[core] Kathleen Moriarty's Yes on draft-ietf-core-object-security-09: (with COMMENT)
Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Thu, 08 March 2018 14:33 UTC
Return-Path: <Kathleen.Moriarty.ietf@gmail.com>
X-Original-To: core@ietf.org
Delivered-To: core@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 57A8B1241F8; Thu, 8 Mar 2018 06:33:47 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-core-object-security@ietf.org, Carsten Bormann <cabo@tzi.org>, jaime.jimenez@ericsson.com, core-chairs@ietf.org, cabo@tzi.org, core@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.74.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152051962735.13922.9383105410719725254.idtracker@ietfa.amsl.com>
Date: Thu, 08 Mar 2018 06:33:47 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/yvIfdrGyJ4tYhtE3mB6dNG215JQ>
Subject: [core] Kathleen Moriarty's Yes on draft-ietf-core-object-security-09: (with COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 14:33:47 -0000
Kathleen Moriarty has entered the following ballot position for draft-ietf-core-object-security-09: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-core-object-security/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I strongly support an object level security solution to provide end-to-end security when traffic traverses proxies or is relayed in the case of many IoT scenarios. There are billions of devices in the IoT space with different constraints and operating requirements. As such, I support and appreciate your work on this draft. I had already known that this work was decoupled from EDHOC and appreciate that it can now be used either with TLS, EDHOC, or some other transport security protocol to offer object level security and protection in transit for data. Thanks for addressing the OpsDir review a couple of weeks ago that pointed out where the work for provisioning the master secret, use of pre-shared keys in some scenarios, the use of profiles for algorithm agility, and the candidate key exchange protocols are done and other questions on security considerations and MTI. Since EKR's review pointed some of these same things out, having the pointers more clearly stated in the draft would be beneficial to the reader and implementer. Perhaps a longer discussion is needed in the draft. Where there are still multiple candidate drafts, you may not want to name one yet, but rather point to existing work. Thanks again!
- [core] Kathleen Moriarty's Yes on draft-ietf-coreā¦ Kathleen Moriarty