inline w/ [DC] On Sat, Dec 27, 2025 at 12:16 PM Michael Richardson <[email protected]> wrote:
> > Deb Cooley <[email protected]> wrote: > > Here are my comments on this draft. There is one that has broader > > implications (*). I'd like to see this addressed by the working > group > > (specifically, why is there a need for multiple attestation > challenges). > > My long-standing comment is that this document is slightly mis-named. > I'm not sure if you asking why this document permits multiple (ACME) > challenges, or why there is more than one document with the name > "Attestation" in the title. > > I would have called this document something like: > "Device Hardware Identifiers" > > The process described has nothing to do with RFC9334 or DICE or TCG! > > To me, this is akin to recording the Vehicle Indentification Number (VIN) > as > part of a bill of sale or while applying for insurance. The VIN won't > tell > you who *owns* the car [or if it passed a safety/emission test], but it > will > tell you if the insurance slip [or emission test results] I show the police > is really for that vehicle, or for my *other* F-150^WVolkswagon Diesel. > [DC] well, it can still be done. Certainly drafts have changed their titles while in IESG evaluation. > > > Also, I recognize that I'm posting these during the holidays. I > certainly > > don't expect authors to respond until after the new year. > > :-) > > > *Section 1, last para: I am assuming that the authors believe the > rats > > work is substantially far into the future? (Or why would we publish > the > > challenge device-attest-01 if the rats work would replace it?). > With any > > 'SHOULD' one needs to outline when one might ignore the SHOULD. > > It won't replace it, it might complement it. > [DC] Then the draft needs to state that. And SHOULD at that point seems... odd. > > > Section 7.3: What is the bullet 'Change Controller' meant to > accomplish? > > It tells IANA who can update this entry. > [DC] We can certainly ask IANA, but all the registries listed are pre-existing acme entries with various RFCs as the references. There is no place (that I can see) for what you have described (certainly registries like media types have structures like you allude to, but the acme registries do not). > You might benefit from reading my email at: > https://mailarchive.ietf.org/arch/msg/rats/zu3Mqm-FOm2pAi1GymfDVHey-7s/ > > -- > ] Never tell me the odds! | ipv6 mesh > networks [ > ] Michael Richardson, Sandelman Software Works | IoT > architect [ > ] [email protected] http://www.sandelman.ca/ | ruby on > rails [ > > > -- > Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > >
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
