[Iot-directorate] Iotdir telechat review of draft-ietf-cose-x509-07
Carsten Bormann via Datatracker <noreply@ietf.org> Mon, 19 October 2020 22:04 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: iot-directorate@ietf.org
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C958A3A0C0A; Mon, 19 Oct 2020 15:04:20 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Carsten Bormann via Datatracker <noreply@ietf.org>
To: iot-directorate@ietf.org
Cc: last-call@ietf.org, draft-ietf-cose-x509.all@ietf.org, cose@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.20.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160314506078.20558.15385106097623388280@ietfa.amsl.com>
Reply-To: Carsten Bormann <cabo@tzi.org>
Date: Mon, 19 Oct 2020 15:04:20 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/QQ2TnS74WdVNaAaen090CUMpi1M>
Subject: [Iot-directorate] Iotdir telechat review of draft-ietf-cose-x509-07
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 22:04:21 -0000
Reviewer: Carsten Bormann Review result: Ready with Issues First, I would like to express my gratitude to Jim Schaad for having done this work (and all the work that led up to making this work possible). The draft fills a gap where COSE is being used in conjunction with infrastructure employing X.509-based validation of keys. JOSE defined the necessary parameters right away, while the use case for COSE was less clear initially. One criticism might be that the draft does not speculate on how constrained devices could share tasks that need to be performed in this use case with trusted less-constrained devices -- there are probably infinite ways of doing so, and the ones actually to be used should rather be discussed in the protocols that govern the constrained--less-constrained communication. The draft is ready with issues. ## Major Section 1: The draft points to examples to be found in the github repository https://github.com/cose-wg/Examples -- these are not in there. Either these examples need to be added or this sentence deleted. ## Minor Section 2: I'm not sure what "certificates of a chain length of..." actually means -- the chain length is not an intrinsic property of a certificate, but a function of what the application's roots are. Maybe rephrase: These rules apply when the validation succeeds in a single step as well as when certificate chains need to be built. The draft uses the term "bag" for what is meant to be a set. Maybe stick with the "x5bag" parameter name and the prose "certificate bag", but when saying what it is, say that it is a set. ## Nits https://github.com/cose-wg/X509/pull/28
- [Iot-directorate] Iotdir telechat review of draft… Carsten Bormann via Datatracker
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Michael Richardson
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Eric Vyncke (evyncke)
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Carsten Bormann
- Re: [Iot-directorate] [Last-Call] Iotdir telechat… Ivaylo Petrov