Reviewer: Russ Housley Review result: Almost Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-anima-constrained-voucher-21 Reviewer: Russ Housley Review Date: 2023-08-20 IETF LC End Date: unknown IESG Telechat date: unknown Summary: Almost Ready Note: I did not review Sections 9, 16, 17, and 18. I did not review the Appendices. Major Concerns: Section 6.2 says: "... and MUST NOT distinguish between them." There are many different contexts that one might "distinguish" that are fine. I think you mean that the implementation MUST respond to the two in the same manner. Minor Concerns: Section 4 says: "... certain PKIX operations (such as certificate chain validation)." I do not think that "PKIX operation" has any constructive meaning. This term is used in at least two paragraphs. I suggest that discussing certification path validation and revocation checking would be more helpful to implementers. Section 4 also talks about "PKIX-less operations" in several places. Again, I do not think that this term has any constructive meaning. I suggest that you talk about the use of "raw" public keys. Section 7.3.1 repeats information that is stated other places. It is odd to have a subsection that adds nothing new. Note that this section is referenced from Section 15.4, but Section 6.1.4 also contains the information about EKU requirements. Nits: General: Pick one spelling: CoAPS or coaps. Section 1, para 4: s/optional functions. Appendix E illustrates this./ /optional functions as illustrated in Appendix E./ Section 1, para 5: s/new COSE [RFC9052] signature format/COSE [RFC9052] signature/ Section 1, para 6: s/is to be protected/is protected/ (two places) Section 4, para 4: s/vouchers, only the a new signature/vouchers; however, a signature/ Section 6.1.4, last para: s/have the E/contain the E/ (two places) Section 6.4.1, para 6: s/fail anyway)/fail anyway.)/ Section 8.2, para after the numbered list: s/using less crypto operations/using fewer cryptographic operations/ Section 8.3, para 3: s/ PKIX format certificates/ PKIX certificates/ Section 8.4, para 4: s/arisews/arises/ Section 8.4, para 4: s/idevid-issuer/IDevID-issuer/ Section 15.1, first para s/idevid-issuer/IDevID-issuer/ Please review the output of ID-nits: https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-anima-constrained-voucher-21.txt -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
