Hi Francesca, On Tue, Jul 12, 2016 at 10:14 AM, Francesca Palombini < [email protected]> wrote:
> Hi Marco, > > > > Thank you so much for an extended review! I agree with all your comments > and I think they will improve the readability of the draft. > > I just have a question for 1): > > > > We introduce the use of COSE objects already in Section 1. Introduction, > in the last paragraph of page 3 (“OSCOAP builds on CBOR Object Signing and > Encryption (COSE) …”). Was there a reason why you wanted it mentioned in > the Object Security option section, specifically? > I suggested that just for the sake of readability. The COSE object is introduced in Section 1, but then I thought about a reader starting directly from the actual specification in Section 2, where the COSE object "suddenly reappears" at the end of page 5, and is of course detailed only later in Section 5. This is why I believe it would be good to quickly mention again the usage of COSE objects at the beginning of Section 2, just from a high-level perspective as in the Introduction and also pointing to Section 5 for further details, so better preparing the reader for the 2-element bullet list at the end of page 5. Best regards, Marco > > > Best, > > Francesca > > > > > > *From:* Marco Tiloca [mailto:[email protected]] > *Sent:* den 11 juli 2016 16:11 > *To:* Francesca Palombini <[email protected]> > *Cc:* [email protected]; [email protected]; [email protected] > *Subject:* Re: [Ace] FW: New Version Notification for > draft-selander-ace-object-security-05.txt > > > > Hello Francesca and all, > > I have reviewed this last version and I believe it is in a very good shape! > > Please, find below some suggestions for minor changes/updates. > > Best regards, > /Marco > > ---------------------------- > > 1) In Section 2, I would refer the usage of a COSE object as soon as > possible, rather than at the end of page 5 where you describe how to > prepare the protected CoAP message. For instance, the very first sentence > in Section 2 can be followed by something like: "This is achieved by means > of a COSE object included in the protected CoAP message, as detailed below". > > 2) In Section 2 (page 5), I would move the sentence "An endpoint receiving > [...] treat it as malformed and reject it." at the end of the first element > of the bullet list below, since it concerns CoAP messages with payload. > > 3) Following the same reasoning of point 2), I would extend the second > element in the dotted list at the end of page 5 with: "An endpoint > receiving a CoAP message without payload, that also contains an empty > Object-Security option SHALL treat it as malformed and reject it". > > 4) Section 3.1, page 6, "The endpoint verifies the message received" --> > "The endpoint verifies the messages received". > > 5) Section 5, page 13, add "(see Section 5.1)" after "is computed from the > Plaintext", and "(see Section 5.2)" after "and the Additional Authenticated > Data (AAD)". > > 6) Section 6.2, page 16, step 1. In the last sentences about renewing the > security context on the client, it would be good to mention also that this > involves informing the server, so that it can update its own Receiver-* > parameters on its own context. > > 7) Section 6.2, page 16, step 2. "Store the MAC of each fragment" --> > "Store the MAC of each last-sent fragment". > > 8) Section 6.3, page 17, step 2. "Store the MAC of each fragment" --> > "Store the MAC of each last-received fragment". > > 9) Section 6.4, page 18, step 1. In the last sentences about renewing the > security context on the server, it would be good to mention also that this > involves informing the client, so that it can update its own Receiver-* > parameters on its own context. > > 10) Section 6.4, page 18, step 2. "Store the MAC of each fragment" --> > "Store the MAC of each last-sent fragment". > > 11) Section 6.5, page 19, step 2. "Store the MAC of each fragment" --> > "Store the MAC of each last-received fragment". > > 12) Section 6.5, page 20, first paragraph. After the last sentence "DTLS > and OSCOAP can be combined", I would restate what said in Section 1 (page > 4), that is "thereby enabling end-to-end ..." > > 13) Section 6.5, page 20, third paragraph. "The use of COSE to protected > CoAP messages" --> "The use of COSE to protect CoAP messages" > > > > On Fri, Jul 8, 2016 at 9:03 AM, Francesca Palombini < > [email protected]> wrote: > > Dear CoRE, COSE and ACE members, > > We have submitted an update to the OSCOAP draft: > https://tools.ietf.org/html/draft-selander-ace-object-security-05 > > For those who don’t know, OSCOAP is an application layer security protocol > for CoAP, based on wrapping request and response messages in COSE objects > which are sent in a CoAP message exchange. > > With this version, we aimed for improved readability and we added the > blockwise functionality, as discussed during last f2f meeting. > > We are now looking for reviews. Any comment or feedback would be greatly > appreciated! > > Best regards, > Francesca > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: den 7 juli 2016 18:37 > To: Göran Selander <[email protected]>; Ludwig Seitz < > [email protected]>; John Mattsson <[email protected]>; Göran > Selander <[email protected]>; Francesca Palombini < > [email protected]> > Subject: New Version Notification for > draft-selander-ace-object-security-05.txt > > > A new version of I-D, draft-selander-ace-object-security-05.txt > has been successfully submitted by Francesca Palombini and posted to the > IETF repository. > > Name: draft-selander-ace-object-security > Revision: 05 > Title: Object Security of CoAP (OSCOAP) > Document date: 2016-07-07 > Group: Individual Submission > Pages: 36 > URL: > https://www.ietf.org/internet-drafts/draft-selander-ace-object-security-05.txt > Status: > https://datatracker.ietf.org/doc/draft-selander-ace-object-security/ > Htmlized: > https://tools.ietf.org/html/draft-selander-ace-object-security-05 > Diff: > https://www.ietf.org/rfcdiff?url2=draft-selander-ace-object-security-05 > > Abstract: > This memo defines Object Security of CoAP (OSCOAP), a method for > application layer protection of message exchanges with the > Constrained Application Protocol (CoAP), using the CBOR Object > Signing and Encryption (COSE) format. OSCOAP provides end-to-end > encryption, integrity and replay protection to CoAP payload, options, > and header fields, as well as a secure binding between CoAP request > and response messages. The use of OSCOAP is signaled with the CoAP > option Object-Security, also defined in this memo. > > > > > Please note that it may take a couple of minutes from the time of > submission until the htmlized version and diff are available at > tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace > > >
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
