[Last-Call] Re: Iotdir last call review of draft-ietf-anima-brski-prm-15

[Marco Tiloca <marco.tiloca=40ri.se@xxxxxxxxxxxxxx>]

    Hello Steffen,
      
      Great, thanks for considering my comments!
      
      Best,
      /Marco

On 2024-12-09 12:05, Fries, Steffen wrote:

> Hello Marco,
>
> Sorry for the late reply. Thank you for your review. The issues are commented below and addressed (issues and nits) in an updated version, that I put on the ANIMA github (https://eur05.safelinks.protection.outlook.com/?url="">). I wanted to wait for additional feedback before submitting a new version to the datatracker. 
> I also created an issue (#135) for the changes to make it better trackable. 
>
> Best regards
> Steffen
>
>
> > -----Original Message-----
> > From: Marco Tiloca via Datatracker <noreply@xxxxxxxx>
> > Sent: Sunday, December 1, 2024 11:35 AM
> > To: iot-directorate@xxxxxxxx
> > Cc: anima@xxxxxxxx; draft-ietf-anima-brski-prm.all@xxxxxxxx; last-call@xxxxxxxx
> > Subject: Iotdir last call review of draft-ietf-anima-brski-prm-15
> >
> > Reviewer: Marco Tiloca
> > Review result: Ready with Nits
> >
> > Hi,
> >
> > I am the assigned IoT-Directorate reviewer for this draft.
> >
> > Summary: Ready with Nits.
> >
> > This document specifies the Bootstrapping a Remote Secure Key Infrastructure
> > (BRSKI) with Pledge in Responder Mode (PRM), thus enabling the bootstrapping
> > of a pledge device that acts as server during the process.
> >
> > I previously reviewed version -05, and I find the quality of the document greatly
> > improved since then as to clarity and presentation.
> >       
> [stf] Thank you. We did a lot of restructuring with the help of Matthias (Document Shepherd) to improve readability. 
> > Please see below my comments for version -15. I hope it helps!
> >
> > Best,
> > /Marco
> >
> > [Section 6.1.2]
> >
> > * It says:
> >
> >   > The discovery of the pledge by the Registrar-Agent in the context of this
> >   document describes the minimum discovery approach to be supported.
> >
> >   Can this be more assertive and normatively say "... the minimum discovery
> >   approach that MUST be supported." ?
> >       
> [stf] Yes, this is true. As it is the minimum discovery approach to be supported MUST is correct here. 
>
> > [Section 7.5.2.1]
> >
> > * It says
> >
> >   > ... or an array of at least two X.509 v3 certificates ...
> >
> >   This requires to fix the CDDL definition in Figure 27 (see Sections 3.2 and
> >   3.4 of RFC 8610).
> >
> >   OLD:
> >   "x5bag": bytes / [+ bytes]
> >
> >   NEW:
> >   "x5bag": bytes / [2* bytes]
> >       
> [stf] Thanks for catching this. I corrected it accordingly. The example in RFC 8610 section 3.4 made it clear.
>
> > [Nits]
> >       
> [stf] I addressed all of the nits mentioned below in the updated document.  
>
> > * Section 1
> >   - s/associated to/associated with
> >
> > * Section 3.1.3
> >   - s/operate a RA/operate an RA
> >
> > * Section 3.2
> >   - s/communicate with another/communicate with one another
> >
> > * Section 5.1
> >   - s/or protocol to be/or protocols to be
> >
> > * Section 5.4
> >   - s/communicated via/communicates via
> >
> > * Section 6.1.2
> >   - s/an DNS-SD/a DNS-SD
> >   - s/a mDNS/an mDNS
> >   - s/support this functionality/supports this functionality
> >
> > * Section 6.3.1
> >   - s/establishment, that/establishment that
> >
> > * Section 6.4
> >   - s/resp./respectively.
> >
> > * Section 7.2.2.2
> >   - s/in the case the/in case the
> >
> > * Section 7.3
> >   - s/is of the pledge verified/of the pledge are verified
> >   - s/to an Registrar/to a Registrar
> >
> > * Section 7.3.1
> >   - s/MASA MAY chose/MASA MAY choose
> >   - s/certificate that signed by/certificate that is signed by
> >
> > * Section 7.3.6
> >   - s/BRSKi-PRM/BRSKI-PRM
> >
> > * Section 7.4
> >   - s/signed signed with/signed with
> >
> > * Section 7.6
> >   - s/MAY stored/MAY store
> >   - s/but use the/but using the
> >   - s/pledge did not did not/pledge did not
> >
> > * Section 7.6.2.3
> >   - s/plege/pledge
> >
> > * Section 7.7
> >   - s/certficate/certificate
> >   - s/processed by pledge/processed by the pledge
> >
> > * Section 7.10
> >   - s/Second, the Registrar-Agent/First, the Registrar-Agent
> >       
> [stf] I did change it to "The Registrar-Agent ..." as the second/First was not necessary here.
> > * Section 7.11.2.3
> >   - s/according its bootstrapping/according to its bootstrapping
> >
> > * Section 8
> >   - s/in EE certificate/in the EE certificate
> >
> > * Section 10
> >   - s/to optional apply/to optionally apply
> >
> > * Section 11
> >   - s/BRSKI-PRM, the pledge/BRSKI-PRM the pledge
> >   - s/does not limited/does not limit
> >   - s/simply resent the/simply resend the
> >
> > * Appendix B
> >
> >   - s/dependant/dependent
> >   - s/scanable/scannable
> >   - s/useable/usable
> >
> >
> >       
>     
    
-- 
Marco Tiloca
Ph.D., Senior Researcher

Phone: +46 (0)70 60 46 501

RISE Research Institutes of Sweden AB
Box 1263
164 29 Kista (Sweden)

Division: Digital Systems
Department: Computer Science
Unit: Cybersecurity

https://www.ri.se

Attachment: OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx