[Ace] Lars Eggert's No Objection on draft-ietf-ace-dtls-authorize-16: (with COMMENT)

[Lars Eggert via Datatracker <noreply@ietf.org>]

Lars Eggert has entered the following ballot position for
draft-ietf-ace-dtls-authorize-16: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-ace-dtls-authorize/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Section 3.4, paragraph 4, comment:
>    The resource server MUST only accept an incoming CoAP request as
>    authorized if the following holds:

"MUST only" is odd, suggest to rephrase. (See below.)

-------------------------------------------------------------------------------
All comments below are very minor change suggestions that you may choose to
incorporate in some way (or ignore), as you see fit. There is no need to let me
know what you did with these suggestions.

Section 11.1, paragraph 12, nit:
>    [RFC8152]  Schaad, J., "CBOR Object Signing and Encryption (COSE)",
>               RFC 8152, DOI 10.17487/RFC8152, July 2017,
>               <https://www.rfc-editor.org/info/rfc8152>.

Unused Reference: 'RFC8152' is defined on line 1144, but no explicit reference
was found in the text

Section 11.1, paragraph 16, nit:
>    [RFC5077]  Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
>               "Transport Layer Security (TLS) Session Resumption without
>               Server-Side State", RFC 5077, DOI 10.17487/RFC5077,
>               January 2008, <https://www.rfc-editor.org/info/rfc5077>.

Obsolete informational reference (is this intentional?): RFC 5077 (Obsoleted by
RFC 8446)

Section 11.1, paragraph 22, nit:
>    [RFC8613]  Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
>               "Object Security for Constrained RESTful Environments
>               (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019,
>               <https://www.rfc-editor.org/info/rfc8613>.

Unused Reference: 'RFC8613' is defined on line 1208, but no explicit reference
was found in the text

Section 3.2.2, paragraph 3, nit:
-    To be consistent with [RFC7252] which allows for shortened MAC tags
+    To be consistent with [RFC7252], which allows for shortened MAC tags
+                                   +

Section 3.3.2, paragraph 3, nit:
-    be consistent with the recommendations in [RFC7252] a client is
+    be consistent with the recommendations in [RFC7252], a client is
+                                                       +

Section 3.4, paragraph 4, nit:
-    The resource server MUST only accept an incoming CoAP request as
-                             ^^^^
-    authorized if the following holds:
-                                ^^ --
+    The resource server MUST NOT accept an incoming CoAP request as
+                             ^^^
+    authorized if any of the following fail:
+                  +++++++              ^^^

Section 7.1, paragraph 3, nit:
-    [RFC7925] requires clients to decline any renogiation attempt.  A
-                                                  ^
+    [RFC7925] requires clients to decline any renegotiation attempt.  A
+                                                 ++ ^