Re: [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you Carsten for this review of indeed a very special I-D.

I have used your IoT directorate review to enter my ballot.

Regards

-éric

-----Original Message-----
From: last-call <last-call-bounces@xxxxxxxx> on behalf of Carsten Bormann via Datatracker <noreply@xxxxxxxx>
Reply-To: Carsten Bormann <cabo@xxxxxxx>
Date: Tuesday, 20 October 2020 at 00:05
To: "iot-directorate@xxxxxxxx" <iot-directorate@xxxxxxxx>
Cc: "last-call@xxxxxxxx" <last-call@xxxxxxxx>, "draft-ietf-cose-x509.all@xxxxxxxx" <draft-ietf-cose-x509.all@xxxxxxxx>, "cose@xxxxxxxx" <cose@xxxxxxxx>
Subject: [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07

    Reviewer: Carsten Bormann
    Review result: Ready with Issues


    First, I would like to express my gratitude to Jim Schaad for having
    done this work (and all the work that led up to making this work
    possible).

    The draft fills a gap where COSE is being used in conjunction with
    infrastructure employing X.509-based validation of keys.  JOSE defined
    the necessary parameters right away, while the use case for COSE was
    less clear initially.

    One criticism might be that the draft does not speculate on how
    constrained devices could share tasks that need to be performed in
    this use case with trusted less-constrained devices -- there are
    probably infinite ways of doing so, and the ones actually to be used
    should rather be discussed in the protocols that govern the
    constrained--less-constrained communication.

    The draft is ready with issues.

    ## Major

    Section 1:

    The draft points to examples to be found in the github repository
    https://github.com/cose-wg/Examples -- these are not in there.
    Either these examples need to be added or this sentence deleted.

    ## Minor

    Section 2:

    I'm not sure what "certificates of a chain length of..." actually
    means -- the chain length is not an intrinsic property of a
    certificate, but a function of what the application's roots are.
    Maybe rephrase:

       These rules apply when the validation succeeds in a single step as
       well as when certificate chains need to be built.

    The draft uses the term "bag" for what is meant to be a set.
    Maybe stick with the "x5bag" parameter name and the prose "certificate
    bag", but when saying what it is, say that it is a set.

    ## Nits

    https://github.com/cose-wg/X509/pull/28



    -- 
    last-call mailing list
    last-call@xxxxxxxx
    https://www.ietf.org/mailman/listinfo/last-call

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux