Re: [Anima] Cross-WGs WGLC (second) on draft-ietf-anima-voucher-04 - Respond by Aug 08, 2017

peter van der Stok <stokcons@xs4all.nl> Tue, 01 August 2017 10:48 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31326132CF3; Tue, 1 Aug 2017 03:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yb7cO65eUrjt; Tue, 1 Aug 2017 03:48:05 -0700 (PDT)
Received: from lb3-smtp-cloud8.xs4all.net (lb3-smtp-cloud8.xs4all.net [194.109.24.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE84132064; Tue, 1 Aug 2017 03:48:03 -0700 (PDT)
Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:205]) by smtp-cloud8.xs4all.net with ESMTPA id cUiWdOLY5Qs3acUiWdTur7; Tue, 01 Aug 2017 12:48:02 +0200
Received: from 2001:983:a264:1:e02d:215:e37:a526 by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Tue, 01 Aug 2017 12:48:00 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 01 Aug 2017 12:48:00 +0200
From: peter van der Stok <stokcons@xs4all.nl>
To: Sheng Jiang <jiangsheng@huawei.com>
Cc: 6tisch@ietf.org, netconf@ietf.org, anima-chairs@ietf.org, anima@ietf.org
Organization: vanderstok consultancy
Reply-To: consultancy@vanderstok.org
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B927CE3D826@NKGEML515-MBX.china.huawei.com>
References: <5D36713D8A4E7348A7E10DF7437A4B927CE3D826@NKGEML515-MBX.china.huawei.com>
Message-ID: <76229c58f5d60d3a0c185c6645ba4355@xs4all.nl>
X-Sender: stokcons@xs4all.nl
User-Agent: XS4ALL Webmail
X-CMAE-Envelope: MS4wfBocXnfmrunqhWmJuSA5f25kfkgY+sNieHNwxtC0lfEWhjta0wohLS6No42V/TrN932K/oDYWuY/cEIZKr/KNe2hmZTojlWN96zh4oFZtgPZYTk//9Zd PppD7T/njVxEO97CdfJ+cEhKIUrfePQe4cNT37XL1MxulGwVKYAFSIw6iOfUx47NNyq3jskAWSHzubGQDNHNFB+bxh5PAVoj9F/A4tosljqm14e7OD1ljUlz Xv1F5EPx2mXqEkTXMxynCPWFVYcKOkZTfOS4YD2wbngGY1L04BQ3CLW4LRaZa1a+sdvdMQmk8ejHhDVzID66jQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/BgTOHbYfINV0frU7yf5ozEoTfjo>
Subject: Re: [Anima] Cross-WGs WGLC (second) on draft-ietf-anima-voucher-04 - Respond by Aug 08, 2017
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 10:48:07 -0000

Hi all,

I read this document, and find it well written and understandable.
I do have some remarks about the content and several editing remarks.

Content remarks:

section 6, leaf prior-signed-voucher, at the end:
The MASA SHOULD remove all "prior-signed-voucher".
I would encourage a "MUST" instead of a "SHOULD" when thinking of 
transporting vouchers over constrained networks.

section 6.3: leaf idevid-issuer, description, paragraph 2,
"populated for serial numbers that are not otherwise unique" to be 
replaced by
"populated when serial numbers are not unique".
My proposed text is less selective, and consequently less error prone.

Can a discussion section about "manufacturer additions" be added. 
Pointing out the consequences for interoperability when using "Augment" 
to add manufacturer specifics can be helpful.

Editing remarks:

Introduction, first phrase: pledge -> candidate device (pledge)

page 3, PKCS#7 add RFC2315 reference, and may be add RFC7154 as JSON 
reference.

Section 2; mention terminology from RFC7950

page 4 line 5; "process. i Typically" remove the "i"

page 4, Voucher: add: that "acknowledges ownership of the pledge and" 
indicates...

page 5 Authentication of: First appearances of PKIX, DNS-ID, and CN-ID 
abbreviations.

page 5, add (MiTM) after Man-in-The-Middle.

page 6 table: Voucher name -> Voucher type

Nonceless Audit Voucher: "to support network partitions" -> "to 
withstand network partitions"

Owenership audit Voucher: "Voucher's" -> "Vouchers", and remove "an 
ideal" otherwise explain what that means and why it is true.

Add type in:
Ownership ID voucher "type" is named
Bearer Voucher "type" is named

section 6
"The voucher is signing structure that" -> "The voucher signing 
structure"

section 6, paragraph 6, all "of" the certificate, remove "of"

section 6 page 7 below, First appearance of CA and JWS abbreviations

section 6.1 (see section 4) add "see"

section 6.3 page 10, module description: "securely assign one or more 
pledges to an 'owner'" seems to contradict section 7.2 voucher per 
pledge

section 7.1 last line: "there is a delay" is that delay between creation 
and consumption and when is the delay unacceptable? the text is (on 
purpose?) vague.

section 8.1 first paragraph: "no understandING of time", add "ing"
section 8.1 paragraph 2: ephermal -> ephemeral

section 8.2 compromized -> compromised?

Hope this helps

peter