[Ace] Roman Danyliw's Discuss on draft-ietf-ace-oscore-profile-17: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 23 March 2021 03:28 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ace@ietf.org
Delivered-To: ace@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E094F3A1BAF; Mon, 22 Mar 2021 20:28:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ace-oscore-profile@ietf.org, ace-chairs@ietf.org, ace@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <161647008263.14777.4462979452223184651@ietfa.amsl.com>
Date: Mon, 22 Mar 2021 20:28:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/qtlXsjI5KvnAnWdnPZSwg4gGOZ4>
Subject: [Ace] Roman Danyliw's Discuss on draft-ietf-ace-oscore-profile-17: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2021 03:28:03 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-ace-oscore-profile-17: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ace-oscore-profile/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (A simple editorial fix) Per Section 5.8.2 of [I-D.ietf-ace-oauth-authz], the name of the parameter in the C-to-AS communication is “ace_profile” (not “profile”). The “ace_profile” parameter is mistakenly referenced as “profile” in the following place: (a) Section 3.2. The AS can signal that the use of OSCORE is REQUIRED for a specific access token by including the "profile" parameter with the value "coap_oscore" in the access token response ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Kathleen Moriarty for the SECDIR review. ** In addition to the normative text noted in the DISCUSS, the examples in Figure 4 and Figure 7 also have the same typo (but that doesn’t rise to a DISCUSS) ** Section 7. Per “Developers should avoid using multiple access tokens for a same client”, is there a reason not to use a normative SHOULD here? The DTLS profile has nearly the identical words and uses a normative SHOULD? Likewise should “This profile recommends that the that RS maintains a single access token for each client” be “This profile RECOMMENDS”? ** Editorial nits Section 3.2. Typo. s/The applications needs/The application needs/ Section 3.2. Typo. s/parameeter/parameter/ Section 4. Typo. s/Note that the RS and client authenticates/Note that the RS and client authenticate/ Section 4.1. Typo. s/The client may also chose/The client may also choose/
- [Ace] Roman Danyliw's Discuss on draft-ietf-ace-o… Roman Danyliw via Datatracker
- Re: [Ace] Roman Danyliw's Discuss on draft-ietf-a… Francesca Palombini