[Gen-art] Genart last call review of draft-ietf-anima-constrained-voucher-21

Russ Housley via Datatracker <noreply@ietf.org> Sun, 20 August 2023 20:36 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Housley via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: anima@ietf.org, draft-ietf-anima-constrained-voucher.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169256379914.56174.8480965773654577274@ietfa.amsl.com>
Reply-To: Russ Housley <housley@vigilsec.com>
Date: Sun, 20 Aug 2023 13:36:39 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/IwdzEEmikojMvwuMWy4cAMymk1k>
Subject: [Gen-art] Genart last call review of draft-ietf-anima-constrained-voucher-21

Reviewer: Russ Housley
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-anima-constrained-voucher-21
Reviewer: Russ Housley
Review Date: 2023-08-20
IETF LC End Date: unknown
IESG Telechat date: unknown

Summary: Almost Ready

Note: I did not review Sections 9, 16, 17, and 18. I did not
review the Appendices.

Major Concerns:

Section 6.2 says: "... and MUST NOT distinguish between them." There
are many different contexts that one might "distinguish" that are fine.
I think you mean that the implementation MUST respond to the two in the
same manner.

Minor Concerns:

Section 4 says:
"... certain PKIX operations (such as certificate chain
validation)."

I do not think that "PKIX operation" has any constructive meaning. This
term is used in at least two paragraphs. I suggest that discussing
certification path validation and revocation checking would be more
helpful to implementers.

Section 4 also talks about "PKIX-less operations" in several places.
Again, I do not think that this term has any constructive meaning. I
suggest that you talk about the use of "raw" public keys.

Section 7.3.1 repeats information that is stated other places. It is
odd to have a subsection that adds nothing new. Note that this section
is referenced from Section 15.4, but Section 6.1.4 also contains the
information about EKU requirements.

Nits:

General: Pick one spelling: CoAPS or coaps.

Section 1, para 4:
s/optional functions. Appendix E illustrates this./
/optional functions as illustrated in Appendix E./

Section 1, para 5:
s/new COSE [RFC9052] signature format/COSE [RFC9052] signature/

Section 1, para 6:
s/is to be protected/is protected/ (two places)

Section 4, para 4:
s/vouchers, only the a new signature/vouchers; however, a signature/

Section 6.1.4, last para:
s/have the E/contain the E/ (two places)

Section 6.4.1, para 6:
s/fail anyway)/fail anyway.)/

Section 8.2, para after the numbered list:
s/using less crypto operations/using fewer cryptographic operations/

Section 8.3, para 3:
s/ PKIX format certificates/ PKIX certificates/

Section 8.4, para 4: s/arisews/arises/

Section 8.4, para 4: s/idevid-issuer/IDevID-issuer/

Section 15.1, first para s/idevid-issuer/IDevID-issuer/

Please review the output of ID-nits:
https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-anima-constrained-voucher-21.txt

[Gen-art] Genart last call review of draft-ietf-a… Russ Housley via Datatracker