Hi Éric, sorry for the delayed reply. Please find our comments inline.
Grüße Olaf On 2021-03-23, Éric Vyncke via Datatracker <[email protected]> wrote: > Éric Vyncke has entered the following ballot position for > draft-ietf-ace-dtls-authorize-16: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ace-dtls-authorize/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for the work put into this document. > > Please find below some non-blocking COMMENT points (but replies would be > appreciated), and some nits. > > I hope that this helps to improve the document, > > Regards, > > -éric > > == COMMENTS == > > Is there any reason to use DTLS 1.2 while the document DTLS 1.3 is on > the same > IESG telechat ? I understand that they are from different WG but this > may not > be the most efficient to specify a protocol using DTLS. At some point, the WG has decided to pursue standardization for DTLS 1.2 first and specify the use over DTLS 1.3 later in a separate document. The reason is that DTLS 1.2 has been widely deployed in current lightweight DTLS libraries that are available in current IoT platforms. In general, this specification would also apply to DTLS 1.3. Do you think that we should clarify this in the introduction? For example: OLD: In this profile, a client and a resource server use CoAP {{RFC7252}} over DTLS version 1.2 {{RFC6347}} to communicate. NEW: In this profile, a client and a resource server use CoAP {{RFC7252}} over DTLS version 1.2 {{RFC6347}} to communicate. This specification uses DTLS 1.2 terminology but later versions such as DTLS 1.3 can be used instead. > -- Section 3.1 -- > Has the "resource owner (RO)" been defined earlier ? The ACE framework uses terminology from OAuth 2.0, including the resource owner. The DTLS profile uses ACE framework terminology (see section 2). Does that suffice? > -- Section 3.2.2 -- > The wrong selection of RPK recovery is unclear to me. What happens if the > client does not have the right public key ? The client may try to re-request the access token. If this fails, the client should re-register with the AS. We added text to section 3.2.2 to clarify this situation. > == NITS == > > Sometimes it is "Raw Public Keys", or "RPK" or "RawPublicKey"... Is it on > purpose to use 3 different writings for possibly the same concept? fixed: replaced rawpublickey with Raw Public Key _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
