Benjamin Kaduk wrote:
>> Are you asking for a forward reference to 10.2? I will add this.
>> I think that section 10.2 is pretty clear about this.
>> I don't think it's mentioned just in passing.
> It looks like the main coverage here is:
> o the identity of the device
https://tinyurl.com/y2skc9xz
Benjamin Kaduk wrote:
>> We did not resort to a YANG data model for the auditlog responses, so I
spent
>> a few minutes mystified by your complaint... then:
>> We referenced 7951 (YANG->JSON), but we should have just referenced
RFC7159 (JSON)!
>
https://tinyurl.com/y2skc9xz
Michael Richardson wrote:
>> o The subject-alt field's encoding MAY include a non-critical
>> version of the RFC4108 defined HardwareModuleName. (from [IDevID]
>> section 7.2.9) If the IDevID is stored in a Trusted Platform
>> Module (TPM), then
Apparently I only have one comment buried inline. We must be making
progress :)
On Tue, Aug 13, 2019 at 05:07:46PM -0400, Michael Richardson wrote:
>
> Benjamin Kaduk wrote:
> doc> The authentication of the BRSKI-MASA connection does not affect the
> doc> voucher-request process, as
On Mon, Aug 12, 2019 at 04:23:54PM -0400, Michael Richardson wrote:
>
> Benjamin Kaduk via Datatracker wrote:
> > Section 13.2
>
> > I think CDDL needs to be a normative reference, as does RFC 7231. RFC
> > 2473 is listed but not referenced in the text, as are RFC 2663, RFC
> >
On Mon, Aug 12, 2019 at 03:30:13PM -0400, Michael Richardson wrote:
>
> WG: there is a chunk of Security Considerations text here that I hope
> many will read.
>
>
> Benjamin Kaduk via Datatracker wrote:
> > Section 11.4
>
> > It is not entirely clear to me whether device
On Wed, Aug 14, 2019 at 10:05:13AM -0400, Michael Richardson wrote:
>
> Benjamin Kaduk wrote:
> >> domainID: The domain IDentity is a unique hash based upon a
> >> Registrar's certificate. If the certificate includes the
> >> SubjectKeyIdentifier (Section 4.2.1.2 [RFC5280]), then
On Mon, Aug 12, 2019 at 03:05:44PM -0400, Michael Richardson wrote:
>
> https://tinyurl.com/yylruorn contains a diff against -24.
>
> Benjamin Kaduk via Datatracker wrote:
> > Section 5.8.1
>
> doc>A log data file is returned consisting of all log entries
> associated
> doc>
Benjamin Kaduk wrote:
>> domainID: The domain IDentity is a unique hash based upon a
>> Registrar's certificate. If the certificate includes the
>> SubjectKeyIdentifier (Section 4.2.1.2 [RFC5280]), then it is to be
>> used as the domainID. If not, then the 160-bit SHA-1 hash