[Anima] draft-ietf-anima-jws-voucher-12, AW: I-D Action: draft-ietf-anima-jws-voucher-11, WAS AW: AD review of draft-ietf-anima-jws-voucher-10

"Werner, Thomas" <thomas-werner@siemens.com> Thu, 12 September 2024 09:13 UTC

Return-Path: <thomas-werner@siemens.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3123CC16940D; Thu, 12 Sep 2024 02:13:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nz0-YzM_FrRr; Thu, 12 Sep 2024 02:13:05 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2078.outbound.protection.outlook.com [40.107.20.78]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27C42C18DBBA; Thu, 12 Sep 2024 02:13:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JXfbt0TqZqsjGbej+CSfu7PPPgre/dhBRGeLOfnLpFTdia3sQfNRUGA3826xuVi7obE7IpgJBq2+ppYrcIRRtZW9pI39cSC9PojkvWU8F3Kernn+jVQigT8CPVFt7YNjIoIjha7PdvtlDR6PKynlVsIgQsHqhyiOJEQo1NNYgbTKnH78qe3roBz4+9y7eaxqrdHII0X/5QjGrQ+6hPxtGZco5ikJ/2U8+vQhmo55jk6/bzJh5vz3QUc2ZEE/bUbCqlnrsm+LuNxXc/k74j7PnovSKJH97Bb3rezX1Io1lXrCv6vlqinDHUAqGD0hBBGbhSnyZ8FVliIDoTqz9wpyww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/cysTJWodz8HKIZaZGYKBj3UJsevSX6zOYiY7fSGFTE=; b=mqCgyIdM0gPybmbiSW5S15dNDKDbi3hC4IVPHEZkWwazaAyBJ4rZKoNzmWdbKgvHnofLVfCIzxnla/KVZvIA5hYb2QWfHaT7UucdHwgLq20X7S/2IEBByc6hDf7Cc5mb8d50CkyGUsECpbADUqOrvv8oTymmrNhKDwKaLjqUP8HhXQW52zf3dwIgTbTScgY5LR33oO+5FBu/+UiVvnRtSEfea1rzw55UZSAk1naUmHudmP4NukZmEOLLrJfHnZ5e281khRExTbd63bXbAtOLk/7js2kPBB1s06/8YD1GvAs0N7VD58RBQsmQlaeJensQQpYHBmxt15T8MWcf/ud4hQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/cysTJWodz8HKIZaZGYKBj3UJsevSX6zOYiY7fSGFTE=; b=U2cVB3BQne/YlFE3htJjlQPxwI6sjjc8k0sdBhNSXzOXAkNg7ESxRorzt8MCDfLurWfzzKS0PXRmzyPA7tQYHwFSi3PlRE9A9NMLNZIqz5CJ8g2nbAL6emnjDqWOcfNv2t6YhFjBW0BXlRgHEdIy7DlqTrZ8F9pT3IbGvRwAUVNBQ3HTeaU7jvKz6uSKNMWiYCf9ww2lXxMEUulhSxUrz629kBZiaaWMMBukcaNgtx3V1TVucfgg1O0GNaa61VtxfRL7UGpUCEwnOuM+F3DSrIZng0bX1rlLv02zYW+Sw15Rq8zZ2U2mdcZy09tyS8ntrjkoZmh59vvumEXcjFWLTQ==
Received: from PAXPR10MB5357.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:28b::13) by AM7PR10MB3207.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:104::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 09:12:56 +0000
Received: from PAXPR10MB5357.EURPRD10.PROD.OUTLOOK.COM ([fe80::ccaf:5dba:ab0d:8fd9]) by PAXPR10MB5357.EURPRD10.PROD.OUTLOOK.COM ([fe80::ccaf:5dba:ab0d:8fd9%4]) with mapi id 15.20.7939.022; Thu, 12 Sep 2024 09:12:56 +0000
From: "Werner, Thomas" <thomas-werner@siemens.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
Thread-Topic: draft-ietf-anima-jws-voucher-12, AW: [Anima] I-D Action: draft-ietf-anima-jws-voucher-11, WAS AW: AD review of draft-ietf-anima-jws-voucher-10
Thread-Index: AQHa+NLvTdF3hdOuhE21AIbeXpqk+bJRP/VggABiQICAAlMQJQ==
Date: Thu, 12 Sep 2024 09:12:56 +0000
Message-ID: <PAXPR10MB5357EA77E654B41B0CFBA879E7642@PAXPR10MB5357.EURPRD10.PROD.OUTLOOK.COM>
References: <8D26525D-BEE5-427C-ABA4-5F4B5A1021D1@gmail.com> <DB9PR10MB5355C1EF037EFFEFB7CD9F72E79A2@DB9PR10MB5355.EURPRD10.PROD.OUTLOOK.COM> <8F88B625-1B40-401D-A3A9-FBBF85269AEA@gmail.com>
In-Reply-To: <8F88B625-1B40-401D-A3A9-FBBF85269AEA@gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=True;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-09-12T09:09:23.0383807Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAXPR10MB5357:EE_|AM7PR10MB3207:EE_
x-ms-office365-filtering-correlation-id: eb6cd841-8ebf-4d89-b5da-08dcd30b16dd
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|4022899009|376014|38070700018;
x-microsoft-antispam-message-info: lIhZaWqh01x1viPvwaVaiDGwzUGV/qD2Dl3RXq9qJddiOzNtTwb2xkEoBFD2dZSTy3hgYU5DFly4WL4VoF0Em4H33GYFeGrgKVwKcLRCqoTQMjOLwdC0XAr5xSBTVY/pQOaPNFNc95pHYecBkvj7cwbCgwV1m29WLIsdgZ1TibBXfLLYM0Xjz5TC3j2nr5KtfiWCHcll7nv0ADRRLhFImzS5CclcVX3dJb1jFdazWa6mhUMMbyKAmCHGJHCjcs7YAW9UEe+m5mL3aVkVjGVCFUIPxH86/AtJsM1BdE09gl3S45b1fgiB6cuuxogHUly6R1fKCK6PcBisA8L6sQ2dl82+ayGfF/94No6HL5g2W52xMdbuVVYY9KAo6sYvYgB7oQfccSF8VD/kaQHOuA++7Gz3gFXT5XmUM6DyljGQI/OTgoMb6UiRF1Bmgp1jVzUpu+SUUepNBT+Jk0T330fjfF9EQV1rexb40bUU8izY3k24a3th9VNW2ZDFERcDzfVgKzF/42tdHxq2QKmcLwVcEkTj7TJ/eV4/NOELi92xFaKeHnJ7jYOSlvRu2Gwby/iVIe2heM9k72Gn6mbkUEkaBbeWRICFCWNhQdSL/VwIrXTU9hLgRpwIGSo1+upScKqEg9+gwpG0O9g2CKXeoAdszN2K5+zR51P7+gfEq61wyLCgzaV3NzMQ/kMatZ487NRQ39c/JC9+cwJH4OtwwlRVK689VUbyUONdzHbnFwvKYp48HLKp5ZFV0UJVOfPl5yoTA09ZJsngpYMn0eG8V39Qy+JD4og14vl60WpFX4tBZuY5mnOgRozRmZMovw3iudl+gXV3Bb3EcQRdCA1QxEYV6CD5Eg6A+Spu72ibYx8b9HdIa1KHzV78koXOP2v2Rl+VKak39z+Fxyi2w+1LwHQmzwn8hqb9YrLlFFUO1OHlPVyERpiwLuIDECjxV4HF6hkDRICUzyaYIGcBOsOvgwdXnyHI917DckYSYTGPkZmQ/xdxOgiBZm7Z/uU/P5pJyecWkASQTci2CgT5IRftPWBkqA7phZePs+55bJWyyU8iMA5KGeZusU421LKIDdXhPqf7zZ2vDEuKQPZe6EU6utof2dRkE5Vh6pQUZ9hwMSuCfWq2Fymb2x+9EZsLUMYsoJhDwRstPg2VyUapraDyrcRi1Q+2cgEUtuSicWbDE1cz+4dKKBqk6yd40MqwFcn0uf3aztLgTLdKJUL5Dlj4aySnj+wnZybFkrJT+XM+UDnsC6ljuWiGGQIieSZHSXG/4/sMCGgZ7aEsaQmxQe6xf1JALEbCiwvfeOaxa3Utq59GzVbnQcsb2Ms0KF/Bekfph+3nGsZtYVaaez/roEbD7amI960BkdCuxkpIcgz7Vn2oA8Y=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR10MB5357.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(4022899009)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xAdc+8ugqNj37daq9uY5rZ5KXUJQ2Wh2qONrif187iXyXEx5xJmKJJwcW9SeqmR1d19JzdnuIlJ5+BIMYTmXr2M27gzuuNnUx7g9U/8b9AL10gaZIoqioo33yixgF9CaZFo7+o+/rLokNmNNPkkxnyakcKcvw7aPvNHU3XoR3bmdPBIJX+kTH/TDWsQe9GfCgcXJxU72DkjzgRe7GpLNpsabl/i8l8pN0L4nHqFe1icS3KXR8srzMYi75SC1dtZhfIjt4mqBVP6wp+uW0jD3uYBUTMPUzWlok0nsT7xQgKBUwYa7L4zg13VixVTIxmPi1Fm0fMF9eiJtzeJdoTkBagXA1lb8pIb9CQy4N0FPt06190l8klkZ/vvc6SLDFqluQgNxuzH8vuEE7M4EDnbtTId39leHZLdTn1j8IHqcfLiw7vOFYfXhjAtcW1w5X4/eiIqEppxKLn/4+TT2ss3hl37O14jxOcf2HxXsRqqSWsDS1z0zHhsmRqP2xwgtSroAdD/ddgqs494r6BZbNU2BJLJFht2f4b+GuqayoVK/InPU2Mb9B/HCuwIVH+vVDGj3Ealu3xOorx4z/Lt8hFsDvXaf3SJ9rusTTr4xK0QOffR+d7Uiuo2IsfgOjoJiDb3OC1+UPCHLgjuUoloNPpcCmerXhIR+Dg+fyAQNSx9EaXXMS/bp+Q/kfgH3VXvu+chbIizhjY3NIq/z2QAjpdZrKHvCuet0oKT44WBlpJegRm5SMgImeL2GFvfZB7MtABYBxXzusN/TBf0pW4akuPG9m9aemS3ofQvMk3+7QzyKTPenIzjofUJBiBBPCgKWneZ2Qlu5e01rsLaIKzMKVVLytBGz9i/LCBwQ1CkdvkV9BUyr7WQLQbI7VPTb0sSbOUf19rgTngWEoDn0ReKzkFD0GQz9cEJCvxpdzIwXuUhhHdlUNZq/GrejR+UUgwHSsYy1vFKYmKAEu7zn7/LLDpfpqebyqc65WxMs6JavbTMl5uRaAASL0+UHUgvk85VFFeX+PweFBlOhQ2RRQJ8gHkl05GadrGNVECZkJRxCl5gVrCRxbxQkz3LqF5sfc4UMmLFoN7urU3VcuFNvABko4J0bMtVTFoQ+q0Rk+KkBWhKcLm4eV4ODgnboQdpUM97UPq34poYnT8PxhepapRggF8Te6Zk7iRq2hWNeyuosbfe4ZEMyCY+OaEZ578QYJgDPWET8bE4pSt9avMcEQKlJV6o9d6jSnfHXgyT025E66P9Z+FA6kH8CTEv9m9bIwYkYsKUbdTOUdJQDTvsjBihkksdnbofexcYzsenSbLkzFryZaL71iQgHoTsOjy0PmH1L2bnpcA+s8HaqhTPdvLvXKSFXXNq0DJ9D6OOXqjHvTpPYgGRt8fK66nb801xtiASiCYVhAZPMH0lu9c5pwgidlURbkFTzrRSVNQmP51jztUaSqAQw9yIa1+H5fCYbLHtXH8PeFcFZY/Hcb9o1j2lAT7nzHjJY6HagxOV9L57E0NjeZKocpGJ7lTC6POPcfAu4KoP6RQWX7tq64wJ8XtrCSdcNbVasSwjoIR8p4i7DMusm70TgBqN4T+IopeVDoXHi+RpZepjzA9Tdza+0R8xGjvw0hGuLMCTf3AWfWRwsv/3eO8A=
Content-Type: multipart/alternative; boundary="_000_PAXPR10MB5357EA77E654B41B0CFBA879E7642PAXPR10MB5357EURP_"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR10MB5357.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: eb6cd841-8ebf-4d89-b5da-08dcd30b16dd
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Sep 2024 09:12:56.1094 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gb7T+uorxH3sUMc/f6d+r63e3tH76cM1ECuCSK85eW/YkWrLzBO01SU5AHuD2/WeUC2V7yAMpPL2HVqHlqrraxv2fgOED4W9eq9bgKL9fS4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3207
Message-ID-Hash: R7E3XXZZVU4GOTBZYNESKUCMGRB3BNYN
X-Message-ID-Hash: R7E3XXZZVU4GOTBZYNESKUCMGRB3BNYN
X-MailFrom: thomas-werner@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-anima.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-anima-jws-voucher@ietf.org" <draft-ietf-anima-jws-voucher@ietf.org>, "anima-chairs@ietf.org" <anima-chairs@ietf.org>, "anima@ietf.org" <anima@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Anima] draft-ietf-anima-jws-voucher-12, AW: I-D Action: draft-ietf-anima-jws-voucher-11, WAS AW: AD review of draft-ietf-anima-jws-voucher-10
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/7uG7LgoB1o-BGvfSaZIavi2DpFU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Owner: <mailto:anima-owner@ietf.org>
List-Post: <mailto:anima@ietf.org>
List-Subscribe: <mailto:anima-join@ietf.org>
List-Unsubscribe: <mailto:anima-leave@ietf.org>

Thanks Mahesh!
Just uploaded: draft-ietf-anima-jws-voucher-12, this should solve the remaining comments.

Best regards
Thomas



[Anima] I-D Action: draft-ietf-anima-jws-voucher-12.txt
internet-drafts@ietf.org Thu, 12 September 2024 09:01 UTCShow header<https://mailarchive.ietf.org/arch/browse/anima/>
Internet-Draft draft-ietf-anima-jws-voucher-12.txt is now available. It is a
work item of the Autonomic Networking Integrated Model and Approach (ANIMA) WG
of the IETF.

   Title:   JWS signed Voucher Artifacts for Bootstrapping Protocols
   Authors: Thomas Werner
            Michael Richardson
   Name:    draft-ietf-anima-jws-voucher-12.txt
   Pages:   16
   Dates:   2024-09-12

Abstract:

   I-D.ietf-anima-rfc8366bis defines a digital artifact called voucher
   as a YANG-defined JSON document that is signed using a Cryptographic
   Message Syntax (CMS) structure.  This document introduces a variant
   of the voucher artifact in which CMS is replaced by the JSON Object
   Signing and Encryption (JOSE) mechanism described in RFC7515 to
   support deployments in which JOSE is preferred over CMS.

   In addition to explaining how the format is created, the
   "application/voucher-jws+json" media type is registered and examples
   are provided.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-anima-jws-voucher/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-anima-jws-voucher-12.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-jws-voucher-12

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts



  *   [Anima] I-D Action: draft-ietf-anima-jws-voucher-…<https://mailarchive.ietf.org/arch/msg/anima/hyWJKgNgwE9JpHOWs5we83SpS0g/>  internet-drafts



Von: Mahesh Jethanandani <mjethanandani@gmail.com>
Datum: Dienstag, 10. September 2024 um 23:39
An: Werner, Thomas (T CST SEA-DE) <thomas-werner@siemens.com>
Cc: draft-ietf-anima-jws-voucher@ietf.org <draft-ietf-anima-jws-voucher@ietf.org>, anima-chairs@ietf.org <anima-chairs@ietf.org>, anima@ietf.org <anima@ietf.org>
Betreff: Re: [Anima] I-D Action: draft-ietf-anima-jws-voucher-11, WAS AW: AD review of draft-ietf-anima-jws-voucher-10
Hi Thomas,

Thanks for addressing most of the comments. Here are just a couple more.

Pledge Voucher Request (PVR) vs Pledge-Voucher-Request (PVR)?

Did you run idnits on the document, or look for the result of idnits during submission. You would have noticed that [I-D.draft-ietf-anima-constrained-voucher] does not resolve. It should be [I-D.ietf-anima-constrained-voucher] (no need to have the word draft).

Thanks.


On Sep 10, 2024, at 8:52 AM, Werner, Thomas <thomas-werner@siemens.com<mailto:thomas-werner@siemens.com>> wrote:

Hello Mahesh, all,

FYI … just uploaded new version  [Anima] I-D Action: draft-ietf-anima-jws-voucher-11
Including the feedback provided by AD review.

Thanks and regards
Thomas

Von: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
Datum: Dienstag, 10. September 2024 um 17:37
An: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org> i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
Cc: anima@ietf.org<mailto:anima@ietf.org> anima@ietf.org<mailto:anima@ietf.org>
Betreff: [Anima] I-D Action: draft-ietf-anima-jws-voucher-11.txt
Internet-Draft draft-ietf-anima-jws-voucher-11.txt is now available. It is a
work item of the Autonomic Networking Integrated Model and Approach (ANIMA) WG
of the IETF.

   Title:   JWS signed Voucher Artifacts for Bootstrapping Protocols
   Authors: Thomas Werner
            Michael Richardson
   Name:    draft-ietf-anima-jws-voucher-11.txt
   Pages:   16
   Dates:   2024-09-10

Abstract:

   I-D.draft-ietf-anima-rfc8366bis defines a digital artifact called
   voucher as a YANG-defined JSON document that is signed using a
   Cryptographic Message Syntax (CMS) structure.  This document
   introduces a variant of the voucher artifact in which CMS is replaced
   by the JSON Object Signing and Encryption (JOSE) mechanism described
   in RFC7515 to support deployments in which JOSE is preferred over
   CMS.

   In addition to explaining how the format is created, the
   "application/voucher-jws+json" media type is registered and examples
   are provided.

The IETF datatracker status page for this Internet-Draft is:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-anima-jws-voucher%2F&data=05%7C02%7Cthomas-werner%40siemens.com%7C2342b573a20b436d0f1a08dcd1ae8844%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638615794761412298%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2FpAL7JxZq3yD9YH6NDlDrDF7msBCsKURh9i635aA1j4%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-anima-jws-voucher/>

There is also an HTML version available at:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-anima-jws-voucher-11.html&data=05%7C02%7Cthomas-werner%40siemens.com%7C2342b573a20b436d0f1a08dcd1ae8844%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638615794761421749%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=6Ho84ccv29TGVCzFa%2Foo3o7e4%2BhhXT95lrl9OpFJRN8%3D&reserved=0<https://www.ietf.org/archive/id/draft-ietf-anima-jws-voucher-11.html>

A diff from the previous version is available at:
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-anima-jws-voucher-11&data=05%7C02%7Cthomas-werner%40siemens.com%7C2342b573a20b436d0f1a08dcd1ae8844%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C638615794761428407%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=c3ZNIWKrpycHQKrVTjSsyCsZS8HeeXkfL%2B13hCpUoL8%3D&reserved=0<https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-jws-voucher-11>

Internet-Drafts are also available by rsync at:
rsync.ietf.org<http://rsync.ietf.org/>::internet-drafts


_______________________________________________
Anima mailing list -- anima@ietf.org<mailto:anima@ietf.org>
To unsubscribe send an email to anima-leave@ietf.org<mailto:anima-leave@ietf.org>





Von: Mahesh Jethanandani <mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>>
Datum: Mittwoch, 28. August 2024 um 00:46
An: draft-ietf-anima-jws-voucher@ietf.org<mailto:draft-ietf-anima-jws-voucher@ietf.org> <draft-ietf-anima-jws-voucher@ietf.org<mailto:draft-ietf-anima-jws-voucher@ietf.org>>
Cc: anima-chairs@ietf.org<mailto:anima-chairs@ietf.org> <anima-chairs@ietf.org<mailto:anima-chairs@ietf.org>>, anima@ietf.org<mailto:anima@ietf.org> <anima@ietf.org<mailto:anima@ietf.org>>
Betreff: AD review of draft-ietf-anima-jws-voucher-10
Back in February I had provided comments as an individual contributor. Thanks for addressing them.

This is my AD comments that are divided between COMMENTs and NITs. I hope to see responses to the COMMENTs. while NITs are there FYI.


-------------------------------------------------------------------------------
COMMENT
———————————————————————————————————————

This document updates RFC8366, but does not seem to include explanatory text
about this in the abstract.

"Abstract", paragraph 0
>    [I-D.draft-ietf-anima-rfc8366bis] defines a digital artifact called
>    voucher as a YANG-defined JSON document that is signed using a
>    Cryptographic Message Syntax (CMS) structure.  This document
>    introduces a variant of the voucher artifact in which CMS is replaced
>    by the JSON Object Signing and Encryption (JOSE) mechanism described
>    in RFC7515 to support deployments in which JOSE is preferred over
>    CMS.

An Abstract cannot have a reference. Please change the reference to I-D.draft-ietf-anima-rfc8366bis to plain text.

Section 2, paragraph 5
>    Voucher:  A short form for voucher artifact and refers to the signed
>       statement from the MASA service that indicates to a pledge the
>       cryptographic identity of the domain it should trust, per
>       [I-D.draft-ietf-anima-rfc8366bis].

Please add definition and expansion on first use of terms such as MASA. Also you need to define Pledge (with a capital P), or point to a definition in another document. Avoid mixing capitalization between Pledge and pledge.

Section 3, paragraph 6
>    A "JWS JSON Serialization Overview" is given in Section 3.2 of
>    [RFC7515] and more details on the JWS serializations in Section 7 of
>    [RFC7515].  This document makes use of the "General JWS JSON
>    Serialization Syntax" of [RFC7515] to support multiple signatures, as
>    already supported by [RFC8366] for CMS-signed vouchers.

Since the document mentions two forms of serialization, it would help to understand the choice. Was the choice of "General JWS JSON Serialization Syntax" to support multiple signatures? Why was the "JWS Compact Serialization" not chosen?

Section 4, paragraph 2
>    This request occurs via HTTP-over-TLS, however, for the Pledge-to-
>    Registrar TLS connection, the Pledge is provisionally accepting the
>    Registrar server certificate.  Hence it is subject to disclosure by a
>    Dolev-Yao attacker (a "malicious messenger") [ON-PATH], as explained
>    in Section 10.2 of [BRSKI].

The first sentence does not parse for me. Can it be reworded?

Found terminology that should be reviewed for inclusivity; see
https://www.rfc-editor.org/part2/#inclusive_language for background and more
guidance:

 * Term "he"; alternatives might be "they", "them", "their"

-------------------------------------------------------------------------------
NIT
-------------------------------------------------------------------------------

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool) so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Section 1, paragraph 2
>    This document provides cryptographic signing of the JSON voucher data
>    in form of JSON Web Signature (JWS) [RFC7515] and the media type
>    "application/voucher-jws+json".  The encoding specified in this
>    document is used by [I-D.ietf-anima-brski-prm] and may be more handy
>    for use cases already using Javascript Object Signing and Encryption
>    (JOSE).  This document should be considered as enhancement of
>    [I-D.draft-ietf-anima-rfc8366bis],
>    as it provides a new voucher form with media type "application/
>    voucher-jws+json" and the related serialization.  It does not extend
>    the YANG definition of [I-D.draft-ietf-anima-rfc8366bis].

I continue to see inconsistent use of capitalization for terms defined or used in this document. E.g. JSON voucher data, and JSON Voucher Data.

Section 3.2, paragraph 0
>    The JSON Voucher Data is an unsigned JSON document [RFC8259] that
>    conforms with the data model described by the ietf-voucher YANG
>    module [RFC7950] defined in Section 5.3 of
>    [I-D.draft-ietf-anima-rfc8366bis] and is encoded using the rules
>    defined in [RFC7951].  The following figure provides an example of
>    JSON Voucher Data:

Please correct the reference to the Section number in I-D.draft-ietf-anima-rfc8366bis. It should be 7.3.

Section 3.3, paragraph 3
>    To validate voucher signatures all certificates of the certificate
>    chain are required up to the trust anchor, Note, to establish trust
>    the trust anchor SHOULD be provided out-of-band upfront.  This is
>    consistent with Section 5.5.2 of [BRSKI].

s/to the trust anchor, Note,/to the trust anchor. Note,/

Document references draft-ietf-anima-rfc8366bis-11, but -12 is the latest
available revision.

Document references draft-ietf-anima-brski-prm-12, but -15 is the latest
available revision.

Document references draft-ietf-anima-constrained-voucher-24, but -25 is the
latest available revision.

Paragraph 4
>  type is registered and examples are provided. Status of This Memo This Inte
>                                  ^^^^^^^^^^^^
You have used the passive voice repeatedly in nearby sentences. To make your
writing clearer and easier to read, consider using active voice.

Section 2, paragraph 3
> on first use of terms such as MASA. Also you need to define Pledge (with a c
>                                     ^^^^
A comma may be missing after the conjunctive/linking adverb "Also".

Section 3.1, paragraph 6
>  JSON [RFC8259] optionally allows to escape these with backslashes ('\'). Hen
>                                   ^^^^^^^^^
Did you mean "escaping"? Or maybe you should add a pronoun? In active voice,
"allow" + "to" takes an object, usually a pronoun.

Section 3.3, paragraph 3
>  the Registrar server certificate. Hence it is subject to disclosure by a Do
>                                    ^^^^^
A comma may be missing after the conjunctive/linking adverb "Hence".

Mahesh Jethanandani
mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>


Mahesh Jethanandani
mjethanandani@gmail.com<mailto:mjethanandani@gmail.com>