Hi Emmanuel, Thank you for the review. You may track the changes at: https://tinyurl.com/new-block-latest. Please see inline. Cheers, Med > -----Message d'origine----- > De : Emmanuel Baccelli via Datatracker [mailto:noreply@xxxxxxxx] > Envoyé : lundi 3 mai 2021 17:12 > À : iot-directorate@xxxxxxxx > Cc : core@xxxxxxxx; draft-ietf-core-new-block.all@xxxxxxxx; last- > call@xxxxxxxx > Objet : Iotdir telechat review of draft-ietf-core-new-block-11 > > Reviewer: Emmanuel Baccelli > Review result: Ready with Nits > > iotdir telechat review of draft-ietf-core-new-block-11 Emmanuel > Baccelli, 3 May 2021 > > ==== > Summary > ==== > > Many thanks for this document. In general, the spec is well written > as far as I could see. I have a few nits and suggestions (see below). > > My main question is about the use of Confirmable messages. Maybe I > missed something, but it seems to me the use of CON messages is not > recommended in the spec, but is nevertheless evoked in the spec. Is > there room for simplification, or is it considered too "radical" to > only specify the use of Q-Block with non-confirmable messages? [Med] We need to cover both CON/NON for the general interoperability and also because we use at least one CON to detect the functionality support. However, the performance benefit is only supported for NON as this is the main applicability scope. As noted in the spec, the performance benefit may also be achieved for CON but this requires NSTART and other parameters. Adjusting these parameters is out of scope. > > Details below. > > Best regards, > > Emmanuel > > ==== > Comments > ==== > > # Section 1 > > ## Second to last sentence: > "such a recommendation does not work with a flooded pipe DDoS > situation." > => an explicit ref would feel natural at this point of the text > (RFC8782 again? > Or another ref?). [Med] We can cite it again if this helps. > > ## Last sentence: > Ends a little dry. How about completing it with something similar to: > OLD: "This document introduces the CoAP Q-Block1 and Q-Block2 Options > (Section 3)" NEW: "This document introduces the CoAP Q-Block1 and Q- > Block2 Options which allow block-wise transfer to work with series of > Non-confirmable messages, instead of lock-stepping using CON > messages". > [Med] Works for us. Thanks. > # Section 3 > It would read more naturally to my eyes if you'd swap around the > section's content in the beginning (part before 3.1 begins) like > this: > - move up the overview of the Q-Block options, i.e essentially the > part > "Q-Block1 and Q-Block2 Options are designed to work in particular > with NON requests and responses..." and onwards; - gather afterwards > the bullet points summing up the advantages / limitations /drawbacks > of Q-Block options compared to the Block options. > [Med] We rearranged the text as shown in the diff. > # Section 4.1 > the first time you mention POST, PUT? FETCH, iPATCH etc., I suggest > you explicitly cite RFC8132 again. [Med] Not sure why it is needed again. > > # Section 4.3, for Response code 4.13 > "If a server receives payloads with different Request-Tags for the > same resource, it should continue to process all the bodies as it has > no way of determining which is the latest version, or which body, if > any, the client is terminating the transmission for." => since this > is a *should* and not a MUST, would it make sense to add reassuring > an implementer note on how to comply while minimzing buffer memory > requirements? Are there use cases where the server is *very* > constrained in RAM for instance (say: Class 1 devices in RFC 7228)? [Med] It is unlikely for the target DOTS case, but this is possible if the mechanism is used in other contexts. Nothing much can be done if a server cannot take a large block of data. The application design will need to look at restricting the amount of data that needs to be transferred. > > # Section 7.1 > Do I understand correctly that this configuration (all confirmable > messages for a given body) is *not* recommended? The statement "it is > expected that all requests and responses using Q-Block1 and Q-Block2 > will be Non-confirmable" is confusing at first sight, [Med] We have already updated this text for better clarity. Please see the diff. it begs the > question: why specify the configuration using CON, then? But maybe I > missed something. [Med] We need to cover it in case an endpoint elects to use CON. > > # Section 11 > If the Request-tag happens to be an outer option (or if there is a > proxy) does the above comment on section 4.3 (response code 4.13) > translate in a potential resource exhaustion vulnerability for the > server? > [Med] The text says that it is not recommended NoSec as OSCORE does not provide the outer wrapper tampering security. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
