* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ace Status Pages

Authentication and Authorization for Constrained Environments (Active WG)
Sec Area: Eric Rescorla, Kathleen Moriarty | 2014-Jun-16 —  
Chairs
 
 


IETF-99 ace minutes

Session 2017-07-17 0930-1200: Congress Hall I - Audio stream - ace chatroom

Minutes

minutes-99-ace-00 minutes



          ACE Minutes 2017-07-17
          ----------------------
          
          Scribe: John Mattsson
          
          - Open issue about PoP Key Semantics for CWTs
          
             Similar CWT representation in two drafts. Mike arguing for CWT to be
             in its own draft.
          
             Used by non-ACE. Independent draft can move on quicker.
          
          
          
             Question: Separate document or keep in in the current WG document?
          
             Decision: Crystal clear to have CWT in a separate document.
          
             Chair: Update to charter not needed, but milestone needed.
          
          
          
          - CBOR Web Token
          
            1 open issue regarding the example.
          
            Next steps: Update example -> Mike to talk to Jim & Samuel
          
          
          Authorization using OAuth 2.0
          
             Features useful for many profiles have been moved to framework.
             Time sync to be done, discussion on which mechanism to use.
          
             Discussion on how to confirm security properties of the
             framework. Security properties need to be showed for each profile.
          
             Discussion on which profiles to standardize.
          
             Recommendation made to write a roadmap document (or to use the Wiki)
             to
             explain which profiles is needed for which environment.
          
          DTLS Profile for ACE
          
             The request from IETF98 to also do TLS is still TODO
          
             Discussion on some open issues
          
             #12 No comments, author to come up with proposal
          
             #13 Discussion which curve to mandate.
          
             Discovery: AS discovery to be moved to framework Proposal to extend
             Client-to-AS
             request to ensure freshness. Support to move to framework.
          
             RPK in Client-to-AS Request: Who to authorize? Need to document in
             TLS profile or
             framework. No comments.
          
             Error handling and AS_info to be handled by framework document
          
             Issues need to be resolved; further reviews needed.
          
          OSCOAP profile of ACE
          
             Feedback welcome. Asks for adoption.
          
             No decisions.
          
          IPsec profile of ACE
          
             Comments that the solution might lead to security problems with
             ESP. Need to be checked.
          
             Chair: How does this affect interoperability of IoT?
          
             No decisions.
          
          MQTT-TLS profile of ACE
          
             Next step: More feedback
          
             No decisions.
          
          Ephemeral Diffie-Hellman Over COSE (EDHOC)
          
             Next step: Interop, test vectors
          
             No decisions.
          
          EST over secure CoAP (EST-coaps)
          
            Question: Ready for WG Draft?
          
            Strong support for the work (in some WG)
          
            Several people think ACE is the right group.
          
            Discussion if the charter needs to be changed.
          
            Discussion what ACE should prioritize at the moment.
          
            Comments that current framework and profiles should be prioritised
            first.
          
            Comments that the work is small and should be done in ACE now.
          
            Comments that ACE is not the right group and that there is no current
            right group.
          
            Chair Question: Should ACE do wrappers for EST? Unanswered.
          
            CORE Chair: If not done in ACE this work could be done in CORE. But
            it is security.
          
            Chair Question: Interested in doing this work in ACE or not.
          
            Slight majority for doing the work in ACE.
          
            AD: Not interfere with other work that is high priority.
          
          Joining of OSCOAP multicast groups in ACE
          
            Next step: Feedback
          
            Discussion on the scalability of the AS knowing the public keys.
          
            Discussion to be taken offline.
          
            No decisions.
          
          Raw-Public-Key and Pre-Shared-Key as OAuth client credentials
          
            Suggestion that ACE is the right group and that it should eventually
            be adopted.
          
            No decisions.
          
          Wrap-up
          
            The chair will set up a wiki to discuss the profiles to adopt.
          
            Interim meeting on certificate enrolment in constrained environments
            to be held.
          
          



Generated from PyHt script /wg/ace/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -