[Ace] FW: WGLC comments draft-ietf-ace-coap-est-07
Jim Schaad <ietf@augustcellars.com> Mon, 14 January 2019 19:16 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11766131226 for <ace@ietfa.amsl.com>; Mon, 14 Jan 2019 11:16:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghZqLffFrfpW for <ace@ietfa.amsl.com>; Mon, 14 Jan 2019 11:16:44 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1163913121F for <ace@ietf.org>; Mon, 14 Jan 2019 11:16:44 -0800 (PST)
Received: from Jude (73.96.115.1) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 14 Jan 2019 11:16:37 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: ace@ietf.org
References:
In-Reply-To:
Date: Mon, 14 Jan 2019 11:16:32 -0800
Message-ID: <011501d4ac3d$ab2b9650$0182c2f0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdSrtk3M3NcfgQ45QNualt2l/rHBKAAh1EAw
X-Originating-IP: [73.96.115.1]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/xWGOZa2haWFzPNiAzTNeaTgeKRE>
Subject: [Ace] FW: WGLC comments draft-ietf-ace-coap-est-07
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2019 19:16:46 -0000
I forgot to include the working group on the to list. -----Original Message----- From: Jim Schaad <ietf@augustcellars.com> Sent: Sunday, January 13, 2019 9:51 PM To: 'draft-ietf-ace-coap-est@ietf.org' <draft-ietf-ace-coap-est@ietf.org> Subject: WGLC comments draft-ietf-ace-coap-est-07 Section 5.7 - Validate that CBOR array is the correct response type not multipart/cbor Section 6 - Based on earlier mails on the list I expected to see a short description of the purpose of "ArbitraryLabel". Section 6 - The fact that there are multiple ways to get the things and they might not be in the same location. Some guidance for an application on how to decide which method should be used and the choice of an ArbitraryLabel to use would be very helpful. At present I would guess that I would send a request to the well known address, if that does not work then do a discovery but it might be easier to just do the discovery to begin with and not worry about the well-known address. That is one would only do discovery if one was hitting up a resource directory and not the actual machine. On the other hand if things are rooted at /est rather than in well-known it would lead to shorter requests which once one starts doing block wise would be good. Section 7 - I would like to see some discussion of using a tls-exporter rather than tls-unique for this protocol. I am not sure what the required changes would be. I have seen notes that tls-unique is broken for TLS 1.2. Section 7 - I think it makes sense to say that after a successful enrollment the (D)TLS link MUST be torn down and the new certificate used to do authentication in the future. Section 11.1 - When changing from the implicit trust anchor to explicit trust anchors, do you expect that the est server that you are going to be talking to is generally going to change? I think that it should probably be recommended that the DTLS connection NOT be persistent across a change in the trust anchors if they are different. Nits: Section 2 para 1: I would suggest that the last sentence should read along the lines of "EST is defined to transport messages over HTTPS." Section 3 para 2: The phrase 'taken over from' is a bit odd sounding English. They could be 'taken from' or 'imported from'. 'taken over' tends to indicate that you are changing them in some way. (example use - he took over the country). Section 5.5 - SAN needs to be expanded on first use. Section 6 - Please verify that quotes on the content type when multiple values are presented are not needed. Section 8 - This sentence "The EST server can exist outside the constrained network that supports TLS/HTTP." Does not say what I think you meant to say. It is unclear if the constrained network is what supports TLS/HTTP. Section 10.1 - s/registered temporarily/registered provisionally/ s/looke/look/ Examples: * Section A.1 I don't know what the meaning of Max-Age would be for a GET request. You may want to remove this just to avoid confusion. * Section A.2 - I am unclear about the Content-Format note in this example. If you are asking for a specific content then the correct option would be Accept. If you are indicating the content type of the response then you should probably put a header line in to that effect. Jim
- [Ace] FW: WGLC comments draft-ietf-ace-coap-est-07 Jim Schaad
- Re: [Ace] WGLC comments draft-ietf-ace-coap-est-07 Jim Schaad
- Re: [Ace] WGLC comments draft-ietf-ace-coap-est-07 Michael Richardson
- Re: [Ace] WGLC comments draft-ietf-ace-coap-est-07 Michael Richardson
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Panos Kampanakis (pkampana)
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Michael Richardson
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Jim Schaad
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Esko Dijk
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Jim Schaad
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Jim Schaad
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Panos Kampanakis (pkampana)
- Re: [Ace] FW: WGLC comments draft-ietf-ace-coap-e… Jim Schaad