**Session Date/Time:** 12 Sep 2022 14:00 # [ACE](../wg/ace.html) ## Summary This ACE interim meeting focused on reviewing the status of several working group documents, including CMPv2 CoAP, Keygroup Com, Keygroup Com OSCORE, Extended DTLS, and CoAP EEP. Two presentations were given: Marco Tiloca provided an update on Keygroup Com and Keygroup Com OSCORE, detailing recent technical changes. Goran Selander then presented the new CoAP-AD-HOC-OSCORE profile, outlining its features and relationship to existing ACE profiles. Key discussions revolved around resolving blockers for CMPv2 CoAP, coordinating publication of Keygroup Com OSCORE with Core WG documents, and initiating a call for adoption for the new CoAP-AD-HOC-OSCORE profile. Milestones for ongoing drafts were also discussed, and a decision was made regarding future meeting arrangements. ## Key Discussion Points * **Note-taking Logistics**: Initial confusion regarding the active Etherpad/notes document was resolved. * **CMPv2 CoAP Draft Status**: * The draft is currently in AD review but has not seen updates in several months, with the current version being outdated. * An IANA registration alignment with CMPv3 and the `cmp-updates` draft is a blocking issue. * The authors had committed to an update three months prior but it has not materialized. * A participant (Henrik) offered to support the authors or contribute to editing the document. * **Keygroup Com (keygroupcom) Status**: * Submitted to the IESG, in AD review for over 200 days. * Marco Tiloca provided an update (version 16) incorporating changes discussed in Philadelphia and through a mailing list poll. * **Technical Updates**: * **Scope Semantics Signaling**: Changed to use CBOR tags for signaling scope semantics, building on CBOR-File Magic and RFC 9277. This simplifies the notation and practical signaling by using already registered CBOR tags associated with content formats. * **`toid` Parameter Relaxation**: Relaxed restrictions on the `toid` parameter to allow for non-CBOR text strings in OSCORE Group Manager Admin (gm-admin) data models, accommodating patterns of group names or wildcards, while maintaining strict CBOR text string expectation for AIF data models used by joining nodes. * Editorial updates, including renaming parameters, messages, and URI path segments for consistency. * **Keygroup Com OSCORE (keygroupcom-oscore) Status**: * First revision (for July meeting) addressed working group comments, mainly restructuring the table of contents and clarifying HKDF algorithm references. * Revised the AIF data model to be extensible, allowing for the inclusion of scope entries for administrator operations (as extended in `oscore-gm-admin`). * A second minor update ensured consistency with `keygroupcom` (e.g., naming, URI segments, CBOR tag signaling for scope). * Clarified where the access token should be placed in DTLS 1.2 and 1.3 handshakes when transported within DTLS messages. * Synchronization with Core WG documents (`oscore-groupcomm` and `core-groupcomm`) is needed, with a plan for requesting co-publication. * **Extended DTLS Profile Status**: * The document is awaiting clarification on an IPR-related procedure with co-authors. * **CoAP EEP Status**: * Submitted and awaiting review from the AD. * **Working Group Document Focus**: * Current WG focus is on Revoked Token Notification, OSCORE GM Admin, and the PubSub Profile. * **PubSub Profile Status**: * The previous version addressed architectural alignment with `keygroupcom`'s KDC and AS roles and previous authorization request issues. * Work is ongoing to further align the document with `keygroupcom` regarding interfaces for evicting group members and re-keying, which are not currently addressed. * Technical issues with cryptographic constructs (e.g., `cosekis`, `cose encrypt zero`) need resolution with a co-author (Francesca). * Considering a shift in focus to primarily CoAP, potentially making MQTT support optional, given the KDC interaction requirements. * **Discussion on PubSub Profile & Keygroup Com**: * A participant (Sigdam) raised a question about the `credits` parameter in `keygroupcom`'s join response, specifically the requirement for `peer_roles`. * In the PubSub profile, roles (Publisher/Subscriber) are distinct and implied by the operation, making `peer_roles` potentially redundant space-taking information in the response for publishers. * Marco Tiloca agreed to investigate if an exception for implied roles could be introduced or if the PubSub profile could specify how to handle this. * **New CoAP-AD-HOC-OSCORE Profile Presentation (Goran Selander)**: * **Comparison with existing profiles**: * Differs from the OSCORE profile (RFC 9203) by using asymmetric keys/authentication credentials and ADHOC for authentication and shared secret derivation, rather than symmetric keys and pre-shared secrets. * Differs from the DTLS profile (RFC 9202) by using ADHOC and OSCORE instead of DTLS handshake and TLS record layer, offering lower overhead. * **Key Properties**: Supports update of access rights, introduces "token series" concept, supports security context updates (ADHOC key update or OSCORE key update), supports authentication credentials (included in or referenced by token), specifies "Adhoc Information" data structure, and registers new parameters/claims. * **Optimizations**: Examples include embedding access token directly in ADHOC message 1 (saving a round trip, analogous to DTLS profile's PSK identity) and combining with OSCORE combined protocol for two-round-trip provisioning/authentication. * **Alternate Flow**: Discussed a flow where the AS provisions the access token directly to the RS, which then notifies the client. This could be generalized across ACE profiles. * **Future Meeting Plans**: * It is unlikely the ACE WG will meet at IETF 115 in London, with chairs planning to hold interim meetings instead. ## Decisions and Action Items * **Decision**: Chairs will initiate a call for adoption for the new `draft-selander-ace-coap-ad-hoc-oscore-profile`. * **Action Item (Daniel)**: Follow up with the authors of `cmpv2-coap` regarding the pending update and IANA registration alignment. * **Action Item (Daniel)**: Discuss with `cmpv2-coap` authors the possibility of adding Henrik as a co-author to help move the draft forward. * **Action Item (Sigdam)**: Send an email to Marco Tiloca detailing the issue with the `credits` parameter and `peer_roles` in `keygroupcom` in the context of the PubSub profile. * **Action Item (Daniel)**: Request the Core WG to provide a shepherd for the `keygroupcom-oscore` document to facilitate synchronization and shepherd review. * **Decision**: The ACE WG will prioritize interim meetings over an in-person session at IETF 115 in London. ## Next Steps * **CMPv2 CoAP**: Chairs to push for an update or find alternative paths for progress. * **Keygroup Com**: Continue to await IESG processing. * **Keygroup Com OSCORE**: Proceed with shepherd write-up after a Core WG shepherd is identified, aiming for co-publication with `oscore-groupcomm` and `core-groupcomm`. * **PubSub Profile**: Sigdam to publish a new version addressing architectural alignment and cryptographic constructs, followed by further working group discussion. A "soft target" of year-end for readiness was mentioned, but pending clarifications. * **OSCORE GM Admin**: Marco anticipates 1-2 more iterations before Working Group Last Call, aiming for early next year. * **Revoked Token Notification**: Marco expects more work is needed, potentially 3 iterations, targeting early next year. * **CoAP-AD-HOC-OSCORE Profile**: Begin the call for adoption process. * **General**: Address Michael Richardson's mailing list question on one of the ACE drafts offline.