EAP-based Authentication Service for CoAP
draft-ietf-ace-wg-coap-eap-15

All of these should be easy comments to resolve.  (I'd thank the secdir reviewer, but apparently it was me, LOL)

Shepherd write up:  This is more than 2 years old and looks to be both incomplete and out of date.  I'll note that he made a comment on the media type registration process (which may/may not have been followed).

Introduction:  I'm not sure why the expansion of MSK was deleted (v9 and v11), but I'd suggest replacing 'MSK' with 'Message Session Key (MSK)' here.  This will allow the use of MSK in other sections (3 times that I counted).

Section 3.5.2, title and first sentence:  'non-responding' vs 'non-responsive' (I'm not sure if this is common terminology, or a typo)

Section 3.5.3, para 3, second to last sentence:  'However, the EAP peer' should be 'However, if the EAP peer'?

# Internet AD comments for draft-ietf-ace-wg-coap-eap-11
CC @ekline

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/

## Comments

### S3.2

* "counter' which is an incrementing unique number for every new EAP
  request.

  I assume this is actually "for every new EAP request within an EAP
  session" kind of thing?

Thanks for addressing my comments in https://mailarchive.ietf.org/arch/msg/ace/7dNh63l6ESnGC3attFZQoXnBhKI/

I assume a new version will be published applying these, and am changing the ballot to no objection.

Thank you to Roni Even for the GENART review.

Thanks to Loganaden Velvindron for addressing my DISCUSS and thanks to Dan for addressing my COMMENTs (kept below for archiving).

The whole email thread is at https://mailarchive.ietf.org/arch/msg/ace/WYJryqoMGfUjbCVFOUztAtzKUiE/

# COMMENTS (non-blocking)

## Section 3.1

Where is `Step 0` defined ? I.e., refer to section 3.2.

The text is too assertive about the use of mDNS & DHCPv6 as these protocols cannot currently be used for the discovery (i.e., no option is defined for DHCPv6).

## Section 3.2

Who is `we` ? The authors ? The WG ? The IETF ? Suggest using the passive voice.

## Section 7.1

Is CoAP always over IPv6, i.e., does it always run over 6LO, RFC 7252 seems to allow CoAP over IPv4 ? Else `CoAP goes on top of UDP/TCP, which provides a checksum mechanism over its payload` is not correct as UDP over IPv4 can have no check-sum.

# NITS (non-blocking / cosmetic)

## Use of SVG graphics

Please consider using the aasvg tool to have nice graphics ;-)

Thank you for addressing my DISCUSS and COMMENTs.

Thanks for resolving my IANA Considerations concerns.

Comments, preserved from my ballot about -11:

==

I support Orie's DISCUSS position, plus his question about the peculiar SHOULD.

"MSK" is used in Section 1 before being defined in Section 3.2.  (They're also my initials; I thought I was being trolled.)

"HKDF" is used in Section 6.1 before it is defined later in that section.

Sections 9.3 through 9.6 are adding things to existing registries.  There's no need to re-state their registration policies.

In Appendix A, I suggest changing "Analogously" to "Analogous".

Thanks for working on this specification. No objection, but supporting Murray's discuss as I also would like to see proper instruction for the DE to execute on the ask.