Hi Carsten, I like your proposals! I changed a "define" to "specify" to remove some repetition, so finally the text change would be the following:
OLD: There may be use cases were different profiles of this framework are combined. For example, an MQTT-TLS profile is used between the client and the RS in combination with a CoAP-DTLS profile for interactions between the client and the AS. The security of a profile MUST NOT depend on the assumption that the profile is used for all the different types of interactions in this framework. NEW: There may be use cases where different transport and security protocols are allowed for the different interactions , and, if that is not explicitly covered by an existing profile, it corresponds to combining profiles into a new one. For example, a new profile could specify that a previously-defined MQTT-TLS profile is used between the client and the RS in combination with a previously-defined CoAP-DTLS profile for interactions between the client and the AS. It is REQUIRED of the new profile to specify the combination and to make sure interoperability and security properties are achieved. A profile MAY want to prepare for being combined with others by clearly specifying its security requirements. Francesca On 05/07/2021, 16:36, "Carsten Bormann" <c...@tzi.org> wrote: On 2021-07-05, at 16:15, Carsten Bormann <c...@tzi.org> wrote: > > The last sentence is kind of obvious (I hope that the same applies to non-combined profiles), but Section 6.7 is short, so a little superfluity does not hurt. In offline communication, I have been reminded that adding this sentence would appear to be appropriate :-) NEWNEWNEW: A profile MAY WANT TO prepare for being combined with others by clearly specifying its security requirements. (Using an RFC 6919 keyword.) I wish I didn’t have the strong feeling that this sentence may actually be required. Grüße, Carsten _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace