Hi Carsten,
I like your proposals! I changed a "define" to "specify" to remove some
repetition, so finally the text change would be the following:
OLD:
There may be use cases were different profiles of this framework are
combined. For example, an MQTT-TLS profile is used between the
client and the RS in combination with a CoAP-DTLS profile for
interactions between the client and the AS. The security of a
profile MUST NOT depend on the assumption that the profile is used
for all the different types of interactions in this framework.
NEW:
There may be use cases where different transport and security protocols
are allowed for the different interactions , and, if that is not explicitly
covered by an existing profile, it corresponds to combining profiles into a
new one.
For example, a new profile could specify that a previously-defined MQTT-TLS
profile is used between the
client and the RS in combination with a previously-defined CoAP-DTLS profile
for
interactions between the client and the AS. It is REQUIRED of the new
profile to specify the
combination and to make sure interoperability and security properties are
achieved.
A profile MAY want to prepare for being combined with others by clearly
specifying
its security requirements.
Francesca
On 05/07/2021, 16:36, "Carsten Bormann" <c...@tzi.org> wrote:
On 2021-07-05, at 16:15, Carsten Bormann <c...@tzi.org> wrote:
>
> The last sentence is kind of obvious (I hope that the same applies to
non-combined profiles), but Section 6.7 is short, so a little superfluity does
not hurt.
In offline communication, I have been reminded that adding this sentence
would appear to be appropriate :-)
NEWNEWNEW:
A profile MAY WANT TO prepare for being combined with others by clearly
specifying its security requirements.
(Using an RFC 6919 keyword.) I wish I didn’t have the strong feeling that
this sentence may actually be required.
Grüße, Carsten
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
