[Rats] Iotdir early review of draft-ietf-rats-msg-wrap-04

Mohit Sethi via Datatracker <noreply@ietf.org> Sun, 26 May 2024 11:05 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: rats@ietf.org
Delivered-To: rats@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E0D4CC14F69C; Sun, 26 May 2024 04:05:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Mohit Sethi via Datatracker <noreply@ietf.org>
To: iot-directorate@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171672152590.50074.8948628412360950443@ietfa.amsl.com>
Date: Sun, 26 May 2024 04:05:25 -0700
Message-ID-Hash: HYPVBALWOBOSB3KJQLHK6FTX67G7EUTD
X-Message-ID-Hash: HYPVBALWOBOSB3KJQLHK6FTX67G7EUTD
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-rats-msg-wrap.all@ietf.org, rats@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Mohit Sethi <mohit@iki.fi>
Subject: [Rats] Iotdir early review of draft-ietf-rats-msg-wrap-04
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/w7_wMuRenwMbTTmc9l_qMayRF44>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

Reviewer: Mohit Sethi
Review result: Almost Ready

I am the assigned IoT-Directorate reviewer for this draft.

Review result: Almost ready.

Some minor comments:

* Section 4: Perhaps expand what is CoRIM and add a reference to
https://datatracker.ietf.org/doc/html/draft-ietf-rats-corim-04

* Section 5 and 5.1: It would be helpful for readers if a short use-case
explaining when CMW would be transported in CRLs could be provided. While I can
guess why a CMW would be in a CSR, I could not immediately understand when a
CMW would be part of a CRL. Similarly, it would be helpful to explain where and
how the ASN.1 module will be used. I assume it is relevant for cases where a
certificate containing a CMW extension is passed around?

* Section 5.2: I wonder about the consequences of having two different CMW
specifications: one by the Trusted Computing Group (TCG) and the other in this
draft. I downloaded the TCG specification and found a reference to this draft.
Would it be possible for future versions of the TCG specification to reuse this
draft rather than creating a subset? Also, this draft states that the "CMW
extension" "MUST NOT be marked critical," whereas the TCG specification states
that the "tcg-dice-conceptual-message-wrapper extension criticality flag SHOULD
be marked critical." In summary, I wonder if these specifications can somehow
be synchronized.

Section 7: Please expand UCCS on first use: unprotected CWT Claims Sets (UCCS).

Note: I haven't verified the CDDL, CBOR, and JSON for correctness via tooling,
but they looked fine while reading.