Re: [core] [Ace] CoAP-EAP draft

Dan Garcia Carrillo <garciadan@uniovi.es> Fri, 03 September 2021 19:23 UTC

Return-Path: <garciadan@uniovi.es>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DC823A2A50; Fri, 3 Sep 2021 12:23:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-fvEB7vfvDw; Fri, 3 Sep 2021 12:23:43 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70059.outbound.protection.outlook.com [40.107.7.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E0DD3A2A4C; Fri, 3 Sep 2021 12:23:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BXk2e6dF3E2HqnFy0JQeOcxgv6t/lmBSVG1BB0WTbyLI4DN/8Myy16pcxbC4TEsxd6Q+0aghWQER3hhg1lPH1z5M0xP0tf81YlTpN2EJiDP9O6VCvrUrOspdycr+V/0NbGJQmxPo3owK8iJHCQ+lT3SNu+jBgwP7gUNpwd2V4HyL7zvmeUrqmcui0Kr66o7njFzLnJ2NrAhStSG0ZuPCqQpY2qNP4Kns+LKJgXyJHZyBXbxCtxLfPG6sxcqvLaGJe8n7xCfQp31jIBX6gkCXngy2mbDkWenQkuzb/Tvy095i2hc5vO+Eb55Juo4g2/3JitqDace3s7IlTrNYNx69Vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=I1lo7m4V4lZ4+Z1zY98LJTMAioD21XNUq3w5SQDhidU=; b=gH5agNsd7osZrBpQmsMf/UthNVitACT/PAp7VaJ8vjVOmddvcZc2OaTHYsmkLPF2KQEmQw8YiRED6ddGRSX0H/NAqjzkQJk2lr23Ihv4Yxo1xmoA4KTRkPCrvFKwLOntqi39MRiaCUNHQMk4Q15nQd+zFKLoXKNyV2tRgcB28bcpLZl21mBaYWD55t/1KYPjhjZSwFn/JYbFMTVepg+/kaOaBzk3cEKp13DuqhYhPWIJyJCLf9Qka5aM6OEHnfleybOwP7LKjQUBCTxeHZMuLUm9/5HitnTFAO/FHG287K2EDvRWDwiOdnY3pb0ksfJlE94EgAY3wXvxJIqstDvPsA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I1lo7m4V4lZ4+Z1zY98LJTMAioD21XNUq3w5SQDhidU=; b=QCp2iLtSo12bez8gNBZkH6MkpXH1RSCII9vXOx5AYPv9Tabk1cylJR9J3dmMO8C0dGK3ogvhoodTztBblZbvYP9t4q/T15BKsKfdWFN/ImlHEXWPCGoM1Qr7ofk27fgYnqdUj9sfwEXD35fXFZN15UffZpntaDNQAgP7uDHKGIU=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=uniovi.es;
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9) by DBAPR08MB5704.eurprd08.prod.outlook.com (2603:10a6:10:1a1::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.21; Fri, 3 Sep 2021 19:23:38 +0000
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::70e4:c7c8:b279:2395]) by DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::70e4:c7c8:b279:2395%8]) with mapi id 15.20.4478.022; Fri, 3 Sep 2021 19:23:38 +0000
Cc: garciadan@uniovi.es, EMU WG <emu@ietf.org>, "ace@ietf.org" <ace@ietf.org>, Rafa Marin-Lopez <rafa@um.es>, core@ietf.org
To: Christian Amsüss <christian@amsuess.com>
References: <0cfd2df3-9264-b6fd-e58b-a93a7d8fda5f@uniovi.es> <A4C71152-DA98-47B1-9BFC-136F59CAB68A@amsuess.com>
From: Dan Garcia Carrillo <garciadan@uniovi.es>
Message-ID: <c9cdb216-59a7-b06a-7cd0-9386e7b6f9ae@uniovi.es>
Date: Fri, 03 Sep 2021 21:23:33 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
In-Reply-To: <A4C71152-DA98-47B1-9BFC-136F59CAB68A@amsuess.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-ClientProxiedBy: LO2P265CA0022.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:62::34) To DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from DansMacBookPro.local (212.102.48.73) by LO2P265CA0022.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:62::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19 via Frontend Transport; Fri, 3 Sep 2021 19:23:36 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8eff5d37-32bc-4c2a-6a2e-08d96f10548b
X-MS-TrafficTypeDiagnostic: DBAPR08MB5704:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <DBAPR08MB5704188A4B7031B0F07EF151B4CF9@DBAPR08MB5704.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fYrj/mgApcZZyRrabeML3tJY3Tx1gYzmOxN3Rzh++NrGSDaUF3DP7ytAChrLk4vqQTKrYvYRPCPU5GtyxLx2xhylfp2ZqBTot9y85oMz8uYKJWqPx2WZCX8LBVV5qRRVuvEFv7jTlkd3Dk6DtCTOyy3Q7XbD2owqj5RBuQM8QWmhlQD7mjVuFzvsmFp1diXElTH2T9jrit2xnplUJMgbh/XPYMMbalnwW0VR8Ita/R1Px3xSwC6pSMM80xbEZkap1seSZU9DsJmEBtCO7O0Jr6TP6XWoGkM0DpDsCLBjtJDwWGCurYdiqbonI7s2OVfRNPc6yA/+KnQFLBjJsOaak8k6WY4wEoNv4KA3rIFpS6mm0VNW2w8NDL+AJYbrj4DNgCJoEmH7Fn9Hx3ihssmZV0K9Xbm0g9FyoeWDz06yQayFO0vKUAJ0J/UwL7OiPCwAtpdFx/UZYsYbhLFJa2hTYnPkxNR3YmdK9wDfSy40Xp2/hZnOGCbVOwdpfOkVKmkoxWC1GUq4mZ95DpW6FkQwE9xzB2rtynMy6LfKE8GJZ8cID7XfSyjdw+7bnIp5jrCnA0EF2n2y++024Ial1ov2Pa3N5IJV5Ds2L4SDEe7EIudvzIu4v+bATr0ugs3SqNRVtyP9KKAJTelM/tbaUaFzlE0XUokghnSqo8ntVSbH0RRmOKiYibRiQ+orkCABR9+sMeIubaTsMeRLGiqqzxYWVzXKK4lq4HeCfF0oFvbAW4LBV+VzKCy6vk9cIkr+q7gYqrIkPvonqsQLidnvkssnayJ2EOoowjTi+nkllopzSc8hqCrFtp9X2Ld6/kTZ9rJgcdtgkH0wxZKNK+y4yhstpQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB6202.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(2906002)(316002)(186003)(31696002)(36756003)(38350700002)(66476007)(66946007)(6486002)(86362001)(30864003)(66556008)(6506007)(53546011)(8676002)(26005)(966005)(66574015)(6512007)(5660300002)(52116002)(2616005)(83380400001)(54906003)(8936002)(6666004)(4326008)(31686004)(38100700002)(956004)(508600001)(6916009)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: GEOckRSHKTB3K9JlnXXog5QPm2u/r15DkI7Pj9Xg32QHqSE85iGzZTqi0WryKv4fHMrOugCzKSlbajFqsdE8zJ1c7yXupXETI1NqQi19GwKG3R1dbaW0ywEROHLA3I/uuDgHv4Oc8R1xGzHHlGEE98MvVPaYWQGTfYJIBJWh5BvTsmj7S8YjliCLtaOQQjylNi+c2tuFc3JBfiZJAUQ+UigQ+72LNL004ElaXRbuK1Y9oSBBWi4ZSCbcWPQDQYArEwyROA7AdqtkT8A8wXtr2ZZpMxIv8Yw+PCMLdKicxPuUiqKbtvlQL1p8NFyQvGVG2DWxKnLGwQGZlTeJ6g7twCRQMfB/t7/4BQtGBx6oLBZbuTLPIfB3RBdy4+4yglBLLBPz3SXmrlDgCLJZVTA5F7WNYqokSUMg+go66kdXRDuxEPKPtid3IhimMTyutBlZs6kb4p580l9jaH+KK5YkDZZerCHsgghzEkIWdOkM/sm8cVuQpkZInDULevnqv1y9NeXtX0RCleZJVpN8L5pLg108lVKux8V9vilqKq0lagTy+7VD+OkV08nlC8tDx2gjchi8go/B8nIAV2QGS/u8NFtvQzl4ycmKijWGpm8gJPvz7hXUpaeTtDZ7cQG+duEhH91sXks3vnQtraZyQifugDkLpL9qcCCy2HT2vBNZqjnyJxA5e4C1s5A0X2CIQD9YRzcbWjOznt/11hwtahuTnH00y25jES4R42WL+V4Ww+nwQJZBcGFcep7Obv7idE3kt2Yr8ThVqyiqfHHPy/p55v1rIfhZ9v36dwOGGfmFFzOeqBicIY5KLOzAfMozMMhQrEigknWeuFTDkL2um9QVVyrg1RpcCSVzmZZXyEU6hpVSK3yYOmOxGxC2hDArcpa84mzivQbSyXge2A/x6m85oboQJ7k43sMwVaJCgUmj3ujYdajU6GFDv5rS54sifaywPS0w9k3hcHlif5bKsRbxm0s/LiXneb5N6LlM85Shdp84Metm697CM7GMNXVy5eRapRfWcTlX+zb3i/BJ6jikX78xxoX59DUngZviP933Gw5jqLvf1rQXG3Ai7jpss0EO9EHZqkNqHj3lPoWJ/kT/3nb2EF9JTC9+H7rGVioEXo21Dp5YVxqLnJP6jb0/ZyDkI/1k2KRaD9MkukY22T1LgwhcgAnqlsADS2SBR7M7vbio57Z80W5qlP/CkUI1h3iZkwdOSyn76lF/+//tPGivlF5Ady9E1+hUPH22xfEZloFAVcYJHE6TpWPinLNZrHz/ckPjxZLCuhdksFNkUtGj9551yKFkb/ZHsoFFkHY8NuKbv9W3Ti54ijGKbSHX3M9R
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-Network-Message-Id: 8eff5d37-32bc-4c2a-6a2e-08d96f10548b
X-MS-Exchange-CrossTenant-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Sep 2021 19:23:37.9881 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: PEAfkvBpWxkTskohVjP0WAGDkNdgfvvid+xRc+LDxliPeaMsY954Vhbd8wpPUg7QLdZjP5RXZ4OtAqT8VGafyw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR08MB5704
X-MS-Exchange-CrossPremises-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 212.102.48.73
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: DBAPR08MB5704.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/x45lJE626Gn8RHIjbrE4aoH0CfE>
Subject: Re: [core] [Ace] CoAP-EAP draft
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 19:23:49 -0000

Dear Christian,

Thank you for your detailed review. You are raising indeed very 
interesting points.
Just came back from vacation and we will respond as soon as possible.

Best Regards.

On 16/8/21 16:40, Christian Amsüss wrote:
> Hello CoAP-EAP authors and involved groups,
> (CC'ing core@ as this is a review on CoAP usage),
>
>
> I've read the -03 draft and accumulated a few comments; largely in
> sequence of occurrence.
>
> Over all, the protocol has improved a lot since I've last had my eyes on
> it. Several comments below are about how prescriptive the message types
> are. I believe that this should be resolved towards generality, or else
> the usability of this protocol with generic CoAP components will be
> limited (or, worse, still implemented and then surprisingly
> incompatible).
>
>
> * Figure 1: For readers new to the topic of EAP, I think that it might
>    be useful to extend this to cover also the EAP server or AAA
>    infrastructure, if that can be covered without too much complication.
>
>    Suggestion (without illusions of correctness):
>
>             IoT device            Controller
>           +------------+        +------------+
>           | EAP peer/  |        | EAP auth./ |+-----+[ AAA infra. ]
>           | CoAP server|+------+| CoAP client|+-----+[ EAP server?]
>           +------------+  CoAP  +------------+  EAP?
>          
>           \_____ Scope of this document _____/
>
>                        Figure 1: CoAP-EAP Architecture
>
> * `/.well-known/a`: [note: May be irrelevant, see next two items]
>
>    If the designated experts don't go along with a
>    very-short option (I'd kind of doubt you'd get anything shorter than
>    `/.well-known/eap`) and if that puts you up against practical limits,
>    using a short-hand option might be viable.
>
>    So far there's no document for it and I've only pitched the idea
>    briefly at an interim[1] (slides at [2]), but if push comes to shove
>    and you need the compactness, let me know and that work can be
>    expedited.
>
>    [1]: https://datatracker.ietf.org/meeting/interim-2021-core-05/session/core
>    [2]: https://datatracker.ietf.org/meeting/interim-2021-core-05/materials/slides-interim-2021-core-05-sessa-core-option-for-well-known-resources-00
>
> * Discovering the Controller is described rather generically, but with
>    CoAP discovery as an example.
>
>    As long as CoAP discovery (as per RFC6690/7252) is used, that already
>    produces a URI, which can contain any path the server picked. It has
>    thus no need for a well-known path.
>
>    Are there other discovery options envisioned that'd only result in a
>    network address? Only for these, a well-known path would make sense.
>    (And then it's up to the envisioned client complexity if one is
>    warranted).
>
>    For comparison, RD[3] explores some of the options. A path may be
>    discovered using CoAP discovery as `?rt=core.rd*` right away from
>    multicast. Or an address may be discovered using an IPv6 RA option,
>    with CoAP discovery acting on that address. Only for cases of very
>    simple endpoints, it also defines a `/.well-known/rd` name that can be
>    used without CoAP discovery (and thus link parsing) happening
>    beforehand. The same rationales may apply for EAP (the devices using
>    the resource are mostly servers, otherwise, and send a very simple
>    request to start things), but again that's only if the address was
>    discovered through something that's not CoAP discovery already.
>
>    [3]: https://www.ietf.org/archive/id/draft-ietf-core-resource-directory-28.html#name-rd-discovery-and-other-inte
>
> * For message 1, why does this need to go to a fixed resource? There has
>    been previous communication in message 0 in which the resource could
>    have been transported.
>
>    Granted, it's not as easy as in messages 2-to-3 etc where the
>    Location-* options are around, but the original message 0 POST could
>    just as well contain the path in the payload.
>
>    There are options as to how to do that precisely (just the URI
>    reference in text form, or a RFC6690 link, or a CBOR list of path
>    segments, or a CRI reference[4] -- if the latter were in WGLC already
>    I'd recommend it wholeheartedly), but either of them would stay more
>    true to the style of the other messages in that the earlier message
>    informs the path choice of the next ones.
>
>    An upside of this would be that it allows better behavior in presence
>    of proxies (see later), even though it may be practical to not spec
>    that out in full here. (But the path would be open for further specs,
>    and they'd just need some setting down of paving stones).
>
>    [4]: https://datatracker.ietf.org/doc/draft-ietf-core-href/
>
> * (Bycatch of suggesting URIs): It may be worth mentioning that the
>    NON's source address can easily be spoofed. Thus, any device on the
>    network can trigger what the authenticator may think of as a
>    device-triggered reauthentication, and the device may think of as an
>    authenticator-triggered reauthentication (provided it works that way,
>    see below when reauthentication is mentioned again).
>
>    Even sending full URIs in message 0 would be no worse than the current
>    source spoofing.
>
>    Sending URI paths in message 0 would make this minimally better
>    because the attacker would need to guess (or observe from the network)
>    the CoAP server's path.
>
> * In 3.1 General flow, the message types are described in high detail.
>    CoAP can generally be used with different transports (some of which
>    don't even do NON/CON). Also, while I think it's reasonable to expect
>    that a CoAP implementation can deal with requests coming in as either
>    CON or NON, I'd expect that some don't offer all possible choices to
>    applications. (A very constrained device may only send NON requests,
>    or an implementation may decide autonomously whether to send
>    piggy-backed or not).
>
>    Can you clarify as to what of this is meant to be normative and what
>    exemplary?
>
>    My recommendation is to state that what is prescribed is the flow of
>    requests and responses (which is what CoAP provides to the next
>    layer), while notes on reliable transmission are recommendations for
>    CoAP-over-UDP/DTLS. A similar statement, which I like a lot, is
>    already in 3.2 on error handling.
>
>    (I can serve examples of how subtle incompatibilities can develop but
>    go unnoticed, but I'd only go through that if this is all really
>    intended to be prescriptive).
>
> * The reuse of the empty token only works if the peers actually respond
>    with piggy-backed responses, so that's where enforcing the above rules
>    would give some benefit -- but at the cost of losing existing CoAP
>    implementations that make no guarantees as to how the response will be
>    sent as long as it's reliable.
>
> * Proxying: As it is right now, this protocol just barely works across
>    proxies, and only if they support CoAP-EAP explicitly. (And while it
>    may sound odd to even consider that, bear in mind that they are used
>    in a very similar way in RFC9031).
>
>    While it's a bit open whether all CoAP-based protocols should
>    reasonably be expected to work across proxies or not, a remark (maybe
>    before 3.1?) that "If CoAP proxies are used between EAP peer and EAP
>    authenticator, they must be configured with knowledge of this
>    specification, or the operations will fail after step 0."
>
> * 3.2.2: The use of RST is rather unusual here, for the same reasons as
>    the prescriptive message types.
>
>    A response of 5.03 (Service Unavailable) has roughly the same size,
>    is available independent of transport, and on most libraries *way*
>    easier to use, if they support sending an RST to a well-formed message
>    at all.
>
>    (Furthermore, the sender of the 5.03 can encode an estimate of the
>    remaining unavailable time in the Max-Age option; not sure if that is
>    of any help here).
>
> * 3.3.1: "received with the ACK", "sends piggybacked response" are,
>    again, overly specific. "received in the last response" and "sends a
>    response" could work as replacements even if message types are
>    presecriptive.
>
> * 3.3.1: "after the maximum retransmission attempts, the CoAP client
>    will remove the state from its side".
>
>    So the device that's being kicked from the network can delay its own
>    eviction for about a minute as long as it doesn't answer?
>
> * 3.3.2: Is reauthentication always triggered by the EAP peer, or can it
>    also be triggered by the authenticator? If the latter, will the
>    authenticator use /.well-known/a again, or POST something to the
>    resource from where it'd DELETE in 3.3.1?
>
> * cryptosuites: What's the upgrade model of that hardcoded list? As it
>    is now, it looks pretty static, so updates would be through updates of
>    this document. The obvious alternative is an IANA registry with
>    ranges, policies and the usual pros and cons.
>
>    Then again, this is not the first nor last time AEAD algorithms with
>    their parametrization and hash functions are assigned aggregate
>    numbers (I-D.ietf-lake-edhoc comes to mind which has asymmetric algs
>    in the mix too; probably others as well); can we deduplicate this with
>    anything? (Possibly by bringing this up with COSE or OSCORE people).
>
> * OSCORE derivation: Is it cryptographically necessary to derive *both*
>    a master secret and a master salt through KDF? (Sounds like a
>    needless step to me, as both only go into KDF once more when the
>    actual OSCORE parameters are derived). I *guess* there's a good reason
>    why the MSK is not used as the OSCORE IKM right away and the CSO as
>    OSCORE master salt, but it'd help to have at list a comment here on
>    why that's needed.
>
>    (It may be useful to compare this step to the HKDF steps in OSCORE;
>    their info element is always a 5-element array with a 4th "type"
>    element of "Key" or "IV"; other extractions might just hook in there
>    with different type values, maybe, and save everyone an extra handling
>    step).
>
> * OSCORE ID derivation:
>
>    * Randomly assigned full-length ideas look like an odd choice. They
>      are excessively long (nonce length - 6 is 7 for the MTI
>      AES-CCM-16-64-128 and shorter for other current ones, but I doubt
>      that keeping the IV *short* is necessarily a design criterion for
>      future algorithms).
>
>      What commonly happens here (eg. in the ACE-OSCORE profile, or in
>      EDHOC) is that each party picks a recipient ID out of its pool of
>      currently unused IDs. This makes for shorter keys, and allows the
>      client to be sure that no two peers use the same context.
>
>      Any chance something like that can still make it in?
>
>    * If the parties happen to be assigned the same sender ID, bad things
>      happen (identical key derivation, nonce reuse, nuclear meltdown).
>
>      If the current pattern of KDF'ing IDs stands, this needs to be
>      prevented explicitly.
>
>    * The derivations of "OSCORE RECIPIENT ID" and "OSCORE SENDER ID" are
>      confusing as they each need to happen on both sides, and the terms
>      will match on one and need to be opposite on the other.
>
>      (I couldn't even easily find which is intended to be which).
>
>      My suggestion is to derive "OSCORE EAP PEER SENDER ID" and "OSCORE
>      AUTHENTICATOR SENDER ID" instead. (Or preferably shorter strings).
>
> * Exmaples: Do you envision particular EAP protocols to be used in the
>    given examples?
>
> Best regards
> Christian