[Ace] Lars Eggert's No Objection on draft-ietf-ace-dtls-authorize-16: (with COMMENT)

Lars Eggert via Datatracker <noreply@ietf.org> Wed, 24 March 2021 17:56 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: ace@ietf.org
Delivered-To: ace@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 93DBF3A3225; Wed, 24 Mar 2021 10:56:57 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lars Eggert via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-ace-dtls-authorize@ietf.org, ace-chairs@ietf.org, ace@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Lars Eggert <lars@eggert.org>
Message-ID: <161660861757.9999.12743279121890521978@ietfa.amsl.com>
Date: Wed, 24 Mar 2021 10:56:57 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/R3kgY6Ocez1onbdAdZY0_8lAOBM>
Subject: [Ace] Lars Eggert's No Objection on draft-ietf-ace-dtls-authorize-16: (with COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 17:57:03 -0000

Lars Eggert has entered the following ballot position for
draft-ietf-ace-dtls-authorize-16: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-ace-dtls-authorize/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Section 3.4, paragraph 4, comment:
>    The resource server MUST only accept an incoming CoAP request as
>    authorized if the following holds:

"MUST only" is odd, suggest to rephrase. (See below.)

-------------------------------------------------------------------------------
All comments below are very minor change suggestions that you may choose to
incorporate in some way (or ignore), as you see fit. There is no need to let me
know what you did with these suggestions.

Section 11.1, paragraph 12, nit:
>    [RFC8152]  Schaad, J., "CBOR Object Signing and Encryption (COSE)",
>               RFC 8152, DOI 10.17487/RFC8152, July 2017,
>               <https://www.rfc-editor.org/info/rfc8152>.

Unused Reference: 'RFC8152' is defined on line 1144, but no explicit reference
was found in the text

Section 11.1, paragraph 16, nit:
>    [RFC5077]  Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
>               "Transport Layer Security (TLS) Session Resumption without
>               Server-Side State", RFC 5077, DOI 10.17487/RFC5077,
>               January 2008, <https://www.rfc-editor.org/info/rfc5077>.

Obsolete informational reference (is this intentional?): RFC 5077 (Obsoleted by
RFC 8446)

Section 11.1, paragraph 22, nit:
>    [RFC8613]  Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
>               "Object Security for Constrained RESTful Environments
>               (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019,
>               <https://www.rfc-editor.org/info/rfc8613>.

Unused Reference: 'RFC8613' is defined on line 1208, but no explicit reference
was found in the text

Section 3.2.2, paragraph 3, nit:
-    To be consistent with [RFC7252] which allows for shortened MAC tags
+    To be consistent with [RFC7252], which allows for shortened MAC tags
+                                   +

Section 3.3.2, paragraph 3, nit:
-    be consistent with the recommendations in [RFC7252] a client is
+    be consistent with the recommendations in [RFC7252], a client is
+                                                       +

Section 3.4, paragraph 4, nit:
-    The resource server MUST only accept an incoming CoAP request as
-                             ^^^^
-    authorized if the following holds:
-                                ^^ --
+    The resource server MUST NOT accept an incoming CoAP request as
+                             ^^^
+    authorized if any of the following fail:
+                  +++++++              ^^^

Section 7.1, paragraph 3, nit:
-    [RFC7925] requires clients to decline any renogiation attempt.  A
-                                                  ^
+    [RFC7925] requires clients to decline any renegotiation attempt.  A
+                                                 ++ ^