Re: [stir] Éric Vyncke's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 25 June 2021 19:48 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0C863A0BC1; Fri, 25 Jun 2021 12:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.896
X-Spam-Level:
X-Spam-Status: No, score=-11.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=O3tGzjA5; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dEZfDifH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZbRhB_DpQs4; Fri, 25 Jun 2021 12:48:33 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A35823A0BB9; Fri, 25 Jun 2021 12:48:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5084; q=dns/txt; s=iport; t=1624650513; x=1625860113; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=N72KjcngvxBB1L5kfYGgj5VR4vW2gnEi1XG1xNTyI8I=; b=O3tGzjA5ybJAkp5A7/PzYPzh+dQbPycnEezHUq3n2vlXlTNLVWrCOjZL lKVszLQaTNKptZRUrPw1kcY3/jnaPZvBrMjZC1944f3kMV92QYXwtV5g8 j9EwgPgP5ZyaD8T7helHshFSf9FSjGMRxC6g7mkyc6K6+M9RMrsQe+RLj 8=;
X-IPAS-Result: A0BeAwBSMtZgl40NJK1RCYEJgypRflo3MYRIg0gDhTmIZwOBIph7gUKBEQNUCwEBAQ0BATUKAgQBAYRSAheCWQIlOBMCBAEBAQEDAgMBAQEBBQEBBQEBAQIBBgQUAQEBAQEBAQFohWgNhkUBAQEDARIREQwBATcBCwQCAQgRAwECAQICJgICAjAVBQMIAgQOBSKCTwGCVQMOIQEOnBIBgToCih96gTKBAYIHAQEGBASBSEGDHxiCMgMGgRAqgnuCcVNKgkiEGSccgUlEgRUnDBCCYD6CYgIBAoEoAQgJAgEggxc2gi6CLHEBCDYmAQMiGRAGAiA4JxkYKSgCBB9OkRSDPadECoMgiheOHoVbAgMmg1+LLpZvhSucW5M0CIR4AgQCBAUCDgEBBjWBNiJrWBEHcBU7KgGCPlAXAg6OOB6DOYUUhUpzAjYCBgEJAQEDCQF7i2YBAQ
IronPort-PHdr: A9a23:LNPRwR3FhdsugfMnsmDPS1BlVkEcU/3cIA8a6548hrkIeaOmrNzuP 03asPNqilKBHYDW8OlNhOeetaf8EXcB7pCMvDFnEtRMWhYJhN9Qk1kmB8iIWlP6I//udCExW s9FUQwt83SyK0MAHsH4ahXbqWGz6jhHHBL5OEJ1K+35F5SUgd6w0rW5+obYZENDgz/uCY4=
IronPort-HdrOrdr: A9a23:CKMwtaH2OcR+w6rgpLqFQpHXdLJyesId70hD6qkvc31om52j+f xGws516fatskdvZJkh8erwX5Vp2RvnhN1ICPoqTMmftW7dySmVxeBZnMvfKljbexEWmdQtrp uIH5IObeEYSGIK8foSgzPIVurIouP3ipxA7N22pxwGIG0aCNAD0+46MHfnLqQcfnghOXNNLu vl2iMxnUvYRZ14VLXeOlA1G8z44/HbnpPvZhALQzQ97hOVsD+u4LnmVzCFwxY3SVp0sPMf2F mAtza8yrSosvm9xBOZ/XTU9Y5qlNzozcYGLNCQi/ISNi7nhm+TFcNcsvy5zXYISdOUmQ4Xee r30kwd1gNIminsl1SO0ELQMs/boWsTAjHZuAOlaDDY0L3ErXoBerp8bMRiA0TkA45KhqAs7E qNtFjp6aa/RCmw7hgUrbLzJmJXv1vxrnw4neEJiXtDFYMYdb9KtIQauFhYCZEaAUvBmcwa+c RVfYvhDcxtAB6nhrHizyBS6c3pWm52EgaNQ0AEtMDQ2z9KnGphx09dwMAEhH8P+J80VpEBvo 3/Q+pVvaALStVTYbN2Be8HT8fyAmvRQQjUOGbXJVj8DqkIN3/Etpay6rQo4+OhfoAO0fIJ6d v8uZNjxCUPkmfVeIyzNbFwg2fwqVSGLHzQI5tlluxEU5XHNczW2AO4OSUTr/c=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,299,1616457600"; d="scan'208";a="712967059"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Jun 2021 19:48:31 +0000
Received: from mail.cisco.com (xbe-aln-004.cisco.com [173.36.7.19]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 15PJmVW6011377 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 25 Jun 2021 19:48:31 GMT
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xbe-aln-004.cisco.com (173.36.7.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 25 Jun 2021 14:48:31 -0500
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Fri, 25 Jun 2021 14:48:31 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Fri, 25 Jun 2021 14:48:31 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MXndKjHOQQo7hMFY5QcxzyfFYbGuO4w+Z7b7wYAlrwwjdNbPSAX3HXGzAFcOun0GjEyl1FKx/AQivKx8nHVFFel7ZvTLnEGaLIfd0iyQEmCRyZDgKhJ1/ui/HsYVFsBicGtT1wVXhpLtAtZOZMamPTorAaFedioa1jCB0qOyXi26998KX+R3b771b+v8hNOhoSPXua+t46w6fuBAtBKSwsmCxAUuAnv50HbrjZenenU/K3z4eL1YHddBzpik1bf7aCBuBtxGeTDHZPnklYRfdKRCJF2g2uh+Aa2xKF9djUJfvZjNpjF6JNiUJ93kB1BNcTQxsxWGXlZ0MORxmwcoAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N72KjcngvxBB1L5kfYGgj5VR4vW2gnEi1XG1xNTyI8I=; b=NCgxfvGCU1hY4M0b4TIn/Zj+78yGgRQKBDIcrs8AaAP5BmtgAjKL1o/5tPuEkZiT5OUcgWmnt9no9JajyzsXjTMFBc3G4RgUhQMZW8573+KhJhgUXp7AZ6hKSI752qZj+IBTx0+1EHhygqSWoNsoqpR9FAJRnosYtYG9R923Ult6pkK7s5mJjqEzVejtyhY2FZtFuATjGBRhLPy7WnBP7+AadfUPz9/UtXGp34LBpKgQMVn9qnNmrwjG9tHdRmVeGjpaxPN8RrsFw5Z0lmr0FuktEonrB35OXNkUC0Orn6w/546zS0m9/pi38rnkEJKj/2gscJpnx1N94Cp2nca2cA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N72KjcngvxBB1L5kfYGgj5VR4vW2gnEi1XG1xNTyI8I=; b=dEZfDifHeDzZz0F814GNuLBPTbObFNoDIHTel1xZxxEWDZv1tRBb56QHamTW93/hT5zu6lN7qqS8NVw9fdjTwcUzUrsW1e7m9RIMBAlZyoBpvVlQd00gR799x3bS1QF9sR0PiDgGTwb6p5IXos7d2u/KQ8mdo592Fip8o2XfJjk=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5062.namprd11.prod.outlook.com (2603:10b6:510:3e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Fri, 25 Jun 2021 19:48:24 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::6d61:c160:def1:bc64%3]) with mapi id 15.20.4264.023; Fri, 25 Jun 2021 19:48:24 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Russ Housley <housley@vigilsec.com>
CC: IESG <iesg@ietf.org>, IETF STIR Mail List <stir@ietf.org>, Robert Sparks <rjsparks@nostrum.com>, Ben Campbell <ben@nostrum.com>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)
Thread-Index: AQHXadOCPKvHqIJcHkuJ5ob/iJYuw6sk1zqAgABsxAA=
Date: Fri, 25 Jun 2021 19:48:24 +0000
Message-ID: <82181000-4031-4C7C-BC91-9B1620340A9A@cisco.com>
References: <162463348978.18066.15281632456213641582@ietfa.amsl.com> <AF7A5C08-16F4-43D4-922E-BACE63C3EC03@vigilsec.com>
In-Reply-To: <AF7A5C08-16F4-43D4-922E-BACE63C3EC03@vigilsec.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a02:578:8557:600:c9e6:c35f:1070:9f52]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 34fd36ba-918d-4217-4bd1-08d9381231ed
x-ms-traffictypediagnostic: PH0PR11MB5062:
x-microsoft-antispam-prvs: <PH0PR11MB5062357578FC80FDE51F89C8A9069@PH0PR11MB5062.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cuGvwmnZec6vZZRC967OxjsXWt2zygeYGR6DucIWth1oKmPwcr3BiAwTbKfCHY4v4S4qpudpE1sqmxsUU4vkMwajZPabA/oQebc7X9yGo3qZjwcp0V0Tjp5NofDzU2E019C8nBznH+ELGT3DBGMz9qgzoIFQEuj1jvj3M4jpU/pHqPysZFMth/5WV2e6WNMHWXcQpt2CXeL2l3HV2/FN19v2i49jU1ns0UkpYzTsWYCtqLt4WVlX8XY3PriZgjI1esi9RYRfWS5OqDHAbEI3OnYMgdKNHi+zLqgqctuqC9y3knPmyKqYnmz4G390PWM6zStz+yF53XF8LXo/J0cOgrdBxEQ9ZACFuV9GObfgvQ5fYPRF9ISYLC+wg+rkP/P5IBsJ5QzT/rNj2oIXGkZp2u+CH1SbjoafT3/FUuIUdR6YkVlEgLLt4dgPdKsR4Ns0pwKtBxZKl/K01anJhu4k/VCCdqN//PhwEuI8YaILtuZed13mRXIIb9GQ0KErF5xTomwxZ7wLhorc/yR2fJ3YIULEcLXhRnnm7HDm99ML5yPO1BJAp+/Sy5FQQPC//JXSw0QR75LE51vrBy7dB5TaB0zY/hHPaz1D0d2H5pNNRiU2nSHYU5ZeeSkZfFe6SlrFMuB+HIgm/5Ii3dYXluCeskvKX1BnaTKAF6xuMuhxFZJGbKfQY8R0deuq5loBFNB7q3hOrcdihcDF8sXOjVP3GzklkRINrSFiP5vP3m36etcQJBDdHSSPoI/u8gSU32COMj+3ihce+G5/4R6rnupozTc4i08eKLhZp1LUKJY8mtbCFIYDD/LqijekYxfbyKQx
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(376002)(136003)(346002)(39860400002)(316002)(6512007)(91956017)(76116006)(66946007)(6486002)(66556008)(66476007)(4326008)(64756008)(66446008)(71200400001)(966005)(224303003)(122000001)(8936002)(6916009)(186003)(54906003)(38100700002)(6506007)(478600001)(5660300002)(2906002)(53546011)(2616005)(33656002)(36756003)(86362001)(83380400001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qMsBUvxKsXsggSeKninMPTDkcsyM92hV6hkH0zmW2bNvKSGeiSCTLskInEYBQrf6yEHbHt8S/0X5D7PppRiPvLtWBQlginU/+r8kxHPoqs1TEXgHGNtEF8lsHGHi8OcC+kJR6S/06FHEcrp5PWSUOrKQ1H2vSkzGdFBm5Oid6nWkE6ZCoLE6a1bI96/jvija+k35pHWYg+S2xFtM5exJOYBRH3yErUBYqyB3Afgr9dQU294WPT3KcYzUUMzSqltxKeMT5RelK+vVNE+9bjchiWG2WaP+OMC6HpfkcUskItWvY5LuJVPwowMm9g6t1xl3I79oE0cWjrDRCADzw+bn7CMK1k1Qx72JubeFk17IFe/KPYqUKzLbrbdIsd9V1QvYt4XDvElZEYvX2S2YcGd4eaK9O0M/9lxcPVpv+Sy2HiqivBkGqaFn/Gnn9jb1C2RDnMiPswTpqapRgjM3rnYZBltyvvH5ghFh9ao7Xahyw23sW2tye0L1llo0jPfCxiuask89+KhINwesAPMH68zI145KurBs4XLmhXNga/s08P8yKM9Wt8ZKRSuEa+vNT50DsfHRETOMPBNhubDaNniKhEO3DSugBgkYlkm5iQp5Z44C4gyFib3a6umgzGYxZECNMA/pAR5Rb/7lelQ9B6DQzA+sLbjQ2/ZyOH+5dBCpVxORq/vEQlqmuvVpDUkJGQSgq/hNOIA0bHZ/bHc4/zbRvi8EZuXP0LYMKEC9XXW5vUuRnZ82Jac/NltqRNrro+UE11aerF978oCqd0RES4J5ka9RK1OVDUrblP1NxztwL6pQIxN+BUa1qY+3yVv4dKK+CIBmCa1pNXE2Okj3B+7l6s6qof68lGeLx38zwpQLaTX88yR+mYtJ09oebwygFZJFKEmSyGewu/Etzr45Kyhx5MGwopuWuNB0dsQqDT47ajg8WtFC8nvSI11NmGtrwC0+rj9kiL0p9TnYLgZ/J3KrbU1uD6J91biT8jiyozxw+urmQ8rpTu36RJ6NqLhHxGnb/Rz5PqvIhxiVqT0dTJzXBdHSMEL0bOHfQFgvX6Pe4bp+CQzKne03Tq8b8uJTfwH77blHnvx9czVodgoS8XUvJuI4iiN2iQ+OFSeAb4SdQ1N0F3hTO1zhi6uPbiX/mr8EIBXDnDi2a4uvZ/sLMIgE3OAL5iPqSTRNrxkxE0wDkPgdGVzRa8wVXU4lLDtx88O8M3aKdZ+ZL0oWkh2UHGb8177DCeYPlmC2Lr2Z1TVTIg5xq8IaBOznlNvb9uGaS2Ll7JaZ22wPGw9Ctls+u7u63u9LgwaYxoLxoDlbbEtHDF1UJEu6RsoXccfJD3BH7SvjBFMF6XP7oMKGxX3a3IZ8YuuBENMOIEPB4/eXGaxj2RrCkMRKClu5jxL+e4oNWzgJ32PqWatthLnmz50vOikvkg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <7852E84166EDB04484E86CD0EBC547A2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 34fd36ba-918d-4217-4bd1-08d9381231ed
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jun 2021 19:48:24.6722 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xQIpEJQBMwM9e51aHWsm2q4z3UvOYNLez13ReOnVAaOIA3NUDnj7qhhlSM2/GEw35T8WhUQzBw2jRisa3RKPsA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5062
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.19, xbe-aln-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/gs7HZDA2hUfVoiqd9Tjw-92V-sQ>
Subject: Re: [stir] Éric Vyncke's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2021 19:48:39 -0000

Hello Russ

The updated abstract is more readable for me. Thank you.

And fair enough for the remaining comments

Regards

-éric

-----Original Message-----
From: Russ Housley <housley@vigilsec.com>
Date: Friday, 25 June 2021 at 17:19
To: Eric Vyncke <evyncke@cisco.com>
Cc: IESG <iesg@ietf.org>, IETF STIR Mail List <stir@ietf.org>, Robert Sparks <rjsparks@nostrum.com>, Ben Campbell <ben@nostrum.com>
Subject: Re: Éric Vyncke's No Objection on draft-ietf-stir-enhance-rfc8226-03: (with COMMENT)



    > On Jun 25, 2021, at 11:04 AM, Éric Vyncke via Datatracker <noreply@ietf.org> wrote:
    > 
    > Éric Vyncke has entered the following ballot position for
    > draft-ietf-stir-enhance-rfc8226-03: No Objection
    > 
    > When responding, please keep the subject line intact and reply to all
    > email addresses included in the To and CC lines. (Feel free to cut this
    > introductory paragraph, however.)
    > 
    > 
    > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
    > for more information about DISCUSS and COMMENT positions.
    > 
    > 
    > The document, along with other ballot positions, can be found here:
    > https://datatracker.ietf.org/doc/draft-ietf-stir-enhance-rfc8226/
    > 
    > 
    > 
    > ----------------------------------------------------------------------
    > COMMENT:
    > ----------------------------------------------------------------------
    > 
    > Thank you for the work put into this document.
    > 
    > Please find below some non-blocking COMMENT points (but replies would be
    > appreciated).
    > 
    > I hope that this helps to improve the document,
    > 
    > Regards,
    > 
    > -éric
    > 
    > == COMMENTS ==
    > 
    > -- Abstract --
    > "This document updates RFC 8226 to define an additional way that the JWT claims
    > can be constrained" at first sight, it is unclear whether the change adds a
    > constraints or present another set of constraints (may be it is being
    > non-ENglish native issue...) The introduction clarifies the ambiguity but the
    > abstract should stand alone.

    Does this updated Abstract resolve your non-blocking concern?

       RFC 8226 specifies the use of certificates for Secure Telephone
       Identity Credentials, and these certificates are often called "STIR
       Certificates".  RFC 8226 provides a certificate extension to
       constrain the JSON Web Token (JWT) claims that can be included in the
       Personal Assertion Token (PASSporT) as defined in RFC 8225.  If the
       PASSporT signer includes a JWT claim outside the constraint
       boundaries, then the PASSporT recipient will reject the entire
       PASSporT.  This document updates RFC 8226; it provides all of the
       capabilities available in the original certificate extension as well
       as an additional way to constrain the allowable JWT claims.  The
       enhanced extension can also provide a list of claims that are not
       allowed to be included in the PASSporT.

    > -- Section 3 --
    > Suggest to be consistent with the use of double quotes in <to the iat, orig,
    > and dest claims.  The baseline PASSporT claims ("iat", "orig", and "dest")>.

    This was raised during Last Call, and the current quotes are consistent with RFC 8225 and RFC 8226.

    > -- Section 7 --
    > Wondering whether a reference to RFC4949 is required for "renewal".

    Someone asked to a reference at some point along the way.  There are other early documents from the PKIX WG that also define the term, but RFC 4949 seemed to have the least baggage.

    Russ