Hi Christer,
https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-09 has been
published, which addresses your review comments in the ways proposed below.
Thanks again for your review!
-- Mike
From: Mike Jones
Sent: Wednesday, October 16, 2019 12:40 PM
To: Christer Holmberg <[email protected]>; [email protected]
Cc: [email protected]; [email protected];
[email protected]
Subject: RE: Genart last call review of
draft-ietf-ace-cwt-proof-of-possession-08
Thanks for your review, Christer. Replies are inline, prefixed by "Mike>"…
-----Original Message-----
From: Christer Holmberg via Datatracker
<[email protected]<mailto:[email protected]>>
Sent: Friday, October 4, 2019 10:44 AM
To: [email protected]<mailto:[email protected]>
Cc:
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>
Subject: Genart last call review of draft-ietf-ace-cwt-proof-of-possession-08
Reviewer: Christer Holmberg
Review result: Ready with Issues
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team
(Gen-ART) reviews all IETF documents being processed by the IESG for the IETF
Chair. Please treat these comments just like any other last call comments.
For more information, please see the FAQ at
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fgen%2Fwiki%2FGenArtfaq&data=02%7C01%7CMichael.Jones%40microsoft.com%7C4ffc136d2e014bc995db08d748f27b79%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637058078607739810&sdata=Lusqkbg276AKiI%2Fd5MNEMGYKLcP3y%2FfrHP5L1u6UqYw%3D&reserved=0>.
Document: draft-ietf-ace-cwt-proof-of-possession-08
Reviewer: Christer Holmberg
Review Date: 2019-10-04
IETF LC End Date: 2019-10-09
IESG Telechat date: Not scheduled for a telechat
Summary: For most part the document is ready, but I have a few editorial
comments and an issue.
Major issues: N/A
Minor issues:
The text says in the Security Considerations that one must ensure that the
might not understand the "cnf" claim, and that applications must ensure that
receivers support it.
Q1: How are you going to ensure that, and why do you have to ensure that? RFC
8392 doesn't even seem to require that one must ensure that the receivers
support CWT.
Mike> I agree that this text isn't actually actionable. I propose that we
simply delete it.
Q2: For receivers that do support CWT, RFC 8392 says that unsupported claims
must be discarded. If that can't be applied for "cnf" I think you need to
explain why.
Mike> The RFC 8392 requirement does apply. This is also aligned with the text
in 3.1, so I don't think there are any changes needed to the spec for this.
Nits/editorial comments:
Q_ED_1: Please use [RFC8392] instead of [CWT] when referencing to RFC 8392.
Mike> OK – will do.
Q_ED_2: Shall CBOR be enhanced on first occurrence (in the Abstract or
Introduction), or is it on the list of well-known abbreviations?
Mike> I’d be glad to expand it to enhance readability.
Q_ED_3: Add a reference for CBOR map on first occurrence.
(I was looking in RFC 7049, and while it mentions maps in many places I could
not find a proper definition for "CBOR map")
Mike> Sure. I can add a reference to Section 2.1 of RFC 7049.
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
