Re: [Ace] I-D Action: draft-ietf-ace-cmpv2-coap-transport-02.txt

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Mon, 13 September 2021 06:32 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 229103A07A0 for <ace@ietfa.amsl.com>; Sun, 12 Sep 2021 23:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JOmycnOn1Eh0 for <ace@ietfa.amsl.com>; Sun, 12 Sep 2021 23:32:30 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10076.outbound.protection.outlook.com [40.107.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B1263A0797 for <ace@ietf.org>; Sun, 12 Sep 2021 23:32:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Li5iiOlluKdPFhJhuelavaCNk8drIbhjWTFVxriSlPI9jAPXH0Y0NtNWyEH5vwFnhTwV7fDQH9GzahtORcBH9W18IYr9oA8tNB5EnYr10RJcCkZZL8Jjpr7Y+/1DbRzkhI9xWPub7JAuJazqkk42XdrsUlIaVLeGuTduGoHqlVWOW0nkXSdrb+IwHSeTqrMBbaxvf9Y8/MTH8++iVpNUC+Xbd6tJtrfrspxu8WLTBIC6OpagHkyiWOPuAb985IVRklrXoktde47OQgmEmKP13jkUAGGxI/fsJOTOoeELq89inkOc8H9HptvBKn4C40B5uL0fnrYeqgM+GXR/A+2Zmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=D7jD07XQCJuJJISmi7pUD+JsaR+WTuM5DWb1zlmrG80=; b=BUwFfZhuPWvBTwkP95UuZ4ymoKznOs11rk4FVeBZ4L+augrDe3cEDSveukN6U3k/rxWEegoSbCvar14ufvvKncbn3IgncQ9xYaWMP0AXasSUtp49dN9HC/V8lpvTL9QRGpj6ek82Fc4MFnEB+msXN+IVgKhO6RH9FXEKk3eDmqB9AUEqMwJ1hsdGn95JY9ZohU/T4yk6FJ5LRDP9ZnZgsh69+dko0SKhELjq4U48GqkJeKnFj9ekG8Oq9MAURJ1XUoULY7uP6FMwt4a0IfAW5SlEpwRK3MPmuO2Xiqnt4CsKj8LFnlGUW0/hnrA+2PDCp355328zoRGESTjedDioSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D7jD07XQCJuJJISmi7pUD+JsaR+WTuM5DWb1zlmrG80=; b=KhoVRk8L8nI/RvFq0pFSU5BcXe+ZhxRfjWUnI7vTn6j14bQdN0yVQGoua8hxke0rfCvq8MB/2I/6G2r64uH85nf76zDVsSPYueI2xAbxcbBs2V16nYHIdRcwJtKhLiCm3RKk6SADhNBX0cGOs6C0BMrj5fF6RPdXvciLjYLotjY=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2884.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:15e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.18; Mon, 13 Sep 2021 06:32:26 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::49c9:59f7:5238:b8f]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::49c9:59f7:5238:b8f%7]) with mapi id 15.20.4500.018; Mon, 13 Sep 2021 06:32:26 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Daniel Migault <mglt.ietf@gmail.com>, Mohit Sahni <mohit06jan@gmail.com>
CC: Saurabh Tripathi <stripathi@paloaltonetworks.com>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>, Ace Wg <ace@ietf.org>
Thread-Topic: [Ace] I-D Action: draft-ietf-ace-cmpv2-coap-transport-02.txt
Thread-Index: AQHXUWwho8tOpPWREEe0O73nBHk046r0NnqAgA/gygCAh8kmAIAAu62AgBWOpaA=
Date: Mon, 13 Sep 2021 06:32:26 +0000
Message-ID: <AM0PR10MB2418D111C61B2AAE8A73C40BFED99@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <162195022206.30344.3798071050372276240@ietfa.amsl.com> <CAEpwuw20QKD3fEUdTUeFw9aMQ69WfjgZNF++j-6UFV_0YudhUg@mail.gmail.com> <CADZyTknWhA_TyJqUMgk57=f16dO5otAHzpJYJhWsAjE8fn445Q@mail.gmail.com> <CAEpwuw2jPrSGD4e+oacsR9_6F8uq8VKKFbZXCpvhDWKg6PcQEg@mail.gmail.com> <CADZyTkmN+tQhNpp-SzZ4PtwCrLfdZBDA4mz2XbBvSbE6azHJhw@mail.gmail.com>
In-Reply-To: <CADZyTkmN+tQhNpp-SzZ4PtwCrLfdZBDA4mz2XbBvSbE6azHJhw@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-09-13T06:32:24Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=e4e04166-6dc7-4857-adf6-3ad5f4d1ce9b; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 219f9cdc-716b-4eff-9638-08d9768040fa
x-ms-traffictypediagnostic: AM0PR10MB2884:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB288412CC0E76C7E03571D2E7FED99@AM0PR10MB2884.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0heHk/1BftTRqx2B/h1zjEe9URX6utalJBe2dBDJX7bbGRIQ/SZINGLVNq4CFFIhhFNx//52QKNzibMqiUfUCzRW+fN5fYlVV/avhlK/qyPyw5BKghhH/1MZyyRdFmLG7J3tpO+b6ETJWZunw6lsS7XRKRWqC+xAL/MVmGj3rM/+BCbzDsS9Bu0l7KwQKWsTxVmgBMSH7ZrSZhQOrGFzBRAZmc5feK1L8LQjVNZ5U0o4Mi6wjGDdn/RmKI6IWaJacKXyr09Rx8YYOAGWlSMfKsF2IltcpCsNLE6Ic+Nq+dlsbNu/g+gqx3hz9rN8zAilzlM+cyuaTSRatLQV5IQyNibCGq/Pobv6ur0/s5GygHm3rL7Buhls1Ske5BJeOve384qhpbIz0B08yRY4rMkWD3BidNfj8Vu2xtdDtxpCFNrrfuuI4BCBqHhKZo5GKP4EtoCbx8QfqnDOvxYLU8FJo8ZpSm8jPF+gdNCrmqoNNuTTljHfV9FbY4EO70+/wVgdlFSHeag42QOroytpr+OvUrpHGNNWKTVoxm0mT+RJQqQgLnQRBZng+xWIi54rqAfW1XWhWOUh58l2XU7MUaxPQ9f5NKfZ0UjnI1cGjhtYRKi0cbg+cmoyat1XyUlJzIH+FfkpU0/j7mg4VoLG0O7E912nYiYivjnmUcTzfaQH+9Q51Gittb8Y2AMSkKvkEAW4wIL8CX6YuOdTUu6/LB8fqpazydfkFlQ6KK9MB5KI38W8EwBjKu3+pwmSNsUs0yWGD/OQEwcAfmWG4ymsUhkoxYqDAglOFkkfGbhq8NX6ZUclho27UWK6D/e+COo5gnChl1qcrdE/fkrwi7DrxeG0sw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(366004)(39860400002)(136003)(396003)(166002)(26005)(52536014)(2906002)(30864003)(55016002)(83380400001)(7696005)(38070700005)(66574015)(6506007)(9686003)(66946007)(66476007)(54906003)(33656002)(110136005)(71200400001)(8676002)(86362001)(122000001)(38100700002)(478600001)(76116006)(186003)(8936002)(66446008)(53546011)(5660300002)(966005)(316002)(64756008)(4326008)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?EET8ZWY3N92xMVyIm8pL3mM/sNi6VTIOxoY3uaODBal053+8HmcSVUFs6yCj?= =?us-ascii?Q?PLwbBFrh160xvAd+L/4iVxRxYwBYjaHNEyPweY+eNO6RppyfY/AwkkV3/h/4?= =?us-ascii?Q?gWJhlRH/N8VN5KTcWBVIn1GlCjnZsfVemej79mUxvFVGZySsR9apZE3EqkTD?= =?us-ascii?Q?M02ayejlY7Yt7BYe7YrG4O9FVSG+oTiuxcLFSl4nX0wv38bdBDW7ozNy6L60?= =?us-ascii?Q?RMyfJwUtuySm37Eb1lp6QABEuZd2ZR6i90daM3T/jP3p2KiVqQYsGak5GUwB?= =?us-ascii?Q?Onuvj4v0dWmwX8u7K+xuOLtjIYLRm1S954t+JMR1t4N/W/aK5rbo49mOoIli?= =?us-ascii?Q?qZiGqZO6A+EJy7S7FGyIJsXYEJCwBQrn2xDfewZPibHr1UHH89OcoRUR7BE3?= =?us-ascii?Q?tGem8ltbRjx9gzvFtThf3rcltm4r1KOnvUISu30TRvRHOC0PUTIP+hWLQCQV?= =?us-ascii?Q?ACrEEERFixWH9jqNsuY3KvxGZJBYMAAFza2ZITZkmZTRd87EbOwkjv3COUQu?= =?us-ascii?Q?Q9C0wOHzbB0I5fk6DdgOehgNvPkmR+BqlG9DWG2Nyefl7DzTKXhMuFrPfcse?= =?us-ascii?Q?kYiVL5oDjpf8gAS5ABIoa6eo6hatH7eZ2I4OeA2mR1jmbSECcgKLRstbMi9t?= =?us-ascii?Q?OTGhuw7gcvyvxU5U3H12Mq2SMZv0HUDdJTeDJAA7KNK4+ls4bWFJrDDk2LIu?= =?us-ascii?Q?QP2euOVArbe56RniD7v40NqAe1JcyAJA3YdIJvjIw5ITd23qbnYGdDVDPPvQ?= =?us-ascii?Q?zN2U8ftN809ruF0spBYgBsBNsPPtcnopv4bl/2GLeTfNuVtcy+tgUgztLIcc?= =?us-ascii?Q?IpYCo6adJIjeAoX1Tf5A/XH4xPWm7gNMBsOsJCSWtcVcides/yH6ZiGy6F6t?= =?us-ascii?Q?oOYluH5wL99oZ42lxmxEtrh+ZT9Zw92O6jlST/eaWThDIRLBF5B+s5jZqCQD?= =?us-ascii?Q?X4X9LZg4I5khGktUu1TNmAzfk61NSsDbbkW/poAIZZdDUTURTHek/Ro/A967?= =?us-ascii?Q?F7D0VZ3PGt0BssxPnfCcWdxI4puxmZxFLrxiOnUuPAFdqeYykJ8nQYUOEU6m?= =?us-ascii?Q?hjI5mSvDfMI3gRzBsaQoQUYMcrM52aUa0g9o0airv0gy7hF9ybQgbFja1f8d?= =?us-ascii?Q?ktN77SElKYnqkB2idwJzjfWZykQm+YvECsVsAqVZMHlE9jzImOu949GhYyXj?= =?us-ascii?Q?omO08DEihsl1ISMLEc4PVR2Fb5yG/sIEulum9sGJyZZ0nG7rKqIBx0T/tbW/?= =?us-ascii?Q?7mBQR/QlSuDLCLUyujvDp1MurONmSnteP5iVDSQwVqBPXsHk74haqKnPEyWB?= =?us-ascii?Q?+GP9uJUBYSDC98W4IDMCppXj?=
Content-Type: multipart/alternative; boundary="_000_AM0PR10MB2418D111C61B2AAE8A73C40BFED99AM0PR10MB2418EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 219f9cdc-716b-4eff-9638-08d9768040fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2021 06:32:26.6262 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uSxN8E1DEL1I3kS/IrPSxhu3wWu0wOIpZbK730VYQCQGMrgf5WyBjCoyfRw1RdonZ1PCIem6fjuymOX2uqzsW7USatyFxB1ExZX4b7fBRDY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2884
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/vA9Jg-rmdRSqrYBfXHljmWZGA7I>
Subject: Re: [Ace] I-D Action: draft-ietf-ace-cmpv2-coap-transport-02.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2021 06:32:37 -0000

Mohit, Daniel

My preference is to define the URI suffix in cmp-over-coap.
As the URI suffix is coap specific, it looks more logical to me to define it there. In CMP Updates we define the http URI suffix as update to RFC 6712 and not to RFC 4210. Finally CMP Updates only provides updates to RFC 4210 and RFC 6712. Therefore I see no good place to put the URI definition in CMP Updates.

Hendrik


Von: Ace <ace-bounces@ietf.org> Im Auftrag von Daniel Migault
Gesendet: Montag, 30. August 2021 15:04

It seems fine to me. For the IANA section I would add a note to notify the RFC editor that either we ar waiting for cmp-update to be published or that the document publishes instead the URI suffix - of course we will have to coordinate with the cmp-update co-authors.  The real situation we want to avoid is that we describe something that is not registered.

Yours,
Daniel

On Sun, Aug 29, 2021 at 9:52 PM Mohit Sahni <mohit06jan@gmail.com<mailto:mohit06jan@gmail.com>> wrote:
Hi Daniel
Thanks for the comments and sorry for taking a long time to reply.
Please find my resolutions to your comments below:
mglt1: I made the change with suggested text

mglt2:  You are correct that the motivation behind the HTTP-to-CoAP
proxy section is to make new entities using CoAP transport work with
the existing PKI entities using HTTP transport for CMP for quick
adoption. I will change the text to the suggested one.

mglt3: Originally writing the draft I was thinking to only capture the
use case of communication between EEs and RAs or EEs and CAs. The RAs
and CAs are most likely not the constraints devices so a use case of
RAs and CAs to talk among themselves over CoAP transport does not
exist and HTTP may be a better option for that purpose. I guess I can
remove that constraint from the draft.

mglt 4:
in Cmp Over HTTP transport, given that CMP has its own integrity and
privacy mechanisms, HTTP  is the default transport instead of HTTPs. I
am following the same convention.
I will remove cmp from the Iana section, looks like another draft that
was in progress with this one has added it to IANA.
operationalLabel and profileLabel are just examples, The idea is to
host multiple cmp services on these paths based on the functionality
(operational label) of the EEs (e.g. either networking devices, or
cameras or cell phones) or based on the CMP profile (set of supported
message and functionalities of the CMP protocol). I will add more
clarifications in this section.

mglt6:
I will update the section with ct attribute.

mglt7:
I will update the section with mention of the Observe option and why
we don't prefer to use it.

mglt8:
I will update that.

mglt9:
I will add additional information in the IANA section for requesting
new content type "application/pkixcmp".

For now I will skip requesting the IANA registration for cmp as its
already approved temporarily for ID [draft-ietf-lamps-cmp-updates-10]

Please let me know if this resolves your comments, I will shortly
update the next version of the draft with these resolutions. I
apologize for the delay in response.

Thanks
Mohit

On Fri, Jun 4, 2021 at 9:17 AM Daniel Migault <mglt.ietf@gmail.com<mailto:mglt.ietf@gmail.com>> wrote:
>
> Hi,
>
> I have read the document and please find some comments below. I do not see any major issues, and the most crucial point seems to proceed to the appropriate procedure to register the IANA code points.
>
> Yours,
> Daniel
>
> mglt 1
>
> Since the text specifies that the document applies to specifically CMPv2 and CMPv3. I am wondering if we should not mention that both of these versions are designated as CMP in this document. The change I am proposing is something around the lines below. I will let the co-author choose whether this is more appropriate.
>
> OLD:
> This document specifies the use of CoAP over UDP as a transport medium for the CMP version 2 [RFC4210], CMP version 3 [Certificate-Management-Protocol-Updates] and Lightweight CMP Profile [Lightweight-CMP-Profile].
>
> NEW:
> This document specifies the use of CoAP over UDP as a transport medium for the CMP version 2 [RFC4210], CMP version 3 [Certificate-Management-Protocol-Updates] - designated as CMP in this document - and Lightweight CMP Profile [Lightweight-CMP-Profile].
>
> mglt 2
>
> """
> This document also provides guidance on how to use a "CoAP-to-HTTP" proxy for a better adaptation of CoAP transport without significant changes to the existing PKI entities.
> """
>
> It is not clear to me what better adaptation means nor the potential changes associated to the existing PKI. Note that I am not native English speaker so the comment might only concern myself and you are free to ignore it. My understanding of the motivations to describe "CoAP-to-HTTP"  is to interconnect CMP over CoAP with existing CMP over HTTP infrastructure which would reduce the overhead of providing CMP over CoAP and as such favor its adoption.
>
> If that is correct, I am wondering if something around the lines could be clearer - of course, feel free to change it:
>
> This document also provides guidance on how to use a "CoAP-to-HTTP" proxy to ease adoption of CoAP transport by enabling the interconnection with existing PKI entities already providing CMP over HTTP.
>
> mglt 3
>
>
> """
> Although CoAP transport can be used for communication between Registration Authority (RA) and Certification Authority (CA) or between CAs, the scope of this document is for communication between End Entity (EE) and RA or EE and CA.  This document is applicable only when the CoAP transport is used for the CMP transactions.
> """
>
> For my knowledge, I am curious why we are making a distinction between CMP being used by an EE versus another entity. It seems to me that if the document specifies how CMP can be used over CoAP this could be used by any entity willing to use CoAP. Whether these entities are willing to use CoAP or not seems to me orthogonal to the document. The last sentence sounds strange to me. Overall I am wondering if we should not remove these lines, unless I am missing something.
>
> mglt 4
>
> """
>    coap://www.example.com/.well-known/cmp<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.example.com%2F.well-known%2Fcmp&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687493547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MUfZ1xlld4KjLHO6b8a28UFtr2YlaMCJrfq8w%2BWitsM%3D&reserved=0>
>    coap://www.example.com/.well-known/cmp/operationalLabel<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.example.com%2F.well-known%2Fcmp%2FoperationalLabel&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687493547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UEPUC6RHxHRhRxUZwaD88tXFzTgN%2FfGVfhx5sj%2Fkts0%3D&reserved=0>
>    coap://www.example.com/.well-known/cmp/profileLabel<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.example.com%2F.well-known%2Fcmp%2FprofileLabel&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687503539%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1VYJnH6bCOA%2BVxEY1ST9ouxjgLEINhxZ4yzCF%2F8OOnQ%3D&reserved=0>
>    coap://www.example.com/.well-known/cmp/profileLabel/operationalLabel<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.example.com%2F.well-known%2Fcmp%2FprofileLabel%2FoperationalLabel&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687503539%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9M%2Bl00kCjQeWQGmh381rFi5OpGtAX0jW6YBxQKlGgKM%3D&reserved=0>
> """
>
> I am wondering if coaps would not be more appropriated for the example. In addition, I see the registered name 'cmp' in the IANA section, but I would like t
> o understand if the document intends to specify operationalLabel profileLabel or if these are just provided as examples. If that is the case, I would like for my own knowledge to understand why we do not specify these additional URL schemes. ?
>
> mglt 6
>
>   """
> 2.2.  Discovery of CMP RA/CA
> """
>
> I am wondering if any should be mentioned regarding the 'ct' attribute "application/pkixcmp". My understanding is that from 7252, is that not including the 'ct' attribute means that no specific format is expected which is not the situation we are in. As a result, I am expecting the 'ct' attribute to be mentioned. I am wondering if that is worth clarifying ?
>
> mglt 7
>
> """
> 2.5.  Announcement PKIMessage
> """
>
> I understand this section as not recommending the use of Observe Option. If that is the case, It might clearer to mention the option at least as an example.
>
> mglt 8
>
> """
> 3.  Using CoAP over DTLS
> """
> I think that the reference to DTLS should be updated with draft-ietf-tls-dtls13.
>
> mglt 9
>
> """
> IANA section
> """
> The registration of the content type "application/pkixcmp" is described in 7252 section 12.3
> https://datatracker.ietf.org/doc/html/rfc7252#section-12.3<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7252%23section-12.3&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687513536%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OvLo%2BTTCC474UmUlgd3wpkJbbKXxLdjfOX6rQQhD914%3D&reserved=0>
> And it seems to me the IANA section needs to provide additional information to select the appropriate number.
>
>
> The registration of the 'cmp' needs to follow a specific process define din RFC8615 section 3.1.
> https://datatracker.ietf.org/doc/html/rfc8615#section-3.1<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8615%23section-3.1&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687513536%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UTPlj15f%2BdeZ3c5XP5s6vql3xIXlGmGL6atJd9wNYs4%3D&reserved=0>
> I am not aware this process has been initiated yet. If that is correct, please initiate it asap. It mostly consists in sending the appropriate email and tracking the response. I would recommend CCing the WG, though I am not sure that is required.
>
> On Tue, May 25, 2021 at 9:48 AM Mohit Sahni <mohit06jan@gmail.com<mailto:mohit06jan@gmail.com>> wrote:
>>
>> Hello Ace WG, I have submitted the new version of the draft based on
>> the feedback that I received during the WGLC. Please let me know if
>> any of the comments are not resolved.
>>
>> Thanks
>> Mohit
>>
>> On Tue, May 25, 2021 at 6:44 AM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:
>> >
>> >
>> > A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> > This draft is a work item of the Authentication and Authorization for Constrained Environments WG of the IETF.
>> >
>> >         Title           : CoAP Transport for Certificate Management Protocol
>> >         Authors         : Mohit Sahni
>> >                           Saurabh Tripathi
>> >         Filename        : draft-ietf-ace-cmpv2-coap-transport-02.txt
>> >         Pages           : 8
>> >         Date            : 2021-05-25
>> >
>> > Abstract:
>> >    This document specifies the use of Constrained Application Protocol
>> >    (CoAP) as a transport medium for the Certificate Management Protocol
>> >    (CMP) as mentioned in the Lightweight CMP Profile
>> >    [Lightweight-CMP-Profile].  CMP defines the interaction between
>> >    various PKI entities for the purpose of certificate creation and
>> >    management.  CoAP is an HTTP like client-server protocol used by
>> >    various constrained devices in the IoT space.
>> >
>> >
>> > The IETF datatracker status page for this draft is:
>> > https://datatracker.ietf.org/doc/draft-ietf-ace-cmpv2-coap-transport/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-ace-cmpv2-coap-transport%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687523530%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Rj%2BHX5k%2FzfW3tTU8WzNBZMLSeAzv9vlZ%2BextT6F8iI0%3D&reserved=0>
>> >
>> > There is also an htmlized version available at:
>> > https://datatracker.ietf.org/doc/html/draft-ietf-ace-cmpv2-coap-transport-02<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-ace-cmpv2-coap-transport-02&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687523530%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2QEJBe0w5bPMb7Ugp8zisvV0Q%2FC7rAnodIhBhXP3fio%3D&reserved=0>
>> >
>> > A diff from the previous version is available at:
>> > https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-cmpv2-coap-transport-02<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-ace-cmpv2-coap-transport-02&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687533524%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=NtPkrKJeSsIIdWtSjiW%2BnpGs2lbJH77q2AVZQE2dhsw%3D&reserved=0>
>> >
>> >
>> > Internet-Drafts are also available by anonymous FTP at:
>> > ftp://ftp.ietf.org/internet-drafts/<https://eur01.safelinks.protection.outlook.com/?url=ftp%3A%2F%2Fftp.ietf.org%2Finternet-drafts%2F&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687533524%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=kT0MrnUstaQYhVvX8mRsel7ONeyVUxWkQXZNeGheNg4%3D&reserved=0>
>> >
>> >
>> > _______________________________________________
>> > Ace mailing list
>> > Ace@ietf.org<mailto:Ace@ietf.org>
>> > https://www.ietf.org/mailman/listinfo/ace<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Face&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C6d5354cc5f504f8547af08d96bb6ae92%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637659255687543524%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=JI58OaskyZUHJ6Dy%2BmnyAYXj55DUHZ8m%2Fv0Qpc%2BHRlM%3D&reserved=0>
>
>
>
> --
> Daniel Migault
> Ericsson


--
Daniel Migault
Ericsson