Ace Status PagesAuthentication and Authorization for Constrained Environments (Active WG)
Sec Area: Eric Rescorla, Kathleen Moriarty | 2014-Jun-16 —Chairs:
IETF-99 ace minutes
Session 2017-07-17 0930-1200: Congress Hall I - Audio stream - ace chatroom
ACE Minutes 2017-07-17 ---------------------- Scribe: John Mattsson - Open issue about PoP Key Semantics for CWTs Similar CWT representation in two drafts. Mike arguing for CWT to be in its own draft. Used by non-ACE. Independent draft can move on quicker. Question: Separate document or keep in in the current WG document? Decision: Crystal clear to have CWT in a separate document. Chair: Update to charter not needed, but milestone needed. - CBOR Web Token 1 open issue regarding the example. Next steps: Update example -> Mike to talk to Jim & Samuel Authorization using OAuth 2.0 Features useful for many profiles have been moved to framework. Time sync to be done, discussion on which mechanism to use. Discussion on how to confirm security properties of the framework. Security properties need to be showed for each profile. Discussion on which profiles to standardize. Recommendation made to write a roadmap document (or to use the Wiki) to explain which profiles is needed for which environment. DTLS Profile for ACE The request from IETF98 to also do TLS is still TODO Discussion on some open issues #12 No comments, author to come up with proposal #13 Discussion which curve to mandate. Discovery: AS discovery to be moved to framework Proposal to extend Client-to-AS request to ensure freshness. Support to move to framework. RPK in Client-to-AS Request: Who to authorize? Need to document in TLS profile or framework. No comments. Error handling and AS_info to be handled by framework document Issues need to be resolved; further reviews needed. OSCOAP profile of ACE Feedback welcome. Asks for adoption. No decisions. IPsec profile of ACE Comments that the solution might lead to security problems with ESP. Need to be checked. Chair: How does this affect interoperability of IoT? No decisions. MQTT-TLS profile of ACE Next step: More feedback No decisions. Ephemeral Diffie-Hellman Over COSE (EDHOC) Next step: Interop, test vectors No decisions. EST over secure CoAP (EST-coaps) Question: Ready for WG Draft? Strong support for the work (in some WG) Several people think ACE is the right group. Discussion if the charter needs to be changed. Discussion what ACE should prioritize at the moment. Comments that current framework and profiles should be prioritised first. Comments that the work is small and should be done in ACE now. Comments that ACE is not the right group and that there is no current right group. Chair Question: Should ACE do wrappers for EST? Unanswered. CORE Chair: If not done in ACE this work could be done in CORE. But it is security. Chair Question: Interested in doing this work in ACE or not. Slight majority for doing the work in ACE. AD: Not interfere with other work that is high priority. Joining of OSCOAP multicast groups in ACE Next step: Feedback Discussion on the scalability of the AS knowing the public keys. Discussion to be taken offline. No decisions. Raw-Public-Key and Pre-Shared-Key as OAuth client credentials Suggestion that ACE is the right group and that it should eventually be adopted. No decisions. Wrap-up The chair will set up a wiki to discuss the profiles to adopt. Interim meeting on certificate enrolment in constrained environments to be held.