idnits 2.17.1 draft-ietf-ace-extend-dtls-authorize-00.txt: -(4): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 4 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates draft-ietf-ace-dtls-authorize, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (2 December 2021) is 875 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 7525 (Obsoleted by RFC 9325) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group O. Bergmann 3 Internet-Draft TZI 4 Updates: draft-ietf-ace-dtls-authorize (if J. Preuß Mattsson 5 approved) G. Selander 6 Intended status: Standards Track Ericsson 7 Expires: 5 June 2022 2 December 2021 9 Extension of the ACE CoAP-DTLS Profile to TLS 10 draft-ietf-ace-extend-dtls-authorize-00 12 Abstract 14 This document updates the ACE CoAP-DTLS profile by specifying that 15 the profile applies to TLS as well as DTLS. 17 Discussion Venues 19 This note is to be removed before publishing as an RFC. 21 Discussion of this document takes place on the Authentication and 22 Authorization for Constrained Environments Working Group mailing list 23 (ace@ietf.org), which is archived at 24 https://mailarchive.ietf.org/arch/browse/ace/. 26 Source for this draft and an issue tracker can be found at 27 https://github.com/ace-wg/ace-extend-dtls-authorize. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on 5 June 2022. 46 Copyright Notice 48 Copyright (c) 2021 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 53 license-info) in effect on the date of publication of this document. 54 Please review these documents carefully, as they describe your rights 55 and restrictions with respect to this document. Code Components 56 extracted from this document must include Revised BSD License text as 57 described in Section 4.e of the Trust Legal Provisions and are 58 provided without warranty as described in the Revised BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 2 64 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 65 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 4.1. Normative References . . . . . . . . . . . . . . . . . . 3 67 4.2. Informative References . . . . . . . . . . . . . . . . . 3 68 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 4 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 71 1. Introduction 73 [I-D.ietf-ace-dtls-authorize] only specifies use of DTLS 74 [I-D.ietf-tls-dtls13] but works equally well for TLS. For many 75 constrained implementations, CoAP over UDP [RFC7252] is the first 76 choice, but when deploying ACE in networks controlled by other 77 entities (such as the Internet), UDP might be blocked on the path 78 between the client and the RS, and the client might have to fall back 79 to CoAP over TCP [RFC8323] for NAT or firewall traversal. This 80 feature is supported by the OSCORE profile 81 [I-D.ietf-ace-oscore-profile] but is lacking from the DTLS profile. 83 This document updates [I-D.ietf-ace-dtls-authorize] by specifying 84 that the profile applies to TLS as well as DTLS. The same access 85 token is valid for both DTLS or TLS. The access rights do not depend 86 on the transport layer security. 88 2. IANA Considerations 90 No IANA Considerations. 92 3. Security Considerations 94 The security consideration and requirements in TLS 1.3 [RFC8446] and 95 BCP 195 [RFC7525] [RFC8996] also apply to this document. 97 4. References 99 4.1. Normative References 101 [I-D.ietf-ace-dtls-authorize] 102 Gerdes, S., Bergmann, O., Bormann, C., Selander, G., and 103 L. Seitz, "Datagram Transport Layer Security (DTLS) 104 Profile for Authentication and Authorization for 105 Constrained Environments (ACE)", Work in Progress, 106 Internet-Draft, draft-ietf-ace-dtls-authorize-18, 4 June 107 2021, . 110 [I-D.ietf-tls-dtls13] 111 Rescorla, E., Tschofenig, H., and N. Modadugu, "The 112 Datagram Transport Layer Security (DTLS) Protocol Version 113 1.3", Work in Progress, Internet-Draft, draft-ietf-tls- 114 dtls13-43, 30 April 2021, . 117 [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained 118 Application Protocol (CoAP)", RFC 7252, 119 DOI 10.17487/RFC7252, June 2014, 120 . 122 [RFC8323] Bormann, C., Lemay, S., Tschofenig, H., Hartke, K., 123 Silverajan, B., and B. Raymor, Ed., "CoAP (Constrained 124 Application Protocol) over TCP, TLS, and WebSockets", 125 RFC 8323, DOI 10.17487/RFC8323, February 2018, 126 . 128 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 129 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 130 . 132 4.2. Informative References 134 [I-D.ietf-ace-oscore-profile] 135 Palombini, F., Seitz, L., Selander, G., and M. Gunnarsson, 136 "OSCORE Profile of the Authentication and Authorization 137 for Constrained Environments Framework", Work in Progress, 138 Internet-Draft, draft-ietf-ace-oscore-profile-19, 6 May 139 2021, . 142 [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, 143 "Recommendations for Secure Use of Transport Layer 144 Security (TLS) and Datagram Transport Layer Security 145 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 146 2015, . 148 [RFC8996] Moriarty, K. and S. Farrell, "Deprecating TLS 1.0 and TLS 149 1.1", BCP 195, RFC 8996, DOI 10.17487/RFC8996, March 2021, 150 . 152 Acknowledgments 154 Authors' Addresses 156 Olaf Bergmann 157 Universität Bremen TZI 158 Bremen, D-28359 159 Germany 161 Email: bergmann@tzi.org 163 John Preuß Mattsson 164 Ericsson AB 165 SE-164 80 Stockholm 166 Sweden 168 Email: john.mattsson@ericsson.com 170 Göran Selander 171 Ericsson AB 172 SE-164 80 Stockholm 173 Sweden 175 Email: goran.selander@ericsson.com