Early Review of draft-ietf-rats-msg-wrap-04
review-ietf-rats-msg-wrap-04-iotdir-early-sethi-2024-05-26-00
| Request | Review of | draft-ietf-rats-msg-wrap |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Early Review | |
| Team | Internet of Things Directorate (iotdir) | |
| Deadline | 2024-05-24 | |
| Requested | 2024-04-25 | |
| Requested by | Kathleen Moriarty | |
| Authors | Henk Birkholz , Ned Smith , Thomas Fossati , Hannes Tschofenig | |
| I-D last updated | 2024-05-26 | |
| Completed reviews |
Iotdir Early review of -04
by Mohit Sethi
(diff)
|
|
| Comments |
The RATS working would appreciate early review of this draft in order to address comments while in the working group. Your reviews and contributions are very much appreciated to improve the quality of the document. |
|
| Assignment | Reviewer | Mohit Sethi |
| State | Completed | |
| Request | Early review on draft-ietf-rats-msg-wrap by Internet of Things Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/iot-directorate/swbJGXmkA-WxM5Tr5HCCLlB8wHY | |
| Reviewed revision | 04 (document currently at 06) | |
| Result | Almost ready | |
| Completed | 2024-05-26 |
review-ietf-rats-msg-wrap-04-iotdir-early-sethi-2024-05-26-00
I am the assigned IoT-Directorate reviewer for this draft. Review result: Almost ready. Some minor comments: * Section 4: Perhaps expand what is CoRIM and add a reference to https://datatracker.ietf.org/doc/html/draft-ietf-rats-corim-04 * Section 5 and 5.1: It would be helpful for readers if a short use-case explaining when CMW would be transported in CRLs could be provided. While I can guess why a CMW would be in a CSR, I could not immediately understand when a CMW would be part of a CRL. Similarly, it would be helpful to explain where and how the ASN.1 module will be used. I assume it is relevant for cases where a certificate containing a CMW extension is passed around? * Section 5.2: I wonder about the consequences of having two different CMW specifications: one by the Trusted Computing Group (TCG) and the other in this draft. I downloaded the TCG specification and found a reference to this draft. Would it be possible for future versions of the TCG specification to reuse this draft rather than creating a subset? Also, this draft states that the "CMW extension" "MUST NOT be marked critical," whereas the TCG specification states that the "tcg-dice-conceptual-message-wrapper extension criticality flag SHOULD be marked critical." In summary, I wonder if these specifications can somehow be synchronized. Section 7: Please expand UCCS on first use: unprotected CWT Claims Sets (UCCS). Note: I haven't verified the CDDL, CBOR, and JSON for correctness via tooling, but they looked fine while reading.