Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07
Mohit Sahni <msahni@paloaltonetworks.com> Fri, 03 March 2023 21:36 UTC
Return-Path: <msahni@paloaltonetworks.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06655C1522BE for <ace@ietfa.amsl.com>; Fri, 3 Mar 2023 13:36:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.093
X-Spam-Level:
X-Spam-Status: No, score=-7.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b="onh8k0vk"; dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b="UezZBdP1"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udIRz1Ylpxwo for <ace@ietfa.amsl.com>; Fri, 3 Mar 2023 13:36:25 -0800 (PST)
Received: from mx0b-00169c01.pphosted.com (mx0b-00169c01.pphosted.com [67.231.156.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0B1CC1522B9 for <ace@ietf.org>; Fri, 3 Mar 2023 13:36:24 -0800 (PST)
Received: from pps.filterd (m0048188.ppops.net [127.0.0.1]) by mx0b-00169c01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 323Hoio9002805 for <ace@ietf.org>; Fri, 3 Mar 2023 13:36:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=Je0l17REPvlfdd4xRbgYpdbQPW7L6X5zwX1ifx44QHg=; b=onh8k0vknsaIwqWSYCpII9KK1mki5/wL2gCLxqgJHY83t+DUkgveLpzy8nMH3mMDkkkC goah8ovMGA0K3Xa+Rh85Xigjxb7cEZubqZjL6okYMiU9M3lqL6wElgg/gqbrImIlCfUK F5YEPL4DgnkMsG9fZGYT+FuG4VIa/HQRuebXS/nIjJdo4sjeVjekxp2mo9uzE4fFftT5 szssqOcJ5fjjFNJUiaON4p7pxmImVV8KBtBduuB6FA1y7KMY8EB+WK5PcIT30fguXobd y7BtNwmlUK9zRENSdCUay6mQnrBX51BIsEdl18eLFJwYjeEIZHrtFY3a4PA41Ns+xhOh /g==
Received: from mail-yw1-f198.google.com (mail-yw1-f198.google.com [209.85.128.198]) by mx0b-00169c01.pphosted.com (PPS) with ESMTPS id 3p22vcc5ft-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <ace@ietf.org>; Fri, 03 Mar 2023 13:36:23 -0800
Received: by mail-yw1-f198.google.com with SMTP id 00721157ae682-536bf635080so37684757b3.23 for <ace@ietf.org>; Fri, 03 Mar 2023 13:36:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; s=google.paloaltonetworks.com; t=1677879382; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Je0l17REPvlfdd4xRbgYpdbQPW7L6X5zwX1ifx44QHg=; b=UezZBdP1iWU5yu46a8uxJq6eCynytqKdfo1cn7s80k5U3zXCbAmdbglDD29C2bgfRm GyWgbCjslP2iOI9RnrjhWMjYLZp527B6cZeI1T9SDOn79TAez6XPul+92hHD7LPNMnM4 BnF8EuFNl81MK00N/Kgb4b39iGMRaLx/DdnAuhb3zQ8/wOiKzwlaRCjEvmXp8UgfJxov KtedCDU2SSVt3vzGM9wwig0wyVYteG7PrfBdN0b8dSheRCIvmmd8dnfkKTKt3DAV9JP9 X0B2WTcCd+eXMPIK363wb248isSjRKq3HA6zbFEEVuTaYRXbyDc4pSCzjWyfcFsoiGtG qrCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677879382; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Je0l17REPvlfdd4xRbgYpdbQPW7L6X5zwX1ifx44QHg=; b=hzi1Qito/wf3/ZEEKoFwZ4jfgSyCpCeBx6+PRtFn7DpUC7oF2dCzSAUfKYZ04L/Yry /IZbRbVIruPvrdSz1H3uz0piSwrR7sx2fl/5fRVkkNxK8Cm279fp83mTXZTkCIMB/jFB Bt8kHHeufpXov1e2iMp2Qhh6klSqxKCbYtWnvVHAxewMWozl1m09zXJ4/6qtvTTdMxos YaI0FYFCjdVnZcOcC9cI7PeHE4vLT0ZHWcl/7KyB90yg/fXGojySSHTAhOD15Ol44X0S jogYVXS/OMPE7umOBHRRDifD2JTRRxlMkxQ2zyNd1d7HIDp2lEr7EM3JxZgL36DX9+mG bNgA==
X-Gm-Message-State: AO0yUKUlhSkzNWvZkSPoAUXSAQQSqh6F4EanPARmJJFtuES75sJLXyfV Jr+DjuGkKCzY6O+ETkHYw1pBb9NRkwbTVzXYSbp3H+HP8H29OMjgctrvGONfQu2M6tAi7DeSsuM Nl8be1KZ5H2pR2jy4CzNPDFEshvtgEQ==
X-Received: by 2002:a5b:1cb:0:b0:aa2:475c:2982 with SMTP id f11-20020a5b01cb000000b00aa2475c2982mr1561294ybp.1.1677879382361; Fri, 03 Mar 2023 13:36:22 -0800 (PST)
X-Google-Smtp-Source: AK7set9JnRhD+GwmeOx+rH39QzNoxrDuqHXaPCdg1Y0FNBcuCNctTZnzhVt5GQtLWk0+QdD6XITUcpnpo3G/b7DPlLU=
X-Received: by 2002:a5b:1cb:0:b0:aa2:475c:2982 with SMTP id f11-20020a5b01cb000000b00aa2475c2982mr1561286ybp.1.1677879381979; Fri, 03 Mar 2023 13:36:21 -0800 (PST)
MIME-Version: 1.0
References: <CAGL5yWZEWE5LfRQ+bNn2mRLo8XPyyaVzvEWAGQLMa6QXvKwabA@mail.gmail.com>
In-Reply-To: <CAGL5yWZEWE5LfRQ+bNn2mRLo8XPyyaVzvEWAGQLMa6QXvKwabA@mail.gmail.com>
From: Mohit Sahni <msahni@paloaltonetworks.com>
Date: Fri, 03 Mar 2023 13:36:10 -0800
Message-ID: <CAMRcsGR44FDPL-KuJ68yoP=6xHEnZnrx=af2888Ow5A=XV-TFw@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: draft-ietf-ace-cmpv2-coap-transport@ietf.org, ace@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008a173705f605bcc6"
X-Proofpoint-ORIG-GUID: dcaKOlyrtCki3TW2U1WwWoGprT6VDOUF
X-Proofpoint-GUID: dcaKOlyrtCki3TW2U1WwWoGprT6VDOUF
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-03_05,2023-03-03_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 malwarescore=0 clxscore=1015 phishscore=0 adultscore=0 mlxlogscore=999 bulkscore=0 spamscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303030183
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/-wQ0s3Eg1PrJ4q1ww3yXEIfESFA>
Subject: Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-transport-07
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 21:36:29 -0000
Hi Paul, Many thanks for the review comments. Please see my response below: > A CMP client SHOULD send each CoAP requests marked as a Confirmable message Section 2.1 of [RFC7252]. > >When would one not use a Confirmable message ? eg why is this a SHOULD and not a MUST ? > >(also, the sentence doesn't make, did you mean to add "as per Section 2.1 ....." ? ) <M.S.> Agreed. Will change that. Will fix the "section 2.1 of [RFC..]" too. > If the CoAP request is successful then the server SHOULD return a "2.05 Content" response code. > > What else could be sent if the SHOULD is not followed? Eg why is this is a SHOULD and not a MUST ? <M.S.> based on comments from Ben I changed it to SHOULD from MUST, here is his comment >>Perhaps I am reading too much into the analogy between HTTP and CoAP and >>thus to the applicability of draft-ietf-httpbis-bcp56bis (currently with the >>RFC Editor), but it doesn't seem terribly useful to name a specific response >>code here. The standard CoAP semantics apply, and we could probably just >>say that "the paylaod of a successful response contains the DER-encoded >>...". However, you raised a valid point so I will change it to: If the CoAP request is successful then the server MUST return a 2.XX response code otherwise server MUST return an appropriate CoAP Client Error 4.xx or a Server Error 5.xx response code. >This gets stranger even in this sentence, where it becomes very unclear: > > If the server supports CMP Announcements messages, then it SHOULD > send appropriate 2.xx success response code, otherwise a 4.xx > or 5.xx error response code. <M.S.> Agreed, I will change it to If the server supports CMP Announcements messages, then it MUST send an appropriate 2.xx success response code, otherwise it MUST send a 4.xx or 5.xx error response code. >Now "can" is very strange here for not being a SHOULD or MAY or MUST > > > can try after some time to register again > <M.S.> Agreed, Change it to "MAY try after some time to register again" >Same here. > > > Alternatively, an EE MAY poll for the potential changes > > What is meant with "potential changes" ? > (also the grammar of this sentence does not work) > > to get information about the changes. > >Also here, what "changes" ? <M.S.> Agreed, I will change it to Alternatively, an EE MAY periodically poll for the current status of the CA via the "PKI Information Request" message [Section 6.2 RFC 4210]. If supported, EEs may also use "Support Messages" defined in section 4.3 of the Lightweight CMP Profile [I-D.ietf-lamps-lightweight-cmp-profile] to get information about the changes. >Section 4: > > The CMP protocol depends upon various mechanisms in the protocol > itself for making the transactions secure therefore, security > issues of CoAP due to using UDP without cryptographic protections > for message confidentiality and integrity, do not carry over to > the CMP layer. The Security considerations for CoAP are mentioned > in the [RFC7252]. > >This is a very vague sentence that also does not read well. And I do not >understand the "carry over" parts. Perhaps something like: > > All payloads of the CMP protocol are cryptographically protected > against malicious modifications. As such, UDP can be used without > compromising the security of the CMP protocol. Security Considerations > for CoAP are defined in [RFC7252]. > <M.S.> Agreed. >Similarly the second point: > > Although the CMP protocol does not depend upon the underlying > transfer mechanism for protecting the messages but in cases when > confidentiality protection is desired, CoAP over DTLS [RFC9147] > MAY be used providing a hop-by-hop security. The use of DTLS can > provide confidentiality protection of the CMP-level metadata, > however it cannot obscure the fact that CMP is being used in > the underlying layer. > >Perhaps instead: > > The CMP protocol does not provide confidentiality of the CMP payloads. > If confidentiality is desired, CoAP over DTLS [RFC9147] can be used > to provide confidentiality for the CMP payloads, although it cannot > conceal that the CMP protocol is used within the DTLS layer. > > <M.S.> Agreed. > > Once a DTLS [RFC9147] association is established it SHOULD be > used for as long as possible to avoid the frequent overhead of > setting up a DTLS [RFC9147] association for constrained devices. > >I think the reference to "as long as possible" is a bit strange. How about: > > DTLS associations SHOULD be kept alive and re-used where possible > to amortise on the additional overhead of DTLS on constrained devices. > <M.S.> Agreed. >The next bullet point just needs some grammar fixes: > > An EE may miss some of the Announcement messages when using CoAP > Observe option [RFC7641] since Observe option is a "best-effort" > approach and server can lose state about subscribers for > announcement messages. The EEs may use alternate method described > in section 2.6 to get time critical changes like CRL updates. > >How about: > > An EE might not witness all of the Announcement messages when using the CoAP > Observe option [RFC7641], since the Observe option is a "best-effort" > approach and the server might lose its state for subscribers to its > announcement messages. The EEs may use an alternate method described > in section 2.6 to obtain time critical changes such as CRL updates. > <M.S.> Agreed. >The next bullet I just do not understand: > > In order to to reduce the risks imposed by DoS attacks, the > implementations SHOULD optimally use the available datagram size > i.e. avoid small datagrams containing partial CMP PKIMessage data. > >Please explain what is meant here and/or rephrase it. <M.S.> Here the intent is to warn the implementations to > >Section 5: > > This document requires a new entry to the CoAP > >s/requires/adds > > This document also requires > >s/requires/adds/ <M.S> Agreed. > > in the CMP protocol registry > >s/in/to <M.S> Agreed. > > > Description: The path to send a Get request > >Should that be a "GET request" ? > > > This document references the cmp, in the Well-Known URIs IANA > registry. This document is expected to be published together > with [I-D.ietf-lamps-cmp-updates]. Please add a reference of > this document to the Well-Known URIs IANA registry for that entry > > This document also refers the path segment "p" in the Certificate > Management Protocol (CMP) IANA registry. Please add a reference > of this document to the Certificate Management Protocol (CMP) > for that path segment. > >Please seperate the addition instruction for IANA from the RFC Editor >instruction. Just state the additions as if the other documents were >already published, and then add a note using [Note RFC Editor: ...] >explaining this document should be published after the two referenced >ones. <M.S.> This document references the cmp, in the Well-Known URIs IANA registry. Please add a reference of this document to the Well-Known URIs IANA registry for that entry This document also refers the path segment "p" in the Certificate Management Protocol (CMP) IANA registry. Please add a reference of this document to the Certificate Management Protocol (CMP) for that path segment. [Note RFC Editor: This document should be published together or after the [I-D.ietf-lamps-cmp-updates] and [I-D.ietf-lamps-lightweight-cmp-profile] as it references IANA entries created by those Internet drafts. > >[I-D.ietf-lamps-cmp-updates] and [I-D.ietf-lamps-lightweight-cmp-profile] >are listed as informative references, but these should be normative >references (as you point to sections in those documents for syntax) > <M.S.> Agreed. > >NITS: <M.S.> I will update the draft with suggested changes. > > Here is the list of CMP announcement messages > >Do not use "here". Maybe just: The list of CMP ....... are: > > An EE MAY use CoAP Observe option > >s/use/use the/ > > to get any announcement messages > >s/any/all > > If for some reason server cannot add > >s/server/the server > > A client on receiving > >s/on receiving/that receives > > allows the EE to receive > >s/the EE/an EE > > Since the CMP payload is same over CoAP and HTTP transfer mechanisms > >Since the CMP payload is the same wether using CoAP or HTTP transfer mechanisms > > Some recommended mechanisms are as follows: > >delete "as follows" > > Since the Proxy may have access to the CMP-Level > >s/may have/has > > therefore proper role based access control should be in place. > >s/therefore/, proper role based access controls should be deployed > > Proxy can be > >s/Proxy/Proxies > > to protect them > >s/to protect them/for protection > > The proxy however may itself be vulnerable to resource-exhaustion attacks > >s/The proxy itself can also be attacked by resource-exhaustion attacks > Regards, Mohit On Sun, Feb 26, 2023 at 5:49 PM Paul Wouters <paul.wouters@aiven.io> wrote: > AD review: draft-ietf-ace-cmpv2-coap-transport-07 > > > Please see below my AD review comments. I believe a revision of the > document > is required before sending it to the IESG. The substantial comments are > mostly > about SHOULD vs MUST cases, but there is also a few large pieces of text, > mostly > in the Security Considerations section, that need to be reformulated for > clarity. > I've tried to propose text where I can. > > I've also tried to fixup a few spelling and grammer issues. > > Regards, > > Paul > > > > > > A CMP client SHOULD send each CoAP requests marked as a > Confirmable message Section 2.1 of [RFC7252]. > > When would one not use a Confirmable message ? eg why is this a SHOULD and > not a MUST ? > > (also, the sentence doesn't make, did you mean to add "as per Section 2.1 > ....." ? ) > > > If the CoAP request is successful then the server SHOULD return a > "2.05 Content" response code. > > What else could be sent if the SHOULD is not followed? Eg why is this is a > SHOULD and not a MUST ? > > If the CoAP request is not successful then an appropriate CoAP > Client Error 4.xx or a Server Error 5.xx response code MUST > be returned. > > Especially seeing there is a MUST here. > > > This gets stranger even in this sentence, where it becomes very unclear: > > If the server supports CMP Announcements messages, then it SHOULD > send appropriate 2.xx success response code, otherwise a 4.xx > or 5.xx error response code. > > eg the 'otherwise' clause is not using a SHOULD or MUST, does it inherit > the > one from the previous sentence? Also, why SHOULD and not MUST? > > it can omit the Observe option > > Now "can" is very strange here for not being a SHOULD or MAY or MUST > > > can try after some time to register again > > Same here. > > > Alternatively, an EE MAY poll for the potential changes > > What is meant with "potential changes" ? > (also the grammar of this sentence does not work) > > to get information about the changes. > > Also here, what "changes" ? > > > Section 4: > > The CMP protocol depends upon various mechanisms in the protocol > itself for making the transactions secure therefore, security > issues of CoAP due to using UDP without cryptographic protections > for message confidentiality and integrity, do not carry over to > the CMP layer. The Security considerations for CoAP are mentioned > in the [RFC7252]. > > This is a very vague sentence that also does not read well. And I do not > understand the "carry over" parts. Perhaps something like: > > All payloads of the CMP protocol are cryptographically protected > against malicious modifications. As such, UDP can be used without > compromising the security of the CMP protocol. Security > Considerations > for CoAP are defined in [RFC7252]. > > Similarly the second point: > > Although the CMP protocol does not depend upon the underlying > transfer mechanism for protecting the messages but in cases when > confidentiality protection is desired, CoAP over DTLS [RFC9147] > MAY be used providing a hop-by-hop security. The use of DTLS can > provide confidentiality protection of the CMP-level metadata, > however it cannot obscure the fact that CMP is being used in > the underlying layer. > > Perhaps instead: > > The CMP protocol does not provide confidentiality of the CMP > payloads. > If confidentiality is desired, CoAP over DTLS [RFC9147] can be used > to provide confidentiality for the CMP payloads, although it cannot > conceal that the CMP protocol is used within the DTLS layer. > > > > Once a DTLS [RFC9147] association is established it SHOULD be > used for as long as possible to avoid the frequent overhead of > setting up a DTLS [RFC9147] association for constrained devices. > > I think the reference to "as long as possible" is a bit strange. How about: > > DTLS associations SHOULD be kept alive and re-used where possible > to amortise on the additional overhead of DTLS on constrained > devices. > > The next bullet point just needs some grammar fixes: > > An EE may miss some of the Announcement messages when using CoAP > Observe option [RFC7641] since Observe option is a "best-effort" > approach and server can lose state about subscribers for > announcement messages. The EEs may use alternate method described > in section 2.6 to get time critical changes like CRL updates. > > How about: > > An EE might not witness all of the Announcement messages when > using the CoAP > Observe option [RFC7641], since the Observe option is a > "best-effort" > approach and the server might lose its state for subscribers to its > announcement messages. The EEs may use an alternate method > described > in section 2.6 to obtain time critical changes such as CRL updates. > > The next bullet I just do not understand: > > In order to to reduce the risks imposed by DoS attacks, the > implementations SHOULD optimally use the available datagram size > i.e. avoid small datagrams containing partial CMP PKIMessage data. > > Please explain what is meant here and/or rephrase it. > > Section 5: > > This document requires a new entry to the CoAP > > s/requires/adds > > This document also requires > > s/requires/adds/ > > in the CMP protocol registry > > s/in/to > > > Description: The path to send a Get request > > Should that be a "GET request" ? > > > This document references the cmp, in the Well-Known URIs IANA > registry. This document is expected to be published together > with [I-D.ietf-lamps-cmp-updates]. Please add a reference of > this document to the Well-Known URIs IANA registry for that entry > > This document also refers the path segment "p" in the Certificate > Management Protocol (CMP) IANA registry. Please add a reference > of this document to the Certificate Management Protocol (CMP) > for that path segment. > > Please seperate the addition instruction for IANA from the RFC Editor > instruction. Just state the additions as if the other documents were > already published, and then add a note using [Note RFC Editor: ...] > explaining this document should be published after the two referenced > ones. > > > [I-D.ietf-lamps-cmp-updates] and [I-D.ietf-lamps-lightweight-cmp-profile] > are listed as informative references, but these should be normative > references (as you point to sections in those documents for syntax) > > > NITS: > > Here is the list of CMP announcement messages > > Do not use "here". Maybe just: The list of CMP ....... are: > > An EE MAY use CoAP Observe option > > s/use/use the/ > > to get any announcement messages > > s/any/all > > If for some reason server cannot add > > s/server/the server > > A client on receiving > > s/on receiving/that receives > > allows the EE to receive > > s/the EE/an EE > > Since the CMP payload is same over CoAP and HTTP transfer > mechanisms > > Since the CMP payload is the same wether using CoAP or HTTP transfer > mechanisms > > Some recommended mechanisms are as follows: > > delete "as follows" > > Since the Proxy may have access to the CMP-Level > > s/may have/has > > therefore proper role based access control should be in place. > > s/therefore/, proper role based access controls should be deployed > > Proxy can be > > s/Proxy/Proxies > > to protect them > > s/to protect them/for protection > > The proxy however may itself be vulnerable to resource-exhaustion > attacks > > s/The proxy itself can also be attacked by resource-exhaustion attacks > >
- [Ace] AD review of draft-ietf-ace-cmpv2-coap-tran… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Saurabh Tripathi
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Paul Wouters
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Mohit Sahni
- Re: [Ace] AD review of draft-ietf-ace-cmpv2-coap-… Daniel Migault