Hello Marco, Sorry for the late reply. Thank you for your review. The issues are commented below and addressed (issues and nits) in an updated version, that I put on the ANIMA github (https://github.com/anima-wg/anima-brski-prm). I wanted to wait for additional feedback before submitting a new version to the datatracker. I also created an issue (#135) for the changes to make it better trackable. Best regards Steffen > -----Original Message----- > From: Marco Tiloca via Datatracker <noreply@xxxxxxxx> > Sent: Sunday, December 1, 2024 11:35 AM > To: iot-directorate@xxxxxxxx > Cc: anima@xxxxxxxx; draft-ietf-anima-brski-prm.all@xxxxxxxx; last-call@xxxxxxxx > Subject: Iotdir last call review of draft-ietf-anima-brski-prm-15 > > Reviewer: Marco Tiloca > Review result: Ready with Nits > > Hi, > > I am the assigned IoT-Directorate reviewer for this draft. > > Summary: Ready with Nits. > > This document specifies the Bootstrapping a Remote Secure Key Infrastructure > (BRSKI) with Pledge in Responder Mode (PRM), thus enabling the bootstrapping > of a pledge device that acts as server during the process. > > I previously reviewed version -05, and I find the quality of the document greatly > improved since then as to clarity and presentation. [stf] Thank you. We did a lot of restructuring with the help of Matthias (Document Shepherd) to improve readability. > > Please see below my comments for version -15. I hope it helps! > > Best, > /Marco > > [Section 6.1.2] > > * It says: > > > The discovery of the pledge by the Registrar-Agent in the context of this > document describes the minimum discovery approach to be supported. > > Can this be more assertive and normatively say "... the minimum discovery > approach that MUST be supported." ? [stf] Yes, this is true. As it is the minimum discovery approach to be supported MUST is correct here. > > [Section 7.5.2.1] > > * It says > > > ... or an array of at least two X.509 v3 certificates ... > > This requires to fix the CDDL definition in Figure 27 (see Sections 3.2 and > 3.4 of RFC 8610). > > OLD: > "x5bag": bytes / [+ bytes] > > NEW: > "x5bag": bytes / [2* bytes] [stf] Thanks for catching this. I corrected it accordingly. The example in RFC 8610 section 3.4 made it clear. > > [Nits] [stf] I addressed all of the nits mentioned below in the updated document. > > * Section 1 > - s/associated to/associated with > > * Section 3.1.3 > - s/operate a RA/operate an RA > > * Section 3.2 > - s/communicate with another/communicate with one another > > * Section 5.1 > - s/or protocol to be/or protocols to be > > * Section 5.4 > - s/communicated via/communicates via > > * Section 6.1.2 > - s/an DNS-SD/a DNS-SD > - s/a mDNS/an mDNS > - s/support this functionality/supports this functionality > > * Section 6.3.1 > - s/establishment, that/establishment that > > * Section 6.4 > - s/resp./respectively. > > * Section 7.2.2.2 > - s/in the case the/in case the > > * Section 7.3 > - s/is of the pledge verified/of the pledge are verified > - s/to an Registrar/to a Registrar > > * Section 7.3.1 > - s/MASA MAY chose/MASA MAY choose > - s/certificate that signed by/certificate that is signed by > > * Section 7.3.6 > - s/BRSKi-PRM/BRSKI-PRM > > * Section 7.4 > - s/signed signed with/signed with > > * Section 7.6 > - s/MAY stored/MAY store > - s/but use the/but using the > - s/pledge did not did not/pledge did not > > * Section 7.6.2.3 > - s/plege/pledge > > * Section 7.7 > - s/certficate/certificate > - s/processed by pledge/processed by the pledge > > * Section 7.10 > - s/Second, the Registrar-Agent/First, the Registrar-Agent [stf] I did change it to "The Registrar-Agent ..." as the second/First was not necessary here. > > * Section 7.11.2.3 > - s/according its bootstrapping/according to its bootstrapping > > * Section 8 > - s/in EE certificate/in the EE certificate > > * Section 10 > - s/to optional apply/to optionally apply > > * Section 11 > - s/BRSKI-PRM, the pledge/BRSKI-PRM the pledge > - s/does not limited/does not limit > - s/simply resent the/simply resend the > > * Appendix B > > - s/dependant/dependent > - s/scanable/scannable > - s/useable/usable > > -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
