Re: [KEYPROV] FW: DISCUSS and COMMENT: draft-ietf-keyprov-dskpp

I prefer the style 

 urn:ietf:params:xml:ns:keyprov:dskpp:prf-aes-128

to

 urn:ietf:params:xml:ns:keyprov:dskpp:prf:aes-128

The later style makes prf a category. If we use this style, we may want
to categorize all others, e.g. key algorithm, prf, key wrap etc. as

 urn:ietf:params:xml:ns:keyprov:pskc:alg:hotp
 urn:ietf:params:xml:ns:keyprov:dskpp:container:pkcs12
 urn:ietf:params:xml:ns:keyprov:dskpp:keywrap:transport

prf-aes-128 looks more intuitive to me without introducing the category
in URN space.

- Ming

> -----Original Message-----
> From: keyprov-bounces@ietf.org 
> [mailto:keyprov-bounces@ietf.org] On Behalf Of Philip Hoyer
> Sent: Tuesday, June 15, 2010 8:19 AM
> To: andrea.doherty@rsa.com; keyprov@ietf.org
> Subject: Re: [KEYPROV] FW: DISCUSS and COMMENT: 
> draft-ietf-keyprov-dskpp
> 
> Andrea,
> Just wondering if
> 
> urn:ietf:params:xml:ns:keyprov:dskpp:prf-aes-128
> urn:ietf:params:xml:ns:keyprov:dskpp:prf-sha256
> 
> Might not be better expressed as
> 
> urn:ietf:params:xml:ns:keyprov:dskpp:prf:aes-128
> urn:ietf:params:xml:ns:keyprov:dskpp:prf:sha256
> 
> And maybe the 
> 
> > URNs: urn:ietf:params:xml:schema:keyprov:dskpp:transport
> > urn:ietf:params:xml:schema:keyprov:dskpp:wrap
> > urn:ietf:params:xml:schema:keyprov:dskpp:passphrase-wrap
> 
> urn:ietf:params:xml:schema:keyprov:dskpp:wrap:transport
> urn:ietf:params:xml:schema:keyprov:dskpp:wrap:simple
> urn:ietf:params:xml:schema:keyprov:dskpp:wrap:passphrase
> 
> you know to distinguish the URNs directly.
> 
> I also agree with Peter that for interoperability we might 
> need to mandate that DSKPP server MUST implement a HTTP 
> binding of DSKPP.
> 
> Philip
> 
> -----Original Message-----
> From: keyprov-bounces@ietf.org 
> [mailto:keyprov-bounces@ietf.org] On Behalf Of andrea.doherty@rsa.com
> Sent: Monday, June 14, 2010 6:14 PM
> To: keyprov@ietf.org
> Subject: [KEYPROV] FW: DISCUSS and COMMENT: draft-ietf-keyprov-dskpp
> 
> All,
> Here is feedback that I received from Peter Saint-Andre 
> regarding my point-to-point responses to him of last week.
> Andrea
>  
> 
> -----Original Message-----
> From: Peter Saint-Andre [mailto:stpeter@stpeter.im]
> Sent: Wednesday, June 09, 2010 12:05 AM
> To: Doherty, Andrea
> Cc: iesg@ietf.org; keyprov-chairs@tools.ietf.org; 
> draft-ietf-keyprov-dskpp@tools.ietf.org
> Subject: Re: DISCUSS and COMMENT: draft-ietf-keyprov-dskpp
> 
> On 6/8/10 11:28 AM, andrea.doherty@rsa.com wrote:
> > Peter,
> > 
> > Thank you for your thoughtful and thorough review.  Below 
> please find 
> > point-by-point responses.
> > 
> > Regards, Andrea
> > 
> > -----Original Message----- From: Peter Saint-Andre 
> > [mailto:stpeter@stpeter.im] Sent: Wednesday, May 05, 2010 11:32 PM
> > To: iesg@ietf.org Cc: keyprov-chairs@tools.ietf.org; 
> > draft-ietf-keyprov-dskpp@tools.ietf.org Subject: DISCUSS 
> and COMMENT:
> > draft-ietf-keyprov-dskpp
> > 
> > Discuss: 1. The defined and referenced identifiers are described as 
> > URIs of the form xmlns:foo="someUri" and each identifier 
> specifies a 
> > prefix such as "foo". For example:
> > 
> > The XML namespace [XMLNS] URI for Version 1.0 of DSKPP protocol is:
> > 
> > xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
> > 
> > References to qualified elements in the DSKPP schema defined herein 
> > use the prefix "dskpp".
> > 
> > The URI here is "urn:ietf:params:xml:ns:keyprov:dskpp" without the 
> > "xmlns:dskpp=" preceding the URI so to reduce confusion it would be 
> > best to include only the URI. Also, is the prefix "dskpp" 
> hardcoded, 
> > or are developers allowed to use any prefix? The point of XML 
> > namespaces was not to hardcode prefixes, so it would be best to say 
> > that the "dskpp" prefix is used in examples here but any prefix is 
> > allowed.
> > 
> > [Doherty, Andrea] Agree; will reword to state:
> > 
> > The XML namespace [XMLNS] URI for Version 1.0 of DSKPP protocol is:
> > 
> > "urn:ietf:params:xml:ns:keyprov:dskpp"
> > 
> > References to qualified elements in the DSKPP schema defined herein 
> > use the prefix "dskpp", but any prefix is allowed.
> 
> Good.
> 
> > 2. In Section 2.1, the Authentication Code is defined as follows:
> > 
> > Authentication Code (AC):  User Authentication Code comprised of a 
> > string of numeric characters known to the device and the server and 
> > containing a client identifier and a password.  This 
> ClientID/password 
> > combination is used only once, and then discarded.
> > 
> > However, in Section 3.4.1.1 the Authentication Code format does not 
> > seem to be strictly numeric, because it is a series of 
> > Type-Length-Value triads encoded as hexadecimal.
> > 
> > [Doherty, Andrea] Yes, there are inconsistencies between how the 
> > Authentication Code was defined (Section 2.1), and how it was being 
> > used (Section 3.4.1.1).  Please refer to the attached text, 
> which is 
> > how we propose to change these sections to address this issue.
> 
> That text is excellent. I especially appreciate the detailed examples.
> 
> > 3. In Section 3.4.1.1, the Password TLV is defined as follows:
> > 
> > The Password is a mandatory TLV the contains a one-time use shared 
> > secret known by the user and the Provisioning Server.  The password 
> > value is unique and SHOULD be a random string to make AC more 
> > difficult to guess.  The string MUST be UTF-8 encoded in accordance 
> > with [RFC3629].  For example, suppose password is set to 
> "3582", then 
> > the TLV would be {0x2, 0x4, UTF-8("3582")}.
> > 
> > Does the Password really need to be UTF-8? Is it expected that 
> > characters outside the US-ASCII range will be used? Given that the 
> > next paragraph talks about "the typed password", this 
> document seems 
> > to assume that a user will input this password using a 
> keyboard. Can 
> > we safely assume that a user will be able to input any UTF-8 
> > character, such as U+233B4 (from RFC 3629)? To ensure that the 
> > user-typed password matches what is on file at the Provisioning 
> > Server, this document might need to specify normalization 
> of the typed 
> > password using Net-Unicode, SASLprep, or some other string 
> preparation 
> > technology.
> > 
> > [Doherty, Andrea] Please refer to the attached text, which 
> is how we 
> > propose to change Section 3.4.1.1. Our intent is that the new text 
> > will, among other things, address the issue raised here 
> with respect 
> > to the Password TLV.
> 
> Your proposed text addresses my concerns.
> 
> > In addition to the attached text, I'll add
> > draft-resman-idna2008-mappings-01 as an informative reference and 
> > insert the correct ref# in the text.
> 
> OK. I need to think a bit about whether the mappings in that 
> document are always desirable for your usage. Consider, for 
> example, the mapping of upper case characters to lower case 
> characters (which makes sense for domain names but not 
> necessarily for client IDs or passwords).
> 
> > 4. In Section 5.1.2, the key wrapping algorithms are confusingly 
> > identified, because it appears on a cursory reading that "KW-AES128 
> > without padding" and "KW-AES128 with padding" have the same 
> > identifier, when in fact they are identified by id-aes128-wrap and 
> > id-aes128-wrap-pad respectively in 
> > draft-housley-aes-key-wrap-with-pad-02.
> > 
> > [Doherty, Andrea] Yes, the references in this section are incorrect.
> > This is easier to reconcile now that the originally 
> referenced I-D is 
> > an RFC (#3394) and since the latest version of XML Encryption now 
> > includes a reference to this RFC.  XMLENC is, however, a normative 
> > reference, and the version that references id-aes128-wrap-pad is a 
> > Working Draft, due out of W3C LC June 10 (Candidate Draft not ready 
> > until the Fall of 2010).  As such, here's how I propose to 
> change the
> > text:
> > 
> > AES128 KeyWrap - refer to id-aes128-wrap in [RFC5649] and
> > http://www.w3.org/2001/04/xmlenc#kw-aes128 in [XMLENC]
> > 
> > AES128 KeyWrap with Padding - refer to id-aes128-wrap-pad 
> in [RFC3394] 
> > and http://www.w3.org/2001/04/xmlenc#kw-aes128 in [XMLENC]
> > 
> > AES-CBC-128 - refer to [FIPS197-AES] and 
> > http://www.w3.org/2001/04/xmlenc#aes128-cbc in [XMLENC]
> 
> That's better.
> 
> > 5. Appendices D.2.1 and D.3.1 define the following algorithm
> > identifiers:
> > 
> > http://www.ietf.org/keyprov/dskpp#dskpp-prf-aes-128
> > http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
> > 
> > It's not clear what the IETF policy is on the use of 
> ietf.org URIs as 
> > identifiers, but these URIs appear to be used without authorization.
> > 
> > [Doherty, Andrea] Agree; will switch these to URNs in the keyprov 
> > parameters space and ask IANA to create a sub registry for 
> each.  The 
> > URNs will appear as:
> > urn:ietf:params:xml:ns:keyprov:dskpp#dskpp-prf-aes-128
> > urn:ietf:params:xml:ns:keyprov:dskpp#dskpp-prf-sha256
> 
> I'm sorry, but now we have a second issue: as I have recently 
> discovered, the '#' character is not recommended in URNs, see Section
> 2.3.2 of RFC 2141:
> 
>    RFC 1630 [2] reserves the characters "/", "?", and "#" for 
> particular
>    purposes. The URN-WG has not yet debated the applicability and
>    precise semantics of those purposes as applied to URNs. Therefore,
>    these characters are RESERVED for future developments.  Namespace
>    developers SHOULD NOT use these characters in unencoded form, but
>    rather use the appropriate %-encoding for each character.
> 
> Thus I would suggest the following:
> 
>    urn:ietf:params:xml:ns:keyprov:dskpp:prf-aes-128
>    urn:ietf:params:xml:ns:keyprov:dskpp:prf-sha256
> 
> > 6. Section 5 mentions a URN of
> > urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer as defined 
> in [PSKC] 
> > but that URN is not to be found in
> > draft-ietf-keyprov-portable-symmetric-key-container-03
> > 
> > [Doherty, Andrea] Thanks for catching this.  The PSKC authors have 
> > agreed to register a new URN for KeyContainer in the soon 
> next draft 
> > of the PSKC I-D.  Note also that I will update the 
> reference to PSKC 
> > accordingly.
> 
> And note also that the same issue with the '#' character applies here.
> I've followed up with the PSKC authors about that.
> 
> > 7. Several URNs containing fragment identifiers are defined in 
> > Sections 5.1.1, 5.1.2, and 5.1.3:
> > 
> > urn:ietf:params:xml:schema:keyprov:dskpp#transport
> > urn:ietf:params:xml:schema:keyprov:dskpp#wrap
> > urn:ietf:params:xml:schema:keyprov:dskpp#passphrase-wrap
> > 
> > However, the "#" character is discouraged in URNs according to RFC
> > 2141:
> > 
> > RFC 1630 [2] reserves the characters "/", "?", and "#" for 
> particular 
> > purposes. The URN-WG has not yet debated the applicability 
> and precise 
> > semantics of those purposes as applied to URNs.
> > Therefore, these characters are RESERVED for future developments.
> > Namespace developers SHOULD NOT use these characters in unencoded 
> > form, but rather use the appropriate %-encoding for each character.
> > 
> > Therefore it seems preferable to change "#" to ":" (or some other 
> > non-reserved character) in these URNs.
> > 
> > [Doherty, Andrea] Agree; will change "#" to ":" in the following
> > URNs: urn:ietf:params:xml:schema:keyprov:dskpp:transport
> > urn:ietf:params:xml:schema:keyprov:dskpp:wrap
> > urn:ietf:params:xml:schema:keyprov:dskpp:passphrase-wrap
> 
> Thanks. See above.
> 
> > 8. Given that "the principal syntax is XML", a normative 
> reference to
> > http://www.w3.org/TR/2006/REC-xml-20060816 is needed.
> > 
> > [Doherty, Andrea] Agree; will add a normative reference to [XML].
> > Note that I'll update the reference to point to the latest 
> published 
> > version of the W3C Recommendation, 
> > http://www.w3.org/TR/2008/REC-xml-20081126/.  I also note that the 
> > Informative Reference to [XMLNS] should be updated to the latest 
> > edition http://www.w3.org/TR/2009/REC-xml-names-20091208/.
> 
> Good catch.
> 
> > 9. Section 3.1 says that DSKPP "is layered on a transport mechanism 
> > such as HTTP" but Section 3.2.2 says that "DSKPP messages 
> ... are sent 
> > over HTTPS", so a reference to RFC 2616 (probably along with RFC
> > 2818) would be appropriate.
> > 
> > [Doherty, Andrea] Agree; will add reference to RFC2616 and RFC2818 
> > here.  Note that per Alexey's DISCUSS #9, I will be making the
> > RFC2616 reference Normative.  However, as there is not a normative 
> > mapping to HTTPS, I will be making the reference to RFC2818 
> > Informative.
> 
> Agreed.
> 
> > 10. Section 3.2.2 states the following about certificate 
> validation or 
> > server identity checking:
> > 
> > In Step 1, the client establishes a TLS connection, and 
> authenticates 
> > the server (that is, validates the certificate, and 
> compares the host 
> > name in the URL with the certificate)
> > 
> > Section 4.2.3 states:
> > 
> > If K is equivalent to K_SERVER, then the cryptographic 
> module SHOULD 
> > verify the server's certificate before using it to encrypt R_C in 
> > accordance with [RFC5280].
> > 
> > However, no details are provided regarding certificate validation.
> > Given that HTTPS is used, a reference to Section 3.1 of RFC 2818 is 
> > needed.
> > 
> > [Doherty, Andrea] As per DISCUSS #9, I will be adding an 
> Informative 
> > Reference to RFC2818 in Section 3.1.  Does this address 
> your concern?
> > By "a reference to Section 3.1" did you mean here that a 
> reference to 
> > Section 3.1 should be added to Sections 3.2.2 and Section 4.2.3?
> 
> I think it would be appropriate to reference Section 3.1 of 
> RFC 2818 whether you talk about certificate validation (that 
> would be from Sections 3.2.2 and 4.2.3 of your document).
> 
> > 11. In Section 3.4.3, "the resultant string is hashed using 
> SHA-256 in 
> > accordance with [FIPS180-SHA]"; has any thought been given to hash 
> > agility?
> > 
> > [Doherty, Andrea] Yes, esp. as this was raised as a DISCUSS item by 
> > Russ Housley and Brian Carpenter.  I responded to both 
> Brian and Russ 
> > to their satisfaction (I also updated the draft to v11; Brian 
> > confirmed that the change is acceptable, as did Russ through email; 
> > however, the IESG DISCUSS has not yet been removed).  
> Here's how the 
> > topic was addressed in the latest draft:
> > 
> > * Change Section 1.2, "Versions", to read:
> > 
> > "There is a provision made in the syntax for an explicit version 
> > number.  Only version "1.0" is currently specified.
> > 
> > The purpose for versioning the protocol is to provide a 
> mechanism by 
> > which changes to required cryptographic algorithms (e.g., 
> SHA-256) and 
> > attributes (e.g., key size) can be deployed without disrupting 
> > existing implementations; likewise out-dated implementations can be 
> > de-commissioned without disrupting operations involving 
> newer protocol 
> > versions."
> 
> Aha, I see that you have addressed algorithm agility via 
> protocol versioning. That's perhaps a bit heavy-handed (do 
> you really need to rev the entire protocol whenever you need 
> to upgrade the algorithms used in the protocol?), but it will work.
> 
> > * Add the following to the Security Considerations Section 10.6 on 
> > "Miscellaneous Considerations"
> > 
> > "Many protocols need to be algorithm agile.  One reason for this is 
> > that in the past many protocols had fixed sized fields for 
> information 
> > such as hash outputs, keys, etc.  This is not the case for DSKPP, 
> > except for the key size in the computation of DSKPP-PRF.
> > Another reason was that protocols did not support algorithm 
> > negotiation.  This is also not the case for DSKPP, except 
> for the use 
> > of SHA-256 in the MAC confirmation message.  Updating the 
> key size for 
> > DSKPP-PRF or the MAC confirmation message algorithm will 
> require a new 
> > version of the protocol, which is supported with the Version 
> > attribute."
> 
> Yes, that's fine.
> 
> > 12. Section 4.2.1 states:
> > 
> > 3.  The web application processes the request and returns an 
> > authentication code to the user, e.g., in the form of an 
> email message
> > 
> > Is it considered a best practice to send the authentication 
> code via 
> > email? Nothing is said here about protection of this 
> message (whether 
> > sent via email or some other method).
> > 
> > [Doherty, Andrea] We agree that the example in Section 4.2.1 is not 
> > the best example. I propose to change the text to: 3.  The web 
> > application processes the request and returns an 
> authentication code  
> > to the user, e.g., in response to an enrollment request via 
> a secure 
> > web session.
> 
> That's better.
> 
> > 13. Section 10.1 says:
> > 
> > DSKPP SHOULD, therefore, be run over a transport providing 
> > confidentiality and integrity, such as HTTP over Transport Layer 
> > Security (TLS) with a suitable ciphersuite, when such threats are a 
> > concern.
> > 
> > Why not MUST?
> > 
> > [Doherty, Andrea] Will change to MUST.
> 
> Thanks.
> 
> > 14. Section 10.6.3 says:
> > 
> > DSKPP servers MUST authenticate themselves...
> > 
> > Does this mean that a DSKPP client MUST authenticate the server to 
> > which it connects?
> > 
> > [Doherty, Andrea] Yes.  Here is how I plan to reword Section 10.6.3.
> >  Whenever a successful DSKPP 2-pass protocol run would result in an 
> > existing K_TOKEN being replaced by a K_TOKEN', the DSKPP client and 
> > server MUST do the following to prevent a denial-of-service attack 
> > where an unauthorized DSKPP server replaces a K_TOKEN with another
> > key: * The DSKPP server MUST use the AuthenticationDataType 
> extension 
> > to transmit a second MAC, calculated as described in 
> Section 5.2.2. * 
> > The DSKPP client MUST authenticate the server using the MAC 
> contained 
> > in the AuthenticationDataType extension received from the 
> DSKPP server 
> > to which it is connected.
> 
> Good.
> 
> > 15. Section 11 states:
> > 
> > The DSKPP protocol is mostly meant for machine-to-machine 
> > communications; as such, most of its elements are tokens 
> not meant for 
> > direct human consumption.  If these tokens are presented to the end 
> > user, some localization may need to occur.
> > 
> > Because localization methods are not specified, it is doubtful that 
> > developers will be able to produce interoperable implementations.
> > More details are needed here.
> > 
> > [Doherty, Andrea] These tokens will not be presented to the users.
> > Therefore, I propose to remove the words, "mostly" and 
> "most of", and 
> > the sentence, "If these tokens are presented to the end user, some 
> > localization may need to occur."
> 
> If these tokens will not be presented to users, then we don't 
> need to care about localization. See RFC 2277: 
> "Internationalization is for humans." Problem solved. :)
> 
> > The new paragraph will look like
> > this: The DSKPP protocol is meant for machine-to-machine 
> > communications; as such, its elements are tokens not meant 
> for direct 
> > human consumption. DSKPP exchanges information using XML. All XML 
> > processors are required to understand UTF-8 [RFC3629] and UTF-16 
> > [RFC2781] encoding, and therefore all DSKPP clients and 
> servers MUST 
> > understand UTF-8 and UTF-16 encoded XML.  Additionally, 
> DSKPP servers 
> > and clients MUST NOT encode XML with encodings other than UTF-8 or 
> > UTF-16.
> 
> Do we really need to support both UTF-8 and UTF-16?
> 
> > 16. Section 12.3 (MIME Media Type Registration) has the following
> > deficiencies:
> > 
> > - the optional parameter field specifies "charset", but the 
> default is 
> > "UTF-8", which is not a character set according to RFC 2277.
> > 
> > [Doherty, Andrea] In his DISCUSS #8, Alexey pointed out that, "I 
> > believe the last sentence is in violation of MIME, which requires 
> > US-ASCII to be the default charset value. This is also in 
> violation of 
> > HTTP, which requires ISO-8859-1." So he suggested removing the last 
> > quoted sentence.  As such, I plan to remove "Default is 
> UTF-8 from the 
> > optional parameter field.
> 
> I'll leave that for Alexey.
> 
> > - the encoding considerations field needs to mention that 
> > implementations need to support both UTF-8 and UTF-16
> 
> See above.
> 
> > [Doherty, Andrea] I will append the following after "See [RFC3203], 
> > Section 3.2":  "Implementations need to support both UTF-8 
> [RFC3629] 
> > and UTF-16 [RFC2781]."
> > 
> > - the security considerations field needs to reference this 
> > specification (especially Section 10), rather than trying 
> to address 
> > all security issues in just a few words.
> > 
> > [Doherty, Andrea] Good point.  I'll append the following 
> sentence to 
> > the security consideration field: "Refer to Section 10 of the 
> > Published Specification for more details".
> 
> +1
> 
> > - the interoperability considerations field says "this content type 
> > provides a basis for a protocol" but that text is not helpful. Are 
> > there any actual or potential problems with 
> interoperability? If not, 
> > say "None" here.
> > 
> > [Doherty, Andrea] I'll replace "this content type provides 
> a basis for 
> > a protocol" with "None".
> 
> +1
> 
> > Comment: 1. Section 6 says that "the use of extensions SHOULD be 
> > carefully considered" but capitalized key words apply to protocols, 
> > not protocol designers. Suggested text: "protocol designers are 
> > advised to carefully consider the use of extensions".
> > 
> > Similar considerations apply to Section 10.4 "Implementers 
> SHOULD also 
> > be aware that cryptographic algorithms become weaker with time."
> > 
> > [Doherty, Andrea] Will rephrase Section 6 to state, "protocol 
> > designers are advised to carefully consider the use of extensions", 
> > and Section 10.4 to state, "Implementers are advised that 
> > cryptographic algorithms become weaker with time."
> 
> OK.
> 
> > 2. Section 7.2 "presents a binding of the previous messages to 
> > HTTP/1.1" but it is not clear if the HTTP binding is 
> > mandatory-to-implement. This could be added to Section 9.
> > 
> > [Doherty, Andrea] As stated in Section 3.1, "The principal 
> syntax is 
> > XML and it is layered on a transport mechanism such as HTTP."  As 
> > such, it was not envisaged that HTTP would be 
> mandatory-to-implement.
> 
> OK.
> 
> How will we ensure interoperability if no transport mechanism 
> is mandatory-to-implement?
> 
> > 3. Section 1.2 makes provision for versioning, but no guidance is 
> > provided regarding when the major and minor versions shall be 
> > incremented, how to compare version numbers, etc. You might 
> be able to 
> > borrow some text from Section 4.4.1 of RFC 3920 or some similar 
> > specification.
> > 
> > [Doherty, Andrea] Good suggestion.  I'll rename Section 1.2 from 
> > "Versions" to "Version Support" and append the following paragraphs 
> > after the sentence, "The purpose for versioning the protocol is to 
> > provide a mechanism by which changes to required cryptographic 
> > algorithms (e.g., SHA-256) and attributes (e.g., key size) can be 
> > deployed without disrupting existing implementations; likewise, 
> > out-dated implementations can be de-commissioned without disrupting 
> > operations involving newer protocol versions.  The numbering scheme 
> > for DSKPP versions is "<major>.<minor>".  The major and 
> minor numbers 
> > MUST be treated as separate integers and each number MAY be 
> > incremented higher than a single digit.  Thus, "DSKPP 2.4" 
> would be a 
> > lower version than "DSKPP 2.13", which in turn would be lower than 
> > "DSKPP 12.3".  Leading zeros (e.g., "DSKPP 6.01") MUST be 
> ignored by 
> > recipients and MUST NOT be sent.
> > 
> > The major version number should be incremented only if the message 
> > formats or flows have changed so dramatically that an older version 
> > implementation would not be able to interoperate with a 
> newer version.  
> > The minor version number indicates new capabilities, and MUST be 
> > ignored by an entity with a smaller minor version number, 
> but used for 
> > informational purposes by the entity with the larger minor version 
> > number."
> 
> Do you envision needing minor version numbers in DSKPP? If 
> not, you could simplify the text a bit here. Also it might 
> not make sense to have text about message flows in DSKPP 
> (that might be appropriate for XMPP but not DSKPP). Perhaps 
> for you something like this is better: "only if the data 
> formats or security algorithms"...
> 
> Thanks for your attention to detail.
> 
> Peter
> 
> --
> Peter Saint-Andre
> https://stpeter.im/
> 
> 
> 
> _______________________________________________
> KEYPROV mailing list
> KEYPROV@ietf.org
> https://www.ietf.org/mailman/listinfo/keyprov
> _______________________________________________
> KEYPROV mailing list
> KEYPROV@ietf.org
> https://www.ietf.org/mailman/listinfo/keyprov
> 