[Emu] Éric Vyncke's No Objection on draft-ietf-emu-rfc7170bis-17: (with COMMENT)
Éric Vyncke has entered the following ballot position for draft-ietf-emu-rfc7170bis-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ -- COMMENT: -- I am relying on two directorate reviews for this document: https://datatracker.ietf.org/doc/review-ietf-emu-rfc7170bis-17-dnsdir-telechat-weber-2024-05-24/ by Ralf Weber https://datatracker.ietf.org/doc/review-ietf-emu-rfc7170bis-16-intdir-telechat-song-2024-05-10/ by Haoyu Song (and I have not seen any reply to Haoyu's comments). Alas, I had no opportunity to check whether all nits from https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-17.txt are false positive. ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] Éric Vyncke's No Objection on draft-ietf-emu-eap-noob-04: (with COMMENT)
Éric Vyncke has entered the following ballot position for draft-ietf-emu-eap-noob-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ -- COMMENT: -- Thank you for the work put into this document. I really like the ideas behind this OOB authentication. Please find below some non-blocking COMMENT points (**but replies would be appreciated esp around CBOR**), and some nits. Special thanks to Dave Thaler for his early IoT directorate review (and the CBOR discussion with Carsten): https://datatracker.ietf.org/doc/review-ietf-emu-eap-noob-01-iotdir-early-thaler-2020-06-12/ https://mailarchive.ietf.org/arch/msg/iot-directorate/PNi6nxtR7_1T2rxu7O49HRx5Kdg/ I hope that this helps to improve the document, Regards, -éric PS: when the ballot for this document was created, I failed to spot the DNS & IoT aspects of it, hence, the absence of INT and IoT directorates telechat reviews. == COMMENTS == Like Carsten, I am really puzzled by the lack of consideration of CBOR to replace JSON especially for a protocol aimed at constrained devices. Was this discussed at the WG level ? I was unable to read any discussion on the mail list except about the IoT directorate thread. This non-obvious choice of encoding ***should really be discussed*** in the document. -- Section 2 -- Please apply the current BCP 14 template and not the old RFC 2119 one. -- Section 3.1 -- "timeout needs to be several minutes rather than seconds" can this lead to a DoS against the server, which potentially needs to keep states for minutes ? -- Section 3.2.1 -- I am not a EAP expert, so bear with my possibly naive question, "based on the realm part of the NAI", isn't it always "eap-noob.arpa" in this case ? -- Section 3.2.2 -- What happens if the peer does not support any of the server's ciphersuite? Esp in the world of IoT where peers are old and cannot always be updated.Should there be a forward pointer to section 3.6.4 ? -- Section 3.2.3 -- Suggest to give a hint to the reader for "Hoob": is this Hash of OoB ? Same comment for "Noob". == NITS == Global nit: I prefer the use of 'octet' rather than 'byte'. -- Section 1 -- Please avoid the use of 'we' as in 'We thus do not support'. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Éric Vyncke's No Objection on draft-ietf-emu-eap-tls13-13: (with COMMENT)
Éric Vyncke has entered the following ballot position for draft-ietf-emu-eap-tls13-13: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ -- COMMENT: -- Thank you for the work put into this document. Improving EAP-TLS is indeed welcome! BTW, I left the security review to the SEC Area Directors. Please find below some non-blocking COMMENT points (but replies would be appreciated), and some nits. I hope that this helps to improve the document, Regards, -éric == COMMENTS == -- Abstract -- Should the abstract briefly talk about EAP? -- Section 1 -- Should "ietf-tls-oldversions-deprecate" be normative ? -- Section 2 -- Nicely done to have kept the same sub-section numbers with respect to RFC 5216. Kudos ! -- Section 2.1.1 & 2.1.3 & 2.1.4 -- I find "This section updates Section 2.1.1 of [RFC5216]." a little ambiguous as it the 'updated section' is not identified clearly. I.e., as the sections in RFC 5216 are not too long, why not simply providing whole new sections ? -- Section 5.9 -- What is the added benefit of this section (pervasive monitoring) compared to section 5.8 (privacy considerations)? Esp when I am afraid that pervasive monitoring is deeper in the network rather than in the access network (happy to be corrected) == NITS == None of us are native English speaker, but "e.g." as "i.e." are usually followed by a comma while "but" has usually no comma before ;-) ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Éric Vyncke's Yes on draft-ietf-emu-eaptlscert-06: (with COMMENT)
Éric Vyncke has entered the following ballot position for draft-ietf-emu-eaptlscert-06: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ -- COMMENT: -- Ending this round of IESG evaluation reviews with this document. Good choice as it is easy to read, addresses a real problem, and provides a lot of common sense/sensible suggestions. Like noted by Barry and others, I think that this document could aim for a 'higher grade' status (BCP for example); OTOH, some sections such as 4.2.3 propose protocol extensions that won't fit in a BCP or PS. Regards -éric ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Éric Vyncke's No Objection on draft-ietf-emu-eap-session-id-04: (with COMMENT)
Éric Vyncke has entered the following ballot position for draft-ietf-emu-eap-session-id-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ -- COMMENT: -- Alan, Thank you for the work put into this document. The short document is easy to read and I am trusting the security AD for the security aspects. Just wondering why there is no -03 ;-) and suggest to update errata 5011 (that is still open) Regards -éric ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Éric Vyncke's No Objection on draft-ietf-emu-rfc5448bis-07: (with COMMENT)
Éric Vyncke has entered the following ballot position for draft-ietf-emu-rfc5448bis-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc5448bis/ -- COMMENT: -- Thank you for this document. Please respond to Russ' IOTDIR review: https://mailarchive.ietf.org/arch/msg/iot-directorate/vpbPLLBpdDnbL0A-bBLSEDyRA_M ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu