[core] Benjamin Kaduk's No Objection on draft-ietf-core-echo-request-tag-13: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Mon, 30 August 2021 17:59 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: core@ietf.org
Delivered-To: core@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A8A643A1C08; Mon, 30 Aug 2021 10:59:01 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-core-echo-request-tag@ietf.org, core-chairs@ietf.org, core@ietf.org, Marco Tiloca <marco.tiloca@ri.se>, marco.tiloca@ri.se
X-Test-IDTracker: no
X-IETF-IDTracker: 7.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <163034634166.17431.14820107713355769156@ietfa.amsl.com>
Date: Mon, 30 Aug 2021 10:59:01 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/zlbfXvXPaUvcToku9insTDhXIlY>
Subject: [core] Benjamin Kaduk's No Objection on draft-ietf-core-echo-request-tag-13: (with COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2021 17:59:02 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-core-echo-request-tag-13: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-core-echo-request-tag/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I really like the changes made in the -13 overall; thank you for adding in all the additional discussion. I only have editorial/nit-level comments remaining. Section 2.5.2 The information extracted by the server from the request Echo value has different sources of truth depending on the application. I think that the "sources of truth" phrase might be a source of confusion for some readers. I'd consider something more like: % The request Echo value conveys freshness information to the server, % and the freshness is applied to some data or information related % to the request. which then transitions decently into "Understanding who or what is the authoritative source of that information helps the server implementer decide ..." If all that the server extracts is information which the client is authorized to provide arbitrarily, (which is another way of saying that the server has to trust the client on whatever Echo is used for), then the server can issue Echo values that do not need to be (nit) I'd suggest "whatever Echo is being used for" (add "being") In most other cases, there are properties extracted of which the server is the authority ("The request must not be older than five minutes" is counted on the server's clock, not the client's) or which [If my above suggestion is used, that removes the word "extracted", this use of "extracted" should probably be reworded as well.] Section 3.5.1 When security services are provided by DTLS, this can only be confirmed if there was no CoAP retransmission of the request, the request was responded to, and the server performs replay protection. (nit) I think the server would either "perform replay detection" or "[provide/use] replay protection" -- performing protection is not a common phrasing. way, the server can rely on a conforming client to set the Request- Tag option when required, and thereby have confidence the integrity of the assembled body. (nit) "have confidence in" Appendix A This method is suitable both for time and for event base freshness (e.g. by clearing the cache when an event occurs), and independent of the client authority. (nit) "for time- and for event-based freshness" (and again a couple paragraphs later)
- [core] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [core] Benjamin Kaduk's No Objection on draft… Christian Amsüss