Hi Roman, Thank you for the review and your comments. We provided some inline responses to your comments.
Best regards Steffen > -----Original Message----- > From: Roman Danyliw via Datatracker <[email protected]> > Sent: Tuesday, September 3, 2024 4:33 PM > To: The IESG <[email protected]> > Cc: [email protected]; [email protected]; [email protected]; > [email protected]; [email protected] > Subject: Roman Danyliw's No Objection on draft-ietf-anima-brski-ae-12: (with > COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-anima-brski-ae-12: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to > https://www.ietf.org/ > %2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot- > positions%2F&data=05%7C02%7Csteffen.fries%40siemens.com%7C8ca179de023 > 2432c33cb08dccc255865%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0% > 7C638609707974115039%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata > =MtBzRP0%2BdrGu5FQmhh0GcMsL4EA42ixbUmunxgIvaTE%3D&reserved=0 > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.i/ > etf.org%2Fdoc%2Fdraft-ietf-anima-brski- > ae%2F&data=05%7C02%7Csteffen.fries%40siemens.com%7C8ca179de0232432c3 > 3cb08dccc255865%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6386 > 09707974129035%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIj > oiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=4%2FL > dsz0n5LfbZilh9sBXZqMl%2FQ3pBZi8Y7YHd%2B9MJ9w%3D&reserved=0 > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Meral Shirazipour for the GENART review. > > ** Section 4.2.1 > As a more general solution, the BRSKI discovery mechanism can be > extended to provide up-front information on the capabilities of > registrars. Future work such as [I-D.eckert-anima-brski-discovery] > may provide this. > Does it make sense to reference and promise work on an individual, expired > I-D? [stf] That part needs an update, as meanwhile the BRSKI-Discovery has been accepted as WG item and is further advanced. Therefore the following proposal for a replacement is made: OLD Future work such as [I-D.eckert-anima-brski-discovery] may provide this. NEW Defining such discovery extensions is out of scope of this document. For further discussion, see [I-D.ietf-anima-brski-discovery]. > > ** Section 7 notes that the Security Considerations of RFC8995 apply. What of > the privacy consideration of RFC8895 (Section 10)? Do they apply or need any > refinement (e.g., Section 10.2)? [stf] We did not explicitly include a section regarding privacy considerations but could do that essentially stating: NEW Privacy Considerations In general, the privacy considerations of [RFC8995] apply for BRSKI-AE too. For the communication between the registrar and a backend PKI, additional protection means of the certificate management communication can be provided, if the chosen protocol does not offer this, e.g. CMP. Protection means in this case may be (D)TLS." This also counts for the reference to 10.2 as here mainly the interaction between the Pledge and the Registrar is addressed. From the exchanged data objects BRSKI-AE does not make changes to the BRSKI approach and also uses the underlying TLS connection to exchange these data objects. This leads to the same considerations as stated in 10.2. > > _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
