just provide = some commentary on the mailing list. I note that the authors haven't = engaged with the comments provided by Jim Schaad and it would be useful = if they do so. WRT to the document, its difficult to make any judgements or suggest any = improvements without understanding the goals of the document. As a bare = minimum, up front the document should a) define "low latency" including = each element that contributes to the calculation (this has been a = moving target - it was something like 250ms for DICE and appears to have = moved downward in ACE) and b) define the security services that are to = be provided when using the keys served up by this protocol. (e.g. it = currently appears that the document is proposing a key management scheme = for group confidentiality, group integrity and group authentication). = Lastly, the document needs to include any other constraints. In the = instant case, low latency may be accomplished by hardware for public key = operations - but there is a constraint never actually cited in the = document - low/no cost for the build of the product (it's referred to = obliquely as processing cost for the constrained device and is more = properly attributed to the BOM). If there is any other application besides lighting that has a use for = this protocol - now is the time to bring it forward.=20 Finally, a statement of security requirements for the exemplar = application (lighting) should be provided so that the protocol can be = evaluated against those requirements to see if we've actually managed to = come up with something that meets the needs. Mike =20 Authors, please prepare some slides for the discussion. =20 I will send the WebEx information later. =20 Thanks, =20 Kind Regards Kepeng =20 =E5=8F=91=E4=BB=B6=E4=BA=BA: Ace > on behalf of Li Kepeng = > =E6=97=A5=E6=9C=9F: Saturday, 7 January 2017 at 8:43 PM =E8=87=B3: ace > =E6=8A=84=E9=80=81: Kathleen Moriarty >, Hannes Tschofenig = > =E4=B8=BB=E9=A2=98: [Ace] Doodle for ACE virtual interim meeting =20 Hi all, =20 To speed up our progress on group communication security draft, we plan = to have a virtual interim meeting in the middle of Feb. =20 I proposed four options for the meeting time: 1. 9th Feb, Thursday, GMT 14:00 ~ 15:00. 2. 9th Feb, Thursday, GMT 15:00 ~ 15:59. 3. 14th Feb, Tuesday, GMT 14:00 ~ 15:00. 4. 14th Feb, Tuesday, GMT 15:00 ~ 15:59. =20 Please indicate your available time from the doodle poll: = http://doodle.com/poll/v6nbeggazekaq2ut =20 We will mainly discuss this draft: https://datatracker.ietf.org/doc/draft-somaraju-ace-multicast/ =20 Thanks, =20 Kind Regards Kepeng=20 =20 _______________________________________________ Ace mailing list = Ace@ietf.org = https://www.ietf.org/mailman/listinfo/ace=20 _______________________________________________ Ace mailing list Ace@ietf.org = https://www.ietf.org/mailman/listinfo/ace =20 _______________________________________________ Ace mailing list = Ace@ietf.org = https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org =20 https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list = Ace@ietf.org = https://www.ietf.org/mailman/listinfo/ace=20 ------=_NextPart_000_0009_01D27BC3.541BE880 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

I had hoped to see responses to my email before now as = well as an updated draft.  At this point, I have no intention of = getting up in the middle of the night to make this call given that = nothing on the draft has been happening

 

Jim

 

 

From:<= /b> Ace = [mailto:ace-bounces@ietf.org] On Behalf Of Kepeng = Li
Sent: 23 January 2017 20:00
To: Kepeng Li = <kepeng.lkp@alibaba-inc.com>; Eliot Lear (elear) = <elear@cisco.com>
Cc: Michael StJohns = <mstjohns@comcast.net>; ace@ietf.org
Subject: [Ace] ACE = virtual interim meeting on 9th Feb, GMT 14:00 ~ = 15:00

 

Hello = all,

 

=

According to the doodle poll = results, we keep our conference call on 9th Feb, Thursday, GMT 14:00 ~ = 15:00.

 

=

I = will send the WebEx info later.

 

=

Kind = Regards

Kepeng

=

 

=

=E5=8F=91=E4=BB=B6=E4=BA=BA= := A= ce <ace-bounces@ietf.org> on = behalf of Li Kepeng <kepeng.lkp@alibaba-inc.com= >
=E6=97=A5=E6=9C=9F:= M= onday, 16 January 2017 at 9:55 PM
=E8=87=B3:= &= quot;Eliot Lear (elear)" <elear@cisco.com>
=E6=8A=84=E9=80=81:= M= ichael StJohns <mstjohns@comcast.net>, = "ace@ietf.org" <ace@ietf.org>
=E4=B8=BB=E9=A2=98:= R= e: [Ace] Doodle for ACE virtual interim = meeting

 

=

OK. 

 

=

I = added two more options in the original doodle = poll:

Option 5. 16th Feb, Thursday, GMT = 14:00 ~ 15:00.

Option 6. = 16th Feb, Thursday, GMT 15:00 ~ = 15:59.

 

=

Please fill out the two = additional doodle poll = options:

 

=

I = will check the results at the end of this = week.

 

=

Thanks,

Kind = Regards

Kepeng

=

 

=

=E5=8F=91=E4=BB=B6=E4=BA=BA= := &= quot;Eliot Lear (elear)" <elear@cisco.com>
=E6=97=A5=E6=9C=9F:= S= aturday, 14 January 2017 at 8:00 PM
=E8=87=B3:= L= i Kepeng <kepeng.lkp@alibaba-inc.com= >
=E6=8A=84=E9=80=81:= M= ichael StJohns <mstjohns@comcast.net>, = "ace@ietf.org" <ace@ietf.org>
=E4=B8=BB=E9=A2=98:= R= e: [Ace] Doodle for ACE virtual interim = meeting

 

=

I think at least one of the draft = authors is away until the 8th.  Can we push out a = week?

Eliot


On Jan 13, 2017, at 6:01 PM, = Kepeng Li <kepeng.lkp@alibaba-inc.com= > wrote:

Oh, = sorry, my mistake.

 

=

I = made a mistake between you and Mike = Jones.

 

=

Let=E2=80=99s change our call to Option 1, 9th Feb, = Thursday, GMT 14:00 ~ 15:00.

 

=

I = will send out the WebEx info later.

 

=

Kind = Regards

Kepeng

=

 

=

=E5=8F=91=E4=BB=B6=E4=BA=BA= := A= ce <ace-bounces@ietf.org> on = behalf of Michael StJohns <mstjohns@comcast.net>
=E6=97=A5=E6=9C=9F:= S= aturday, 14 January 2017 at 12:28 AM
=E8=87=B3:= &= lt;ace@ietf.org>
=E4=B8=BB=E9=A2=98:= R= e: [Ace] Doodle for ACE virtual interim = meeting

 

=

On 1/13/2017 4:44 AM, Kepeng Li = wrote:

Hallo = all,

 

=

According to the doodle poll, = let=E2=80=99s have a call on 14th Feb, GMT = 15:00 ~ 15:59.

 

=

We have the same amount of = participants about Option 1, 2, and = 4. 

 

=

Considering that Mike has strong = position about this draft, so I accommodate his choice to allow him to = participate.

Sorry = what?   I'm assuming by "Mike" you mean me. I missed = the original doodle call and haven't actually made a choice.  I = can't actually make the 14th as I'm on a plane.

I can make either = of the Thursday 9 February times though.

In any event, if the = slides are ready ahead of time I'll just provide some commentary on the = mailing list.   I note that the authors haven't engaged with = the comments provided by Jim Schaad and it would be useful if they do = so.

WRT to the document, its difficult to make any judgements or = suggest any improvements without understanding the goals of the = document.  As a bare minimum, up front the document should a) = define "low latency" including each element that contributes = to the calculation  (this has been a moving target - it was = something like 250ms for DICE and appears to have moved downward in ACE) = and b) define the security services that are to be provided when using = the keys served up by this protocol.   (e.g. it currently = appears that the document is proposing a key management scheme for group = confidentiality, group integrity and group authentication).   = Lastly, the document needs to include any other constraints.  In = the instant case, low latency may be accomplished by hardware for public = key operations - but there is a constraint never actually cited in the = document - low/no cost for the build of the product (it's referred to = obliquely as processing cost for the constrained device and is more = properly attributed to the BOM).

If there is any other = application besides lighting that has a use for this protocol - now is = the time to bring it forward.

Finally, a statement of security = requirements for the exemplar application (lighting) should be provided = so that the protocol can be evaluated against those requirements to see = if we've actually managed to come up with something that meets the = needs.

Mike



 

=

Authors, please prepare some = slides for the discussion.

 

=

I = will send the WebEx information = later.

 

=

Thanks,

 

=

Kind = Regards

Kepeng

=

 

=

=E5=8F=91=E4=BB=B6=E4=BA=BA= := A= ce <ace-bounces@ietf.org> on = behalf of Li Kepeng <kepeng.lkp@alibaba-inc.com= >
=E6=97=A5=E6=9C=9F:= S= aturday, 7 January 2017 at 8:43 PM
=E8=87=B3:= a= ce <ace@ietf.org>
=E6=8A=84=E9=80=81:= K= athleen Moriarty <kathleen.moriarty.ietf@g= mail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net&g= t;
=E4=B8=BB=E9=A2=98:= [= Ace] Doodle for ACE virtual interim = meeting

 

=

Hi = all,

 

=

To speed up our progress on group = communication security draft, we plan to have a virtual interim meeting = in the middle of Feb.

 

=

I = proposed four options for the meeting = time:

1. 9th Feb, Thursday, GMT 14:00 ~ = 15:00.

2. 9th Feb, Thursday, GMT 15:00 ~ = 15:59.

3. 14th Feb, Tuesday, GMT 14:00 ~ = 15:00.

4. 14th Feb, Tuesday, GMT = 15:00 ~ 15:59.

 

=

Please indicate your available = time from the doodle poll:

 

=

We will mainly discuss this = draft:

 

=

Thanks,

 

=

Kind = Regards

Kepeng 

=

 

=

__________________________________= _____________ Ace mailing list Ace@ietf.org https://www.ietf.org/m= ailman/listinfo/ace 


_______________________________________________
Ace mailing =
list
Ace@ietf.orghttps://www.ietf.org/m=
ailman/listinfo/ace

 

=

__________________________________= _____________ Ace mailing list Ace@ietf.org https://www.ietf.org/m= ailman/listinfo/ace

__________________________________= _____________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/m= ailman/listinfo/ace

__________________________________= _____________ Ace mailing list Ace@ietf.org https://www.ietf.org/m= ailman/listinfo/ace

------=_NextPart_000_0009_01D27BC3.541BE880--