►
From YouTube: ACE WG Interim Meeting, 2021-06-08
Description
ACE WG Interim Meeting, 2021-06-08
A
So
hi
everyone.
This
is
the
ace
interim
meeting
number
nine,
where
tuesday
june
8th
and
well.
We
have
a
short
agenda
today,
please,
if
you
I
mean,
if
you're
attending
this
meeting,
please
put
your
names,
I'm
gonna
send
the
links
to
the
link
chat,
but
please
put
your
name.
A
If
you're
willing
to
take
some
notes,
that
would
be
really
appreciate.
A
We'll
try
to
keep
that
short
okay,
so
I'd
like
to
to
go
back
to
a
review
of
all
the
documents
to
clearly
say
where
we
are
now
with
them,
and
the
idea
is
to
maybe
to
to
let
ben
know
exactly
where
we
are
so
you
can
hopefully
button
and
that
can
go
through
the
rfa
editor.
A
So
I
I
think
this
morning
we
had
isg
officially
mentioning
that
all
comments
for
oauth
auth
framework
has
been
addressed.
So
I
mean
this
document
is
ready
to
go
to
the
rfc
queue.
Is
that
correct.
A
Rfc
editor
now
I'm
wondering
what
about
the
dtls
authorize.
A
Francesca,
where
can
I
check
that.
A
B
A
A
Anyone
on
the
call,
no,
the
ace,
oauth
forums.
A
The
one
other
okay,
so
up
to
what
I
I
know
is
that
the
mqtt
mqtt
tls
profile
has
been
updated
and
still
in
ada
review.
A
Okay,
now
in
the
working
group
last
call,
so
we
have
the
draft
key
group
com.
So
this
one
is
still
in
working
group.
Let's
go
and
I
think
we're
waiting
for
garand
committed
to
to
provide
a
review
in
in
some
times.
D
Yes,
correct,
and
I
have
news
about
that
just
in
case
we
have
enough
time
in
the
meeting
I
have
also
slides,
but
long
story
short
is
that
we
are
discussing
updates
to
the
main
group
score
document
in
core
and
they
will
have
an
impact
on
key
group
com,
keygroup
score
and,
to
some
extent
even
gm
admin,
so
you're
an
and
other
reviewers
well
a
better
way
to
have
a
stable
version
of
group
score
and
then
again
a
stable
version
of
keygroup
com.
A
Okay,
so
I
mean
what
I'm
hearing
is
that
it's
not.
Should
I
remove
the
working
group
classical
tag.
D
That's
up
to
you,
it
can
even
stay
open
and
continue,
but
yeah
I'd
recommend
to
wait
for
the
next
update
before
actually
starting
a
review.
A
Okay,
so
when
the
I
mean,
in
any
case,
it
doesn't
change.
E
D
Yeah
we
just
have
to
proceed
in
lockstep
and
yeah.
I
think
there's
enough
time
before
the
cut-off
to
address.
Most
of
the
points
I
have
in
mind
will
will
need
to
be
addressed.
I
I'm
not
sure,
there's
enough
time
to
address
every
single
one
of
them,
but
I'll
try.
It.
A
Okay,
so
I
I
will
probably
remove
that
from
working
group
classical
and
we
will
restart
the
working
group.
Let's
go.
A
Okay
aif,
so,
as
far
as
I
know,
logan
just
was
writing
the
shepherd
and
he
had
one
comment.
A
E
A
E
Sure
the
the.
A
Okay,
so
I
I
will
let
logan
I
mean,
send
you
the
comments
I
mean,
I
don't
know
if
he
sent
you
the
comments.
A
These
are
the
comments
I
have
seen,
but
yeah
I
mean
just
to
let
you
know
there
is
nothing
that
prevent
the
shepherd
to
be
shipped
and
I'm
gonna
make
sure
he's
gonna.
Send
you
the
comments.
A
So
we
will
soon
be
done
with
that
one
cmpv2
over
co-app.
Do
we
have
any
of
the
author
here.
A
No
okay,
so
this
one
is
also
I
mean
I
reviewed,
and
it's
pretty
much
baked,
so
I
hopefully
we
could
send
it
as
soon
as
as
soon
as
the
comments
will
be
addressed.
Now,
I'm
just
I
see
francesca
in
the
chat.
A
A
Okay,
okay,
so
mike
we
we
had
some
questions
in
the
beginning
about
the
status
of
the
the
various
drafts.
So
the
questions
were
about
the
framework
is,
I
mean,
do
do
we
have
any
more
comments
to
be
addressed
regarding
that
document.
F
So,
from
my
point
of
view,
everything
is
addressed
and
it
there
yeah
I've
answered
olaf
and
steffi.
Thank
you.
Sorry.
The
delay
about
the
dtls
profile
and
all
the
others
were
already
and
the
oscar
profile
is
ready.
As
an
author
I
can
say,
and
the
other
saudis
framework
and
the
params
were
as
well
ready
as
I
posted
to
the
main
list.
A
while
ago,
from
my
like
80
perspective
rather
than
author.
G
F
It's
still
waiting
on
ben
and
I
think
ben
is
aware,
but
I
think
he
it's
up
to
you,
chairs,
to
to
check
with
ben.
A
Yeah,
that's
what
I
want
to
so.
Basically,
we
have
gtls
authorized
oso.
I
mean
the
framework,
the
osco
profile
and
the
os
params
they're
ready
to
go
to
the
rfc
editors.
A
A
A
F
A
Okay,
so
ongoing
work.
Maybe
we
can
have
us
pop
pups
profile,
I'm
wondering
sigm.
Do
you
want
to
make
a
short
update
on
it?
Do
you
have
a
presentation.
A
C
C
The
proposed
changes
from
the
previous
ietf
meeting
and
rewrote
the
draft
for
the
new
architecture
also
represented
presented
a
solution.
How
to
handle
multiple
topics
for
mqtt
case
specifically
so
made
all
the
changes
that
were
planned
probably
need
to
push
another
version
out,
but
I'm
waiting
on
francesca's
comments
on
it
before
and
I
know
she's
busy
so.
A
Okay,
so
yeah,
I
don't
think
there
is
a.
We
are
not
I
mean
nothing
is
urgent.
We
can
wait
for
the
next
version
for
the
the
next
itf
or
even
after
but
yeah
I
mean
it's
still
progressing.
So
that's
good.
A
No,
so
I
suggest
we
move
to
co-op
ipam.
G
G
We
are
just
letting
you
know
that
we
took
all
the
advice
he
gathered
from
the
last
ietf
meeting
and
the
interim
meetings,
and
we
we
have
provided
the
zero
one
version
and
we
have
changed
the
the
uris
and
how
the
the
resource
is
managed
to
conform
to
the
aws
philosophy.
As
commented
by
kersten.
G
We
also
included
the
characteristics
when
a
message
is
lost
that
we
saw
in
the
previous
messages
the
other.
The
next
slides
are
just
the
the
same
as
the
previous
version,
with
the
updates.
So
here
we
comment
that
we
are
just
using
the
uris
with
a
an
x
value
that
is
representing
the
current
step
in
the
authentication
process,
as
opposed
to
the
one
where
we.
A
G
G
I
would
just
like
to
commend
that
for
the
next
version.
We
were
thinking
that,
maybe
it's
not
it's
not
clear
that
we
are.
We
can
manage
also
the
the
the
resource,
maybe
to
delete
it
from
the
controller,
sending
a
delete
command,
and
there
is
also
the
characteristic
when
maybe
the
the
arafat
re-authentication
process
has
to
be
done,
because
the
the
lifetime
of
the
of
the
state
is
going
to
expire
and
there
there
are
a
couple
of
characteristics
that
may
need
to
be
clarified.
G
But
I
think
we
can
do
that
in
this
version
and-
and
I
think
we
are
covering
almost
ever
already
everything
that
is
to
that
we
have
in
store
for
for
for
for
this
drafts
up
to
now,
at
least
with
all
the
reviews
with
that
and
comments
in
the
internet's
meeting.
A
Okay,
so
you
you
mentioned,
I
mean,
are
you
over
or
do
we
have
to
go
through
your
other
slide.
G
G
Don't
I
I
don't
think
it's
it's
worth
it
to
to
go
over
every
slide.
A
Okay
right,
so
I
I
understand
that
you
you're
not
expecting
to
make
a
next
version
now
the
version.
G
Is
we
we
may,
if,
if
the
group
considers
that
what
I
commented,
that
this
clarification
on
how
to
manage
the
state
specifying
putting
a
little
text
regarding
that
the
controller
can
delete
the
current
state
and
we
can
also
perform
our
authentication
and
that
we
need
to
deal
with
a
little
characteristic
when
the
the
controller
maybe
is
trying
to
re-authenticate
and
the
client.
G
The
client,
maybe
is
sending
a
trigger
message
and
this
message
may
be
collide
at
the
same
time,
but
I
think
that's
that
should
be
very
simple
for
a
next
version
that
this
is
not
going
to
impact
too
much
on
the
on
what
we
already
have
in
common.
A
A
Okay,
so
that's
that
was
my
main
concern.
I'm
wondering
is:
has
anyone
any
comment
regarding
this
proposal?
Anyone
thinks
it's
not
ready
for
working
group
last
goal,
or
can
we
start
this
working
group
last
call.
H
Yeah,
maybe
I
can
kiss
the
answers.
Maybe
I
can
do
this
in
voice
here
as
well.
It's
maybe
just
a
side
note,
but
the
the
slide
showed
a
an
exchange
that
said
201
at
three
two
one
created
with
a
location
path
and
a
payload.
I'm
not
saying
we
can't
do
this,
but
I've
kind
of
gotten
mixed
messages
as
to
whether
this
can
be
done.
That
way,
whether
those
can
be
used
in
combination.
H
Can
they-
and
I
know
this
is
more
of
a
question
to
core,
but
maybe
carson.
I
think
you
were
involved
in
getting
this
to
that
state.
Maybe
you
can
answer
that.
G
I
didn't
got
the
impression
that
it
is
not
possible,
but
even
with
the
last
conversation
with
with
carsten.
G
H
I
was
not
aware
of
that.
It
doesn't
just
come
into
the
chat
with
a
reference
where
it
says
it's:
okay,
as
long
which,
as
I
I'd
read
as
this
is
okay
as
long
as
this
is
a
representation
of
that
created
location
which
is
which
it
perfectly
may
be.
E
E
That
the
term
action
result
is
a
bit
weird,
but
it
really
means
something
that
is
not
a
representation
of
the
resource
that
was
created.
So
let
me
just
copy
that
part
over
as
well.
A
Okay,
so
my
plan
is
to
send
a
working
group
last
call
this
week.
I
think
the
the
core
and
mu
working
group
should
be
ceased.
G
A
Okay,
so
currently
I
think
we
will
restrict
to
those
two
working
groups
yeah.
So
I'm
encouraging
people
to
review
that
document
within
this
working
group.
And
oh,
can
you
hear
me?
A
E
A
Okay,
so
yeah,
so
I'm
going
to
start
the
working
group
last
call.
If
you
have
some
friends
in
those
working
group,
please
let
them
know
that
a
review
would
be
appreciated
and
hopefully
for
the
next
itf.
This
one
will
be
sent
to
ben
ben
is
going
to
be
happy.
A
D
Just
if
you
are
interested
in
already
having
a
preview
of
what
I
expect
to
to
do
as
changes
in
this
document
because
of
group
score
yeah,
please
go
ahead,
yeah,
so
yeah
next
slide.
Then
please.
D
Yeah
actually,
following
the
previous
interim,
there
has
been
a
submission
of
of
version
12,
as
planned,
mostly
to
to
confirm
to
have
that
new
appendix
in
the
document
and
was
removed
from
keygroup
common
score,
where
it
was
initially
included
instead
and
then,
as
I
was
mentioning
yeah,
the
quarters
of
grupo
square
are
discussing
a
number
of
changes
that
appeared
as
important
to
do
in
in
the
last
10
15
days
or
so,
and
then,
of
course,
that
has
an
impact
on
the
key
provisioning
happening
in
this
drafts.
D
Here
I
just
named
kg
and
kgo
from
now
on,
just
not
repeat
the
long
strings.
D
By
the
way,
I
think
on
those
on
the
changes
to
the
ripple
score,
we
are,
we
are
converging
and
discussing
really
the
details
now
and
I
I
hope
we
can
definitely
fix
group
score
before
the
cut
off
and
and
most
of
the
required
updates
in
these
documents,
too,
not
sure
if
I
can
cover
really
every
single
thing,
but
we'll
see
next,
please
and
yeah.
If
I'm
not
missing
anything,
it
should
be
about
overall
four
things
to
be
covered
in
the
ace
documents.
D
We
are
converging
to
have
a
specific
public
key
format
in
the
oscar
groups
that
you
can
start
thinking
of
something
well
more
in
general
of
of
security
groups.
D
It
doesn't
have
to
be
specifically
one
format
forever
to
be
mandated,
but
there
has
to
be
a
format
to
be
indicated
and
and
different
than
the
just
plain,
cozy
key
format
we
are
using
today.
D
This
is
also
related
to
discussions
that
started
actually
in
in
edoc
a
few
weeks
ago
and
just
inspired
this
kind
of
of
things
in
group
score.
But
the
kind
of
format
of
interest
here
for
public
keys
would
be
something
like
a
cwt,
a
list
of
cwc
claims,
which
seems
to
be
the
most
preferred
one
actually
or
certificates,
and
so
on
and
the
way
to
identify
them,
meaning
identify
the
exact
format
to
use
in
a
particular
security
group
would
be
a
code
point
already
registered
or
to
be
registered
among
the
cozier
parameters.
D
So,
on
the
good
side,
this
doesn't
require
too
many
changes
structurally,
it's
still
about
using
the
same
parameter.
D
So
this
is
this
is
one
thing
next
slide,
please
yeah,
the
other
one
starts
being
a
bit
more
specific
of
of
group
score,
but
it
actually
affects
the
overall
well
expressiveness
of
the
api
at
the
kdc.
D
That
is
better
to
start
updating
already
in
keygroup
com
and
can
be
of
interest
of
other
kinds
of
security
groups
than
than
exactly
all
score
groups
and
basically,
as
a
reminder,
group
of
score
is
two
mode
of
operations,
and,
and
one
of
them
is
the
pairwise
mode
where
no
signatures
are
used
and
so
far
we
have
considered
well
the
main
mode
to
be
the
group
mode,
always
supported
and
the
pairwise
mode
as
a
plus.
D
We
need
to
fully
decouple
the
set
of
information
describing
how
the
group
works
with
respect
to
the
group
mode
or
the
way
it
works
with
respect
to
the
pairwise
mode.
So
now,
parameters
and
values
they
can
take.
I
really
structure,
thinking
of
for
sure
the
group
mode
is
used,
maybe
the
pairwise
mode
too.
So
we
need
to
make
them
really
independent
here
and
to
some
extent.
This
will,
of
course,
affect
also
the
creation
and
configuration
of
the
group
in
the
specific
gm
admin
document.
D
Yeah
next
slide,
please,
and
due
to
the
same
reason
as
in
the
previous
slide
that
there's
another
thing.
That
is
a
bit
tricky
too.
If
you
consider
a
security
group
where
no
signatures
are
used
at
all,
like
the
pairwise
mod
for
grupo
score.
Specifically,
we
still
want
to
have
a
proof
of
possession
of
the
private
key
of
the
joining
node
when
the
node
joins
the
group
or,
if,
as
a
member
later
on
it,
uploads
a
new
public
key
at
the
kdc
and
right
now,
the
proof
of
possession.
D
We
have,
of
course,
builds
on
on
the
signature
computed
over
over
a
deterministic
challenge,
but
in
this
particular
case
we
cannot
even
assume
nodes
to
have
a
support
for
signatures
at
all.
So
we
need
an
alternative
which
boils
down
to
a
proof
of
possession
built
on
the
field.
Man.
D
We
have
a
sketch
already
on
how
this
can
happen
and,
basically,
during
the
token
post
response,
where
the
node
already
gets
additional
information
from
the
kdc
requested
describing
how
the
group
works.
A
possible
additional
thing
to
request
and
obtain
would
be
a
diffie
element
public
key
of
the
kdc.
D
So,
at
the
end
of
the
day,
we
use
the
same
principle
the
same
parameter
in
the
joining
request,
where
to
include
well
a
computed
by
string
used
as
proof
of
possession,
but
in
this
case
it
is
going
to
be
a
mac
computed
with
a
key
derived
from
the
field.
Man
secret-
and
this
is
very
much
for
key
group-
count
to
be
the
inherited
impossible
profiles
that
actually
end
up
using
this
kind
of
groups
in
this
kind
of
mode,
like
an
oscar
group
in
pairwise
mode
and
finally,
next
slide.
D
We
should
be
the
easiest
thing
and
actually
so
specific
to
group
of
scorer.
This
should
be
really
about
key
group
com
or
score
actually
in
group
score.
D
Among
the
other
things,
we
are
discussing
a
change
in
the
actual
signature
construction
for
the
messages
that
are
assigned
this
time
in
group
mode,
this
as
a
number
a
number
of
benefits,
and
we
are
still
discussing
the
details
of
the
exact
construction
to
go
for,
but
it
seems
we
are
going
for
having
an
additional
inner
mac
that
is
covered
by
the
set
of
signing
input,
but
it
is
not
sent
on
the
wire
and
to
compute
this
mac.
D
You
rely
on
an
additional
group,
marquee
derived
from
the
the
group
input
material,
so
all
good,
but
we
still
want
to
keep
a
nice
feature.
We
we
have
had
in
group
score
so
far
of
semi-trusted
intermediaries.
That
cannot
decrypt
messages,
but
can
verify
on-the-fly
a
signature,
and
if
we
go
for
this
kind
of
construction
that
again
has
benefits
of
its
own
anyway.
D
Those
intermediaries
would
need
to
have
also
that
group,
marquee
and
the
way
to
obtain
that
would
be
getting
that
from
from
the
group
manager
like
they
are
already
getting
the
public
key
of
the
group
members.
They
want
to
verify
the
the
signature,
so
this
would
require
and
again
specifically,
for
the
group
manager
of
grupo
score
this
time,
one
more
sub-resource
for
the
group
intended
only
for
for
this
external
verifiers
so
that
they
can
get
the
current
group
key
to
to
correctly
perform
the
the
signature.
D
Verification
on
the
fly
next
slide.
Please
yeah!
So
it's
all
about,
fortunately
proceeding
a
bit
in
in
in
lockstep,
so
really
stabilizing
ripple
score
first,
and
when
that
is
done,
I
can
switch
to
the
ea's
drafts.
Certainly
I
can
prioritize
keygroup
coleman
trying
to
do
in
parallel
as
much
as
I
can
keeger
common
score.
Most
can
be
done
at
least
before
the
cut
off
for
sure,
and
that
will
be
about
updating
the
group
manager
implementation,
the
the
specific
one
for
group
score.
Of
course.
D
A
Well,
thanks:
I
don't
see
those
as
a
huge
changes,
so.
D
A
But
that's
I
mean
you
know
where
the
public
key
is
so
yeah
yeah.
A
Okay,
so
anyone
that
has
questions
anyone
wants
to
raise
a
comment
who
is
contributing
to
that
document?
Review
in
oscore
in
core.
D
A
So
basically
I
mean
you're
driving
this
work,
so
we're
waiting
for
you.
A
So
no
I
mean
no
need
to
to
to
press
the
things
I
mean.
I
I
have
the
impression
it's
better
everything
you
get
stabilized
in
core
and
and
then
it's
just
a
consequences
are
reported
to
ace
and.
D
Yeah,
it
might
just
be
not
every
single
thing
here
is
covered
before
the
cutoff.
A
Yeah
yeah,
so
I
mean
I
don't
mind.
Having
I
mean,
that's
me
personally,
do
whatever
is
is
better
for
you
to
make
that
that
work,
progress,
and
I
mean
it's
not
a
big
deal
if
we
don't
have
any
update
in
aces
before
the
cutoff.
A
Okay,
good,
so
I
think
for
this
time
we
will
finish
on
time
even
in
advance.
F
Before
we
finish,
I
went
back
and
checked
on
the
the
framework
document
and
I
actually
have
to
correct
myself.
So
we
discussed
this
during
last
interim
as
well
that
I
had
just
removed
my
discuss
and
posted.
So
I
added
this
to
the
to
the
minutes
or
yeah.
F
Already
all
the
pointers,
but
I
had
written
a
email
to
the
mailing
list
and
to
the
authors
and
if
you
remember
the
discussion
last
month
about
combining
profiles-
and
there
were
a
couple
more
like
non-blocking
comments.
So
we
have
already
talked
about
those
but
ludwig
was
in
here
and
I
think
the
the
the
result
was
we're
waiting
on
ludwig
and
the
authors
to
to
reply.
And
I
just
checked
again-
and
there
was
no
reply
yet
so.
B
A
Yeah
yeah,
no,
no,
but
so
I
probably
need
to
ping
ludwig.
I
I
had
in
mind
he
had
responded.
So
thank
you
for
checking.
A
Yeah,
I
will
ping
him
and
let
him
know
okay,
good.
So
any
other
comments.
I
I
see
the
queue
I'm
just
wondering
if
we
have
to
meet
during
the
next
itf
meeting,
we'll
probably
have
some
things
to
say
on
the
the
group
gum
as
well
as
mqtt,
I
mean
the
pub
sub,
probably
yeah.
If
you
think
a
meeting
is
in
is
not
necessary.
Please
let
me
know
so
we
can
give
a
free
spot
for
other
other
meetings
or,
but
currently
we
we
are
planning
to
have
a
meeting
there.
G
A
C
I
was
just
mentioning
since
pops
up
was
mentioned
as
a
as
a
potential
topic
for
the
next
ietf.
It's
really
up
to
you.
I
can
shift
it
to
a
next
interim
anyway.
I
would
like
to
get
comments
from
francesco
first
before
pushing
the
next
version
and
for
the
mqtt
tls
profile.
It's
in
the
ad
review,
and
I
don't
have.
A
A
Yeah
yeah
yeah.
No,
that's
that's
for
sure.
I
think
it's
better
to
keep
next
itf
as
a
deadline,
because
that's
I
see
a
lot
of
updates
just
before
the
interim
meetings
and
any
meetings.
So
I
think
that
that's
the
way
we
work.
I
am.
F
And
also
we
we
get
to
see
ben
yes,
he's
gonna
participate
in
the
meeting,
so
we
can
ask
him
questions
as
well.
A
Yeah
sure
so
yeah,
I'm
not
even
though
I
I'm
just
gonna
check
that
I
just
know
that
we
don't
we
maybe
not
don't
need
a
two-hour
slot,
so
I
will
check
that,
but
I
think
it's
good
that
we
regularly
meet.
That's
that's
the
way
we
work.
I
think
that's
the
way
we
should
work
with
almost
ever
meeting
every
working
group,
especially
when
we're
remote.
So
I
don't
have
the
intention
to
change
that.
A
Okay
right.
So
if
we
have
nothing
more
to
say,
I
wish
you
a
good
day
wherever
you
are-
and
I
think
everyone
is
in
europe.