Re: [Ace] Lars Eggert's No Objection on draft-ietf-ace-mqtt-tls-profile-15: (with COMMENT)

Cigdem Sengul <cigdem.sengul@gmail.com> Thu, 10 March 2022 00:28 UTC

Return-Path: <cigdem.sengul@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237843A13B7; Wed, 9 Mar 2022 16:28:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dT6XEnPCXAXJ; Wed, 9 Mar 2022 16:28:03 -0800 (PST)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19EE03A1325; Wed, 9 Mar 2022 16:28:03 -0800 (PST)
Received: by mail-vs1-xe2d.google.com with SMTP id a186so4264275vsc.3; Wed, 09 Mar 2022 16:28:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pA9EVfrBp4KgvjbuxLX6CtROiK5vVzYq63PdZYd0cZQ=; b=LUBUf5YqExoUqjbEpLgAgNiec7+D+k0UauaBwMcsvO8rqzYt69gl+c4k0jm6onfadU fp5MBArJZfE2NJZicyQKWze52IewP/TJ+3b9GgM7xcRbYVt1/UFFeyLOThXp/zb+ZaUt kc2TlNsub7O1m3WoNN6QaILeJONwBrYF/+4t2RCEpkxNOf8HMsi+/yOBkDxXv+JTO/Lf I5z7fHzAjuh05fyNx9+sIa9wpnK8qO6eKV9XziVL1WML3K64wxa0kevUetVtb/qKBWtH EINspnqzVo1QZLzHykMJ81Qn182ZHPvPh0PG810PM7Urbr0JlOFzC4QqmSyR5G6Ybk2Z q19w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pA9EVfrBp4KgvjbuxLX6CtROiK5vVzYq63PdZYd0cZQ=; b=JfkMEMOBtRW93iw734Hj2xigvH8rOMlbyc1pM7bSPEPJzUe2OJD47kCPVZS7donUl5 gt356wI20h20PuFiD11HB3fvKMDTXECsZciMa6UOJOljINIyNBZPuX+zpb1zWCnYOJAE +bUxhbkMglUHx7/bfinkM+nYBLmqzOM4QC2ZU1Wh0oUX8sxW8Y7kHVDAHfwjrP2IyJfk cUY1gDOyMFtVEwcXn0fHZv9JDM0rgPB3uLlF672Vq/jeTlXssDWHKtSvWpqVfZ152uJ5 H7h2j5qLwq4A7f2TxP9RJqrdW7HJMiSjqOmBxIxRQgOKXSh5QBkT3F153SErIOdRr3MR RLPQ==
X-Gm-Message-State: AOAM530w+0HEtaIIufZT4wz5a7nc9OzkWG0i4UntOvOprTocHVrnxDJz SMarHt8pNbiruStiy4JEMR/gCq1Tg3lWs2IBtWqFfq+eesA=
X-Google-Smtp-Source: ABdhPJxilKO5ZrEtEjogIEN0iZ0kDI1rGA5gd16aCKrKDJF2/P+7NXUz+KQj7h9Y0sAon6zyCkP5jTb9rCCedt5cxIU=
X-Received: by 2002:a67:2f88:0:b0:31e:c163:ee53 with SMTP id v130-20020a672f88000000b0031ec163ee53mr1201620vsv.78.1646872081763; Wed, 09 Mar 2022 16:28:01 -0800 (PST)
MIME-Version: 1.0
References: <164664548565.10586.1589707546458433947@ietfa.amsl.com>
In-Reply-To: <164664548565.10586.1589707546458433947@ietfa.amsl.com>
From: Cigdem Sengul <cigdem.sengul@gmail.com>
Date: Thu, 10 Mar 2022 00:27:49 +0000
Message-ID: <CAA7SwCNk0fBNvHe6Uz0HFveT9sM8E8tW_ziUgQL6=TgeWiM+pw@mail.gmail.com>
To: Lars Eggert <lars@eggert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ace-mqtt-tls-profile@ietf.org, ace-chairs@ietf.org, Ace Wg <ace@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Content-Type: multipart/alternative; boundary="0000000000006c910605d9d24901"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/HZsig3NS8a3q9POT6T39CZ1hMDI>
Subject: Re: [Ace] Lars Eggert's No Objection on draft-ietf-ace-mqtt-tls-profile-15: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 00:28:09 -0000

Dear Lars,

Thank you very much for your comments - I especially appreciated the nudge
for inclusive language and tried to address them as best as I could.
I know it was stated that there was no need to inform changes, but let me
share the PR
<https://github.com/ace-wg/mqtt-tls-profile/pull/103/commits/dda6515a9bdae22b3228e3e62c2097c5c6cd7ea2>
 still.
Explanations of fixes/comments if left unchanged are also inline.
Kind regards,
--Cigdem

On Mon, 7 Mar 2022 at 09:31, Lars Eggert via Datatracker <noreply@ietf.org>
wrote:

> Lars Eggert has entered the following ballot position for
> draft-ietf-ace-mqtt-tls-profile-15: No Objection
>
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ace-mqtt-tls-profile/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Found terminology that should be reviewed for inclusivity; see
> https://www.rfc-editor.org/part2/#inclusive_language for background and
> more
> guidance:
>
>  * Term "master"; alternatives might be "active", "central", "initiator",
>    "leader", "main", "orchestrator", "parent", "primary", "server".
>

[CS:  I would like to indeed avoid this work, but it appears as a result of
using "Extended Master Secret".
 Has this been replaced with an alternative?]

>
>  * Term "his"; alternatives might be "they", "them", "their".
>
[CS: The word appears in acknowledgements to thank specific people;
however, happy to change it to their pronouns,
if "his" doesn't apply.]

>
>  * Term "invalid"; alternatives might be "not valid", "unenforceable", "not
>    binding", "inoperative", "illegitimate", "incorrect", "improper",
>    "unacceptable", "inapplicable", "revoked", "rescinded".
>

[CS: Fixed except in two places where the word appears as part of a
standard MQTT error response.]

>
> Thanks to Theresa Enghardt for their General Area Review Team (Gen-ART)
> review
> (https://mailarchive.ietf.org/arch/msg/gen-art/-D0Fe7Px8IRU5yIFmngv6SR420c
> ).
>
>
> -------------------------------------------------------------------------------
> All comments below are about very minor potential issues that you may
> choose to
> address in some way - or ignore - as you see fit. Some were flagged by
> automated tools (via https://github.com/larseggert/ietf-reviewtool), so
> there
> will likely be some false positives. There is no need to let me know what
> you
> did with these suggestions.
>
> Section 2.1. , paragraph 5, nit:
> >    This document follows [RFC7800] for PoP semantics for JWTs (CWTs can
> >    also be used).  The PoP token includes a 'cnf' parameter with a
>
> s/can/MAY/ ?
>
[CS: Fixed.]


>
> Section 2.2.2. , paragraph 4, nit:
> -    DISCONNECT packet as explained below.
> +    DISCONNECT packet, as explained below.
> +                     +
>

[CS: The problematic text no longer exists]

>
> Section 2. , paragraph 4, nit:
> > e RPK case is handled as described in in Section 3.2.1 of the DTLS
> profile [
> >                                    ^^^^^
> Possible typo: you repeated a word.
>
[CS: Fixed.]

>
> Section 2.2.1. , paragraph 2, nit:
> > lient MUST validate a public key from a X.509 certificate or an RPK from
> the
> >                                       ^
> Use "an" instead of "a" if the following word starts with a vowel sound,
> e.g.
> "an article", "an hour".
>
[CS: Looks correct, kept as is.]

>
> Section 2.2.1. , paragraph 7, nit:
> >  equal to 0, and the token is invalid or the claims cannot be obtained
> in the
> >                                      ^^^
> Use a comma before "or" if it connects two independent clauses (unless
> they are
> closely connected and short).
>
 [CS: Looks correct, kept as is.]

>
> Section 2.2.3. , paragraph 2, nit:
> > to an earlier proposal by Fremantle et al [fremantle14]. After sending
> the C
> >                                     ^^^^^
> A period is misplaced or missing.
>
[CS: Looks correct, kept as is.]

>
> Section 2.2.4.2. , paragraph 3, nit:
> >  as shown in Figure 7 and includes the the 8-byte Client nonce, and the
> signa
> >                                    ^^^^^^^
> Possible typo: you repeated a word.
>
[CS: fixed]

>
> Section 2.2.5. , paragraph 3, nit:
> > ame or filter in question is either an an exact match to or a subset of
> at le
> >                                     ^^^^^
> Possible typo: you repeated a word.
>
 [CS: The problematic text no longer exists]

>
> Section 2.4.1. , paragraph 3, nit:
> > est for topic "a/b/*", and has a token token permits "a/*", this is a
> valid s
> >                                  ^^^^^^^^^^^
> Possible typo: you repeated a word.
>
[CS: The problematic text no longer exists]

>
> Section 10.1. , paragraph 23, nit:
> >  broker. * Added a statement that the the broker will disconnect on
> almost an
> >                                   ^^^^^^^
> Possible typo: you repeated a word.
>
 [CS: The problematic text no longer exists]

>
> Uncited references:
>      [I-D.ietf-ace-oauth-params], [RFC8422], [RFC7251], and [RFC8705].
>
[CS: Fixed in artart review]

>
> Document references draft-ietf-ace-aif-05, but -06 is the latest available
> revision.
>
[CS: Fixed.]

>
> Document references draft-ietf-ace-pubsub-profile-01, but -04 is the latest
> available revision.
>
 [CS: Fixed in artart review]

>
> These URLs in the document did not return content:
>  *
> http://www.ietf.org/internet-drafts/draft-ietf-ace-pubsub-profile-01.txt

[CS: version 04 does]

>
>
> These URLs in the document can probably be converted to HTTPS:
>  * http://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html
>  * http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html
>  * http://dx.doi.org/10.1109/SIoT.2014.8

[CS: Done]