Extension of the Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE) to Transport Layer Security (TLS)
draft-ietf-ace-extend-dtls-authorize-07

[Ballot comment]
Thanks to Yingzhen Qu for the helpful OpsDir review: https://datatracker.ietf.org/doc/review-ietf-ace-extend-dtls-authorize-06-opsdir-lc-qu-2023-02-09/

I encourage the authors to review this, and respond to the "In case both the client and server support both TLS and DTLS, it says here “It
is up to the implementation to handle”. However it also says “the client typically first tries using DTLS”, this seems to give priority to DTLS. Please
clarify."

(Edit: Selected the NoObj position - I'd balloted, but forgotten to actually select the position...)

[Ballot comment]
Thanks to Yingzhen Qu for the helpful OpsDir review: https://datatracker.ietf.org/doc/review-ietf-ace-extend-dtls-authorize-06-opsdir-lc-qu-2023-02-09/

I encourage the authors to review this, and respond to the "In case both the client and server support both TLS and DTLS, it says here “It
is up to the implementation to handle”. However it also says “the client typically first tries using DTLS”, this seems to give priority to DTLS. Please
clarify."

[Ballot comment]
Thanks for working on this specification.

Like others I have also stabled upon section 4, where it says -

  "The ace_profile parameter indicates the use of the DTLS profile for ACE as defined in [RFC9202]. Therefore, the Client typically first tries using DTLS to connect to the Resource Server. If this fails the Client MAY try to connect to the Resource Server via TLS. The client can try TLS and DTLS in parallel to accelerate the connection setup. It is up to the implementation to handle the case where the RS reponds to both connection requests.
  As resource-constrained devices are not expected to support both transport layer security mechanisms. Clients and Resource Servers SHOULD support DTLS and MAY support TLS. A Client that implements either TLS or DTLS but not both might fail in establishing a secure communication channel with the Resource Server altogether."

It seems to me that according to RFC9202 and as it is already out in the deployment, there is a preference of using DTLS for secure comm channel with RS. This specification allows that TLS could also be used that MAY be supported by some RS and clients. Hence, my understanding would be that clients with only DTLS support SHOULD at least be able to establish secure communication channel, and clients with only TLS support MAY also be able to secure the channel to RS. This is however, is not the interpretation I get by reading the mentioned text from the specification. I would actually prefer that the RS SHOULD support both DTLS and TLS, and clients SHOULD support DTLS but MAY support TLS as well. In that case we can do a failover to TLS or race the DTLS and TLS in parallel.  This would maximize the use of secure channel. However, the current recommendation might work hence no objection from me.

[Ballot comment]
I also have a but of trouble interpreting this sentence:

    As resource-constrained devices are not expected to support both transport layer security mechanisms. Clients and Resource Servers SHOULD support DTLS and MAY support TLS. A Client that implements either TLS or DTLS but not both might fail in establishing a secure communication channel with the Resource Server altogether.

I am assuming the Resource Servers(RS) are not constrained. Would it not make sense to say that RS SHOULD support both TLS and DTLS to ensure interoperability with resource-constrained clients that support either TLS or DTLS but not both ?

[Ballot comment]
Minor level comments:

(1) p 2, sec 4.  Connection Establishment

    Clients and Resource Servers
  SHOULD support DTLS and MAY support TLS.

This seems to make successful interop a bit less likely to me.  Perhaps it would be sensible to suggest that Resource Servers SHOULD support both DTLS and TLS?


Nit level comments:

(2) p 1, sec 1.  Introduction

    UDP
  might be blocked on the path between the client and the RS, and the

Trivial nit (which the RFC editor will fix anyway), you are using RS here in the introduction before it is defined in section 4.


(3) p 2, sec 4.  Connection Establishment

  As resource-constrained devices are not expected to support both
  transport layer security mechanisms.

Another nit, this sentence doesn't stand well on its own please drop the "As" or link this sentence with the next.

[Ballot comment]
Nits:

- Please expand RS on first use. (It’s first expanded in Section 4 but first used in Section 1.)

- “As resource-constrained devices are not expected to support both transport layer security mechanisms. Clients and Resource Servers SHOULD support DTLS and MAY support TLS.” Is this supposed to be one sentence, with a comma between clauses? If not, then I don’t understand the first sentence (fragment). For that matter even if you make the period into a comma, I don’t immediately see how the second clause follows causally from the first, but I’m not too bothered about this.

[Ballot comment]
# GEN AD review of draft-ietf-ace-extend-dtls-authorize-06

CC @larseggert

Thanks to Paul Kyzivat for the General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/PI2PU9rH6uMLt8nwTo5l5xtjvRg).

## Comments

### Section 1, paragraph 1
```
    [RFC9202] only specifies the use of DTLS [RFC9147] but works equally
    well for TLS [RFC8446]. 
```
The use of DTLS *for what*?

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Typos

#### Section 4, paragraph 2
```
-    RS reponds to both connection requests.
+    RS responds to both connection requests.
+        +
```

#### Section 4, paragraph 3
```
-    transport layer security mechanisms.  Clients and Resource Servers
-            ^                        ^^
+    transport-layer security mechanisms, Clients and Resource Servers
+            ^                        ^
```

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues. Review generated by the [`ietf-reviewtool`][IRT].

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments
[IRT]: https://github.com/larseggert/ietf-reviewtool

[Ballot comment]
# Internet AD comments for draft-ietf-ace-extend-dtls-authorize-06
CC @ekline

## Comments

### S4

* If it's up to the implementation to handle connection racing where both
  succeed should there be a comment about whether or not Early Data should
  be avoided (for non-idempotent operations)?

  Perhaps there is already text about this in the related docs?

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-ace-extend-dtls-authorize-05. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete.

In the ACE Profiles registry, on the Authentication and Authorization for Constrained Environments (ACE) registry page located at:

https://www.iana.org/assignments/ace/

the existing registration for:

Name: coap_dtls

will have its description and reference changed as follows:

Description: Profile for delegating client Authentication and Authorization for Constrained Environments by establishing a Datagram Transport Layer Security (DTLS) or Transport Layer Security (TLS) channel between resource-constrained nodes.

Reference: [RFC9202][ RFC-to-be ]

The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Specialist

The following Last Call announcement was sent out (ends 2023-01-24):

From: The IESG
To: IETF-Announce
CC: ace-chairs@ietf.org, ace@ietf.org, draft-ietf-ace-extend-dtls-authorize@ietf.org, mglt.ietf@gmail.com, rdd@cert.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Extension of the CoAP-DTLS Profile for ACE to TLS) to Proposed Standard


The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'Extension of the CoAP-DTLS Profile for ACE to TLS'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2023-01-24. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document updates the CoAP-DTLS profile for ACE described in RFC
  9202 by specifying that the profile applies to TLS as well as DTLS.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-extend-dtls-authorize/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/5576/
  https://datatracker.ietf.org/ipr/5575/

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

The document is an Standard Track document and this is mentioned in the header of the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction.

This document updates the CoAP-DTLS profile for ACE [I-D.ietf-ace-dtls-authorize] by specifying that the profile applies to TLS as well as DTLS.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?

No controversies were encountered. The draft is an extending a core document of ace.

Document Quality:

Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?

From one of the co-authors.Our implementation (WIP) at [1] supports CoAP transport over DTLS and TLS using libcoap [2]. The client-side retry with different transport layer security is not yet implemented, though.

[1] https://gitlab.informatik.uni-bremen.de/DCAF/dcaf
[2] https://libcoap.net

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?
Daniel is the document shepherd Paul Wouters is the responsible AD

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

This document has been reviewed by the main contributors of the WG and the contributors of rfc9202. We do ghave sufficient confidence the document is ready.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

no.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

no.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

I do have any concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

yes, some privately, some via the mailing list.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

ipr has been disclosed. no discussions have been raised regarding this ipr.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

We met WG consensus. There were no controversy.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)
no

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

no nits have been found

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either normative or informative?

yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

no.

(15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

no.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

the document updates 9202. This is listed in the header, abstract and introduction.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

The IANA registry has been filled in accordance to ace profiles guidelines described in RFC9200. 

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

no IANA registries have been created.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

NA

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

NA

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

The document is an Standard Track document and this is mentioned in the header of the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction.

This document updates the CoAP-DTLS profile for ACE [I-D.ietf-ace-dtls-authorize] by specifying that the profile applies to TLS as well as DTLS.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?

No controversies were encountered. The draft is an extending a core document of ace.

Document Quality:

Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?

From one of the co-authors.Our implementation (WIP) at [1] supports CoAP transport over DTLS and TLS using libcoap [2]. The client-side retry with different transport layer security is not yet implemented, though.

[1] https://gitlab.informatik.uni-bremen.de/DCAF/dcaf
[2] https://libcoap.net

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?
Daniel is the document shepherd Paul Wouters is the responsible AD

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

This document has been reviewed by the main contributors of the WG and the contributors of rfc9202. We do ghave sufficient confidence the document is ready.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

no.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

no.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

I do have any concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

yes, some privately, some via the mailing list.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

ipr has been disclosed. no discussions have been raised regarding this ipr.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

We met WG consensus. There were no controversy.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)
no

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

no nits have been found

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either normative or informative?

yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

no.

(15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

no.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

the document updates 9202. This is listed in the header, abstract and introduction.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

The IANA registry has been filled in accordance to ace profiles guidelines described in RFC9200. 

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

no IANA registries have been created.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

NA

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

NA

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

The document is an Standard Track document and this is mentioned in the header of the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction.

This document updates the CoAP-DTLS profile for ACE [I-D.ietf-ace-dtls-authorize] by specifying that the profile applies to TLS as well as DTLS.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?

No controversies were encountered. The draft is an extending a core document of ace.

Document Quality:

Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?

From one of the co-authors.Our implementation (WIP) at [1] supports CoAP transport over DTLS and TLS using libcoap [2]. The client-side retry with different transport layer security is not yet implemented, though.

[1] https://gitlab.informatik.uni-bremen.de/DCAF/dcaf
[2] https://libcoap.net

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?
Daniel is the document shepherd Paul Wouters is the responsible AD

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

This document has been reviewed by the main contributors of the WG and the contributors of rfc9202. We do ghave sufficient confidence the document is ready.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

no.

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

no.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

I do have any concerns.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

yes, some privately, some via the mailing list.

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

ipr has been disclosed. no discussions have been raised regarding this ipr.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

We met WG consensus. There were no controversy.

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)
no

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

no nits have been found

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

N/A

(13) Have all references within this document been identified as either normative or informative?

yes.

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

no.

(15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

no.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

the document updates 9202. This is listed in the header, abstract and introduction.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

The IANA registry has been filled in accordance to ace profiles guidelines described in RFC9200. 

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

no IANA registries have been created.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

NA

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?

NA

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up. Changes are expected over time.

This version is dated 1 November 2019.

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

The document is an Standard Track document and this is mentioned in the header of the document.

(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction.

This document updates the CoAP-DTLS profile for ACE [I-D.ietf-ace-dtls-authorize] by specifying that the profile applies to TLS as well as DTLS.

Working Group Summary:

Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough?

No controversies were encountered. The draft is an extending a core document of ace.

Document Quality:

Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, YANG Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted?

From one of the co-authors.Our implementation (WIP) at [1] supports CoAP transport over DTLS and TLS using libcoap [2]. The client-side retry with different transport layer security is not yet implemented, though.

[1] https://gitlab.informatik.uni-bremen.de/DCAF/dcaf
[2] https://libcoap.net

Personnel:

Who is the Document Shepherd? Who is the Responsible Area Director?

(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

(13) Have all references within this document been identified as either normative or informative?

(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

(15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 8126).

(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, YANG modules, etc.

(20) If the document contains a YANG module, has the module been checked with any of the recommended validation tools (https://trac.ietf.org/trac/ops/wiki/yang-review-tools) for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in RFC8342?