Hi, I think that could work for me. If the changes address the initial concerns, we may publish these changes in the coming days.
Yours,. Daniel ________________________________ From: Stefanie Gerdes <[email protected]> Sent: Wednesday, February 17, 2021 8:51 AM To: Daniel Migault <[email protected]>; Daniel Migault <[email protected]>; Francesca Palombini <[email protected]> Cc: Göran Selander <[email protected]>; Russ Mundy <[email protected]>; Olaf Bergmann <[email protected]>; [email protected] <[email protected]> Subject: Re: [Ace] secdir review of draft-ietf-ace-dtls-authorize-14 Hi Daniel, On 02/16/2021 04:53 PM, Daniel Migault wrote: > Section 5: > OLD > "Profiles MUST specify a communication security protocol that provides > the features required above." > NEW > "Profiles MUST specify at least one communication security protocol that > provides the features required above." > > <mglt> > I have the impression that with MUST specify one expects a mandatory protocol > to be provided. Would the following text be acceptable ? > > NEW2: > "Profiles RECOMMENDs at least one communication security protocol that > provides the features required above." > </mglt> I don't understand it like that but I see your point. But I think "RECOMMENDS" leaves too much wiggle room :). The profiles could then omit the protocols completely, which I think is a bad idea. Implementers should have at least one example how the communication between C and AS is protected. Since we don't provide it in the framework we must have it in the profiles. How about: NEW3: "Profiles MUST specify at least one communication security protocol that provides the features required above as an example how the respective communication can be secured." Viele Grüße Steffi
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
