Hi Hendrik,
This looks better to me. Thanks for taking care of the comments.
I also appreciated that you echoed the changes in Section 1.2.
Cheers,
Med
Orange Restricted
+AD4- -----Message d'origine-----
+AD4- De : Brockhaus, Hendrik +ADw-hendrik.brockhaus+AEA-siemens.com+AD4-
+AD4- Envoy+AOk- : mardi 5 novembre 2024 11:51
+AD4- +AMA- : BOUCADAIR Mohamed INNOV/NET +ADw-mohamed.boucadair+AEA-orange.com+AD4AOw-
+AD4- ops-dir+AEA-ietf.org
+AD4- Cc : draft-ietf-lamps-rfc6712bis.all+AEA-ietf.org+ADs- last-
+AD4- call+AEA-ietf.org+ADs- spasm+AEA-ietf.org
+AD4- Objet : AW: Opsdir last call review of draft-ietf-lamps-
+AD4- rfc6712bis-07
+AD4-
+AD4-
+AD4- Mohamed
+AD4-
+AD4- Thank you for your review and your comments.
+AD4- I am sorry for responding so late. The co-authors and I wanted to
+AD4- consolidate the feedback to the different reviews.
+AD4-
+AD4- Please see my responses to your comments inline below.
+AD4- The latest version of the draft ready for submission and a diff
+AD4- to the latest version on datatracker are available on github:
+AD4- -
+AD4- https://eur03.safelinks.protection.outlook.com/?url+AD0-https+ACU-3A+ACU-2F+ACU-2
+AD4- Flamps-wg.github.io+ACU-2Fcmp-updates+ACU-2Fdraft-ietf-lamps-
+AD4- rfc6712bis.html+ACY-data+AD0-05+ACU-7C02+ACU-7Cmohamed.boucadair+ACU-40orange.com+ACU-7C9
+AD4- 2606abb478c4860430f08dcfd9039bc+ACU-7C90c7a20af34b40bfbc48b9253b6f5d2
+AD4- 0+ACU-7C0+ACU-7C0+ACU-7C638664043098877527+ACU-7CUnknown+ACU-7CTWFpbGZsb3d8eyJWIjoiMC
+AD4- 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0+ACU-3D+ACU-7C0+ACU-7C+ACU-7
+AD4- C+ACU-7C+ACY-sdata+AD0-PuqcvAe3ikrKg+ACU-2BS95nDngNAkTfvdkynrz9F93CZugYk+ACU-3D+ACY-reser
+AD4- ved+AD0-0
+AD4- -
+AD4- https://eur03.safelinks.protection.outlook.com/?url+AD0-https+ACU-3A+ACU-2F+ACU-2
+AD4- Fauthor-tools.ietf.org+ACU-2Fapi+ACU-2Fiddiff+ACU-3Fdoc+AF8-1+ACU-3Ddraft-ietf-lamps-
+AD4- rfc6712bis+ACU-26url+AF8-2+ACU-3Dhttps+ACU-3A+ACU-2F+ACU-2Flamps-wg.github.io+ACU-2Fcmp-
+AD4- updates+ACU-2Fdraft-ietf-lamps-
+AD4- rfc6712bis.txt+ACY-data+AD0-05+ACU-7C02+ACU-7Cmohamed.boucadair+ACU-40orange.com+ACU-7C92
+AD4- 606abb478c4860430f08dcfd9039bc+ACU-7C90c7a20af34b40bfbc48b9253b6f5d20
+AD4- +ACU-7C0+ACU-7C0+ACU-7C638664043098899170+ACU-7CUnknown+ACU-7CTWFpbGZsb3d8eyJWIjoiMC4
+AD4- wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0+ACU-3D+ACU-7C0+ACU-7C+ACU-7C
+AD4- +ACU-7C+ACY-sdata+AD0-ttHexObIwiPsP0y8pdp3MKo72cc21t6d46Q0zQwzgVI+ACU-3D+ACY-reserved
+AD4- +AD0-0
+AD4-
+AD4- Please let me know if the proposed changes sufficiently address
+AD4- your comments.
+AD4-
+AD4- Hendrik
+AD4-
+AD4- +AD4- Von: Mohamed Boucadair via Datatracker +ADw-noreply+AEA-ietf.org+AD4-
+AD4- +AD4- Gesendet: Freitag, 11. Oktober 2024 14:39
+AD4- +AD4-
+AD4- +AD4- Reviewer: Mohamed Boucadair
+AD4- +AD4- Review result: Has Issues
+AD4- +AD4-
+AD4- +AD4- Hi all,
+AD4- +AD4-
+AD4- +AD4- This bis is straightforward as it inherits the updates in
+AD4- RFC9480.
+AD4- +AD4- However, there are some few items that need further tweaking
+AD4- (listed
+AD4- +AD4- below in the order they appear in the text). Nits and editorial
+AD4- +AD4- suggestions are not echoed here but are provided in the
+AD4- detailed review (see the links below).
+AD4- +AD4-
+AD4- +AD4- Overall, the operational considerations are not that distinct
+AD4- vs 6710
+AD4- +AD4- except the use of well-know URI. The authors adequately discuss
+AD4- some
+AD4- +AD4- required configuration matters at the client side. That's OK.
+AD4- +AD4-
+AD4- +AD4- +ACM- Obsolete RFC9480
+AD4- +AD4-
+AD4- +AD4- Might be wroth to explain that this RFC is obsoleted by this
+AD4- draft
+AD4- +AD4- +ACoAKg-AND +ACoAKg- rfc4210bis because otherwise it is not evident for
+AD4- readers
+AD4- +AD4- why other parts of
+AD4- +AD4- 9480 is being obsoleted.
+AD4-
+AD4- +AFs-HB+AF0- I suggest the following change in the Abstract:
+AD4- OLD
+AD4- It includes the updates on RFC 6712 specified in CMP Updates
+AD4- RFC 9480 Section
+AD4- 3 and obsoleted both documents.
+AD4- NEW
+AD4- It includes the updates to RFC 6712 specified in RFC 9480
+AD4- Section 3. These
+AD4- updates introduce CMP URIs using a Well-known prefix. It
+AD4- obsoletes RFC 6712
+AD4- and together with I-D.ietf-lamps-rfc4210bis and it also
+AD4- obsoletes RFC 9480.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM- Back +ACI-..generally considered bad practice..+ACI- with a reference
+AD4- +AD4-
+AD4- +AD4- I know this text was in 6712, however I think adding a pointer
+AD4- such as
+AD4- +AD4- RFC9205 would be useful for readers to digest what is BCP for
+AD4- these matters.
+AD4-
+AD4- +AFs-HB+AF0- I propose the following change to Section 1 OLD
+AD4- The usage of HTTP for transferring CMP messages exclusively
+AD4- uses the POST
+AD4- method for requests, effectively tunneling CMP over HTTP.
+AD4- While this is
+AD4- generally considered bad practice and should not be emulated,
+AD4- there are good
+AD4- reasons to do so for transferring CMP.
+AD4- NEW
+AD4- The usage of HTTP for transferring CMP messages exclusively
+AD4- uses the POST
+AD4- method for requests, effectively tunneling CMP over HTTP.
+AD4- While this is
+AD4- generally considered bad practice (see BCP 56 +AFs-RFC9205+AF0- for
+AD4- best current
+AD4- practice on building protocols with HTTP) and should not be
+AD4- emulated, there
+AD4- are good reasons to do so for transferring CMP.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM- Conflict with RFC 9205?
+AD4- +AD4-
+AD4- +AD4- CURRENT:
+AD4- +AD4- Implementations MUST support HTTP/1.0 +AFs-RFC1945+AF0- and SHOULD
+AD4- support
+AD4- +AD4- HTTP/1.1 +AFs-RFC9112+AF0-.
+AD4- +AD4-
+AD4- +AD4- This text seems to to conflict with this part in RFC9205:
+AD4- +AD4-
+AD4- +AD4- +ADw-Therefore, it is NOT RECOMMENDED that applications using HTTP
+AD4- specify
+AD4- +AD4- a minimum version of HTTP to be used.+AD4-
+AD4- +AD4-
+AD4- +AD4- May be worth to have some words to fall under the following
+AD4- (9205):
+AD4- +AD4-
+AD4- +AD4- +ADw-However, if an application's deployment benefits from the use
+AD4- of a
+AD4- +AD4- particular version of HTTP (for example, HTTP/2's
+AD4- multiplexing), this
+AD4- +AD4- ought be noted.+AD4-
+AD4-
+AD4- +AFs-HB+AF0- We removed the requirement to support HTTP/1.0 OLD
+AD4- Implementations MUST support HTTP/1.0 +AFs-RFC1945+AF0- and SHOULD
+AD4- support
+AD4- HTTP/1.1 +AFs-RFC9112+AF0-.
+AD4- NEW
+AD4- This draft requires uses of the POST method (Section 3.3) and
+AD4- the +ACI-Content-
+AD4- Type+ACI- header field (Section 3.4) which are available since
+AD4- HTTP/1.0 +AFs-RFC1945+AF0-.
+AD4- This specification also specifies use of persistent
+AD4- connections (Section 3.2). This
+AD4- document refers to HTTP/1.1 as specified in +AFs-RFC9110+AF0- and
+AD4- +AFs-RFC9112+AF0- for further
+AD4- details.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM- Redundant with RFC 9110
+AD4- +AD4-
+AD4- +AD4- CURRENT:
+AD4- +AD4- The Content Length header field SHOULD be provided, giving the
+AD4- length
+AD4- +AD4- of the
+AD4- +AD4- ASN.1 encoded PKIMessage.
+AD4- +AD4-
+AD4- +AD4- The use of normative language seems to be redundant with this
+AD4- part in RFC 9110:
+AD4- +AD4-
+AD4- +AD4- +ACI-A user agent SHOULD send Content-Length in a request when the
+AD4- method
+AD4- +AD4- defines a meaning for enclosed content and it is not sending
+AD4- Transfer-Encoding.+ACI-
+AD4-
+AD4- +AFs-HB+AF0- Thank you for pointing us at this. We dropped the paragraph
+AD4- on the +ACI-Content-Length+ACI-.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM- +ACI-http+ACI- scheme in examples
+AD4- +AD4-
+AD4- +AD4- The examples in Section 3.6 use +ACI-http+ACI- scheme. I think it is
+AD4- preferable to use +ACI-https+ACI-
+AD4- +AD4- here.
+AD4-
+AD4- +AFs-HB+AF0- We would prefer keeping +ACI-http+ACI-. The TLS layer is an optional
+AD4- addition, if needed, because
+AD4- - CMP does not necessarily require transport layer protection if
+AD4- data-origin authentication using MAC-based or signature-based
+AD4- message protection is applied.
+AD4- - There are cases where an entity initially has no certificate
+AD4- and no trust anchor. In these cases, it would even be unable to
+AD4- perform TLS server authentication.
+AD4- See also Section 5 Topic 5.
+AD4-
+AD4- Anyhow, we added the following note to the end of Section 3.6:
+AD4- NEW
+AD4- Note that https can also be used instead of http, see item 5
+AD4- in the Security
+AD4- Considerations (Section 5).
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM- Not sure how the following can be assessed
+AD4- +AD4-
+AD4- +AD4- CURRENT:
+AD4- +AD4- While all defined features of the HTTP protocol are available
+AD4- to
+AD4- +AD4- implementations, they SHOULD keep the protocol utilization as
+AD4- simple
+AD4- +AD4- as possible.
+AD4- +AD4-
+AD4- +AD4- May simply avoid the normative language here.
+AD4-
+AD4- +AFs-HB+AF0- Thank you for pointing this out. We dropped the complete
+AD4- Section 3.8.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM- Broken citation
+AD4- +AD4-
+AD4- +AD4- CURRENT:
+AD4- +AD4- ..Section 8.2.3 of +AFs-RFC9112+AF0-.
+AD4- +AD4-
+AD4- +AD4- There is no such section in 9112.
+AD4-
+AD4- +AFs-HB+AF0- Thank you for pointing this out. We dropped the complete
+AD4- Section 3.8.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACM-
+AD4- +AD4-
+AD4- +AD4- More detailed comments can be found here:
+AD4-
+AD4- +AFs-HB+AF0- Thank you for all further editorial issues. I will
+AD4- incorporate most of them.
+AD4-
+AD4- +AD4-
+AD4- +AD4- +ACo- pdf:
+AD4- +AD4-
+AD4- https://eur03.safelinks.protection.outlook.com/?url+AD0-https+ACU-3A+ACU-2F+ACU-2
+AD4- Feur0
+AD4- +AD4-
+AD4- 1.safelinks.protection.outlook.com+ACU-2F+ACU-3Furl+ACU-3Dhttps+ACU-253A+ACU-252F+ACU-252
+AD4- Fgith
+AD4- +AD4-
+AD4- ub.com+ACU-25252+ACY-data+AD0-05+ACU-7C02+ACU-7Cmohamed.boucadair+ACU-40orange.com+ACU-7C9260
+AD4- 6abb4
+AD4- +AD4-
+AD4- 78c4860430f08dcfd9039bc+ACU-7C90c7a20af34b40bfbc48b9253b6f5d20+ACU-7C0+ACU-7C
+AD4- 0+ACU-7C6
+AD4- +AD4-
+AD4- 38664043098913753+ACU-7CUnknown+ACU-7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
+AD4- QIjoi
+AD4- +AD4-
+AD4- V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0+ACU-3D+ACU-7C0+ACU-7C+ACU-7C+ACU-7C+ACY-sdata+AD0-He+ACU-2BXQ
+AD4- jkVe6
+AD4- +AD4- y1dpOpnxFAt3k7RlqUPNHthWJgxyDN8jw+ACU-3D+ACY-reserved+AD0-0
+AD4- +AD4- Fboucadair+ACU-2FIETF-Drafts-
+AD4- Reviews+ACU-2Fblob+ACU-2Fmaster+ACU-2F2024+ACU-2Fdraft-ietf-
+AD4- +AD4- lamps-rfc6712bis-07-
+AD4- +AD4-
+AD4- rev+ACU-2520Med.pdf+ACY-data+AD0-05+ACU-7C02+ACU-7Chendrik.brockhaus+ACU-40siemens.com+ACU-7C
+AD4- e2
+AD4- +AD4-
+AD4- d33c7591d541adf88908dce9fa0ef5+ACU-7C38ae3bcd95794fd4addab42e1495d55a
+AD4- +ACU-7C
+AD4- +AD4- 1+ACU-7C0+ACU-7C638642508222110782+ACU-7CUnknown+ACU-7CTWFpbGZsb3d8eyJWIjoiMC4
+AD4- +AD4-
+AD4- wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0+ACU-3D+ACU-7C0+ACU-7C+ACU-7C
+AD4- +AD4- +ACU-7C+ACY-sdata+AD0-N3TsqJ+ACU-2FO0y+ACU-2BDYxVsREm1QPcOMpa0A1O8YQvlIo7ZifE+ACU-3D+ACY-r
+AD4- +AD4- eserved+AD0-0
+AD4- +AD4- +ACo- doc:
+AD4- +AD4-
+AD4- https://eur03.safelinks.protection.outlook.com/?url+AD0-https+ACU-3A+ACU-2F+ACU-2
+AD4- Feur0
+AD4- +AD4-
+AD4- 1.safelinks.protection.outlook.com+ACU-2F+ACU-3Furl+ACU-3Dhttps+ACU-253A+ACU-252F+ACU-252
+AD4- Fgith
+AD4- +AD4-
+AD4- ub.com+ACU-25252+ACY-data+AD0-05+ACU-7C02+ACU-7Cmohamed.boucadair+ACU-40orange.com+ACU-7C9260
+AD4- 6abb4
+AD4- +AD4-
+AD4- 78c4860430f08dcfd9039bc+ACU-7C90c7a20af34b40bfbc48b9253b6f5d20+ACU-7C0+ACU-7C
+AD4- 0+ACU-7C6
+AD4- +AD4-
+AD4- 38664043098928069+ACU-7CUnknown+ACU-7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
+AD4- QIjoi
+AD4- +AD4-
+AD4- V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0+ACU-3D+ACU-7C0+ACU-7C+ACU-7C+ACU-7C+ACY-sdata+AD0-XaoGo1s
+AD4- +ACU-2BmY
+AD4- +AD4- g5e+ACU-2FAWUpt+ACU-2FZJXjjJoJllA1aBz47KB2Mlg+ACU-3D+ACY-reserved+AD0-0
+AD4- +AD4- Fboucadair+ACU-2FIETF-Drafts-
+AD4- +AD4- Reviews+ACU-2Fraw+ACU-2Frefs+ACU-2Fheads+ACU-2Fmaster+ACU-2F2024+ACU-2Fdraft-ietf-
+AD4- lamps-
+AD4- +AD4- rfc6712bis-07-
+AD4- +AD4-
+AD4- rev+ACU-2520Med.docx+ACY-data+AD0-05+ACU-7C02+ACU-7Chendrik.brockhaus+ACU-40siemens.com+ACU-7
+AD4- Ce
+AD4- +AD4-
+AD4- 2d33c7591d541adf88908dce9fa0ef5+ACU-7C38ae3bcd95794fd4addab42e1495d55
+AD4- a+ACU-7
+AD4- +AD4- C1+ACU-7C0+ACU-7C638642508222160319+ACU-7CUnknown+ACU-7CTWFpbGZsb3d8eyJWIjoiMC
+AD4- +AD4-
+AD4- 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0+ACU-3D+ACU-7C0+ACU-7C+ACU-7
+AD4- +AD4-
+AD4- C+ACU-7C+ACY-sdata+AD0-BZ+ACU-2FNV6l60kjmIiOo1Lyftyl8TH7Tr43U3bU1QHF8QIg+ACU-3D+ACY-reser
+AD4- v
+AD4- +AD4- ed+AD0-0
+AD4- +AD4-
+AD4- +AD4- Hope this helps.
+AD4- +AD4-
+AD4- +AD4- Cheers,
+AD4- +AD4- Med
+AD4- +AD4-
+ADw-br+AD4APA-div style+AD0-'text-align: Center+ADs-font-family: Helvetica 75 Bold+ADs-color: +ACM-ED7D31+ADs-font-size: 8pt+ADs-margin: 5pt+ADs-'+AD4-Orange Restricted+ADw-/div+AD4-
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
