[Ace] draft-ietf-ace-coap-est-00

Jim Schaad <ietf@augustcellars.com> Sat, 10 March 2018 21:15 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id AC2551270AC; Sat, 10 Mar 2018 13:15:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3qTNzF82cVHH; Sat, 10 Mar 2018 13:15:57 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 363CF1201F8; Sat, 10 Mar 2018 13:15:57 -0800 (PST)
Received: from Jude ( by mail2.augustcellars.com ( with Microsoft SMTP Server (TLS) id 15.0.1347.2; Sat, 10 Mar 2018 13:13:49 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-ace-coap-est@ietf.org
CC: ace@ietf.org
Date: Sat, 10 Mar 2018 13:15:46 -0800
Message-ID: <001d01d3b8b4$f6e71600$e4b54200$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdO4tMNz0JYN1PFNQaWsBOIkt90Z7Q==
Content-Language: en-us
X-Originating-IP: []
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/2vWiPe8dtpdlFASU8edzjf_8XbU>
Subject: [Ace] draft-ietf-ace-coap-est-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Mar 2018 21:15:59 -0000

I agree with Hannes, this version of the document is much cleaner and much
clearer.  I think that it has solved most of the problems that I initially
had with the draft.  It is not ready to progress as there are still sections
that are marked as TODO.  But it is much closer to finishing that it was.

I still have a couple of comments from a quick read through of the document.

In section 2 - There will be a problem in that the port format extension is
being eliminated in TLS 1.3 - We may want to divide this into a 1.2 and 1.3
section for clarity.

In section 3- Should we be looking at the use of COSE rather than CMS for
encryption of key services?

*  Do you have the option to additionally support the long name for the
service as well as the short name?  MUST have short name MAY have long name?

*  In section 6- All proxies are required by CoAP blocking to re-assemble
the entire message at the proxy.  It can re-block things going to the next
proxy.  While there is no requirement that the proxy get the entire message
before sending on pieces, this should be common practice and would be
required for a CoAP/HTTP proxy.

* Should probably add a note in section 6 that any proxy that terminates the
DTLS connection is going to be required to act as an RA.  RAs are required
to have the entire request for adding authentication as necessary.