EAP-based Authentication Service for CoAP
draft-ietf-ace-wg-coap-eap-10

The EAP Lower Layers and the CoAP Content-Formats registrations has been approved. Well-Known URIs registration has been approved as well, with non-blocking comments from the expert: - I was a bit surprised that the spec didn't update the coap spec to put the new resource under /.well-known/coap/eap -- but that's up to the authors. - It would be good if the specification would identify the URI scheme(s) that it can be used with (per 8615 s 3).

The EAP Lower Layers registration has been approved.

Issues have been identified by the CoAP Content-Formats expert: I believe the draft would need a few updates to clarify the new media type and the precise request. * application/coap-eap is registered but never used (i.e. referred to by name) from any other section. * I couldn't find an explicit format/syntax definition for this new media type. * Is it equal to the CBOR data format defined in Section 4? If so, then section 4 should mention at least the name of the new media type and section 8.5 ideally should give a quick pointer to section 4 for the format definition. * the text in 8.6 should better refer to Section 12.3 of [RFC 7252] for the registry; link to [RFC 6690] is not so useful here. The text says "Expert Review" but that's only for the 0-255 range. For this range some additional motivation is required why it needs to be there, and this is missing. For the 256-9999 range the procedure is "IETF review" -> did you mean to select this range? It would be ok to continue the registration with the current draft, if the authors want to make text clarifications later on and not now. A number in the 256-9999 is for sure ok (if that's intended), for example 260, but for 0-255 range some reason/rationale needs to be provided. The Well-Known URIs registration has been approved, with non-blocking comments from the expert: - I was a bit surprised that the spec didn't update the coap spec to put the new resource under /.well-known/coap/eap -- but that's up to the authors. - It would be good if the specification would identify the URI scheme(s) that it can be used with (per 8615 s 3).

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-ace-wg-coap-eap-09. If any part of this review is inaccurate, please let us know.

IANA has a question about the third, fourth, and seventh actions requested in the IANA Considerations section of this document.

IANA understands that, upon approval of this document, there are eight actions which we must complete.

First, a new registry group is to be created called "CoAP-EAP Protocol".

Second, a new registry is to be created called CoAP-EAP Cipher Suites in the new CoAP-EAP Protocol registry group. The registry will be managed via Expert Review as defined in RFC8126. There are initial registrations in the new registry as follows:

Value Array Description Reference
-----+-----+-----------+----------
-24 N/A Reserved for Private Use [ RFC-to-be ]
-23 N/A Reserved for Private Use [ RFC-to-be ]
-22 N/A Reserved for Private Use [ RFC-to-be ]
-21 N/A Reserved for Private Use [ RFC-to-be ]
0 10, -16 AES-CCM-16-64-128, SHA-256 [ RFC-to-be ]
1 1, -16 A128GCM, SHA-256 [ RFC-to-be ]
2 3, -43 A256GCM, SHA-384 [ RFC-to-be ]
3 24, -16 ChaCha20/Poly1305, SHA-256 [ RFC-to-be ]
4 24, -45 ChaCha20/Poly1305, SHAKE256 [ RFC-to-be ]

Third, a new registry is to be created called CoAP-EAP Information Elements in the new CoAP-EAP Protocol registry group. There are initial registrations in the new registry as follows:

Value Name Description Reference
-----+-----+-----------+-----------
1 cipher suite List of the proposed or selected COSE algorithms for OSCORE [ RFC-to-be ]
2 RID-C It contains the Recipient ID of the EAP peer [ RFC-to-be ]
3 RID-I It contains the Recipient ID of the EAP authenticator [ RFC-to-be ]
4 Session-Lifetime Contains the time the session is valid in seconds [ RFC-to-be ]

IANA Question --> Is value 0 reserved or unused?

IANA Question --> IANA understands that values 0 - 64999 are managed via expert review and that values 65000 - 65535 are marked for experimental use as defined in section 4.2 of RFC 8126. Is this correct?

Fourth, in the Well-Known URI registry located at:

https://www.iana.org/assignments/well-known-uris/

a single new registration will be made as follows:

URI suffix: coap-eap
Change controller: IETF
Reference: [ RFC-to-be ]
Status:
Related information: None

IANA Question --> What should be the value for "Status" for this registration?

As this document requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated and completed the required Expert Review.

Fifth, in the EAP Lower Layers registry in the Extensible Authentication Protocol (EAP) Registry group at:

https://www.iana.org/assignments/eap-numbers/

a single new registration is to be made as follows:

Value: [ TBD-at-Registration ]
Lower Layer: CoAP-EAP
Reference: [ RFC-to-be ]

As this also requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Sixth, in the application namespace of the Media Types registry located at:

https://www.iana.org/assignments/media-types/

a single new registration will be made as follows:

Name: coap-eap
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

IANA notes that there is an online application for media types located at:

https://www.iana.org/form/media-types

Seventh, in the CoAP Content Formats registry in the Constrained RESTful Environments (CoRE) Parameters registry group located at:

https://www.iana.org/assignments/core-parameters/

a single new registration will be made as follows:

Content Type: application/coap-eap
Content Coding:
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

IANA Question --> What range should this registration come from in the CoAP Content Formats registry? Please see the four available ranges at:

https://www.iana.org/assignments/core-parameters/

As this also requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated the required Expert Review via a separate request. The expert has requested for some clarifications, which has been forwarded. This review must be completed before the document's IANA state can be changed to "IANA OK."

Eighth, in the Resource Type (rt=) Link Target Attribute Values registry also in the Constrained RESTful Environments (CoRE) Parameters registry group located at:

https://www.iana.org/assignments/core-parameters/

a single new registration will be made as follows:

Value: core.coap-eap
Description: CoAP-EAP resource
Reference: [ RFC-to-be ]
Notes:

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

Issues have been identified by the CoAP Content-Formats expert: I believe the draft would need a few updates to clarify the new media type and the precise request. * application/coap-eap is registered but never used (i.e. referred to by name) from any other section. * I couldn't find an explicit format/syntax definition for this new media type. * Is it equal to the CBOR data format defined in Section 4? If so, then section 4 should mention at least the name of the new media type and section 8.5 ideally should give a quick pointer to section 4 for the format definition. * the text in 8.6 should better refer to Section 12.3 of [RFC 7252] for the registry; link to [RFC 6690] is not so useful here. The text says "Expert Review" but that's only for the 0-255 range. For this range some additional motivation is required why it needs to be there, and this is missing. For the 256-9999 range the procedure is "IETF review" -> did you mean to select this range? It would be ok to continue the registration with the current draft, if the authors want to make text clarifications later on and not now. A number in the 256-9999 is for sure ok (if that's intended), for example 260, but for 0-255 range some reason/rationale needs to be provided.
     
The Well-Known URIs registration has been approved, with non-blocking comments from the expert:
- I was a bit surprised that the spec didn't update the coap spec to put the new resource under /.well-known/coap/eap -- but that's up to the authors.
- It would be good if the specification would identify the URI scheme(s) that it can be used with (per 8615 s 3).

Issues have been identified by the CoAP Content-Formats expert:

I believe the draft would need a few updates to clarify the new media type and the precise request.

* application/coap-eap is registered but never used (i.e. referred to by name) from any other section.
* I couldn't find an explicit format/syntax definition for this new media type.
* Is it equal to the CBOR data format defined in Section 4? If so, then section 4 should mention at least the name of the new media type and section 8.5 ideally should give a quick pointer to section 4 for the format definition.
* the text in 8.6 should better refer to Section 12.3 of [RFC 7252] for the registry; link to [RFC 6690] is not so useful here.
The text says "Expert Review" but that's only for the 0-255 range. For this range some additional motivation is required why it needs to be there, and this is missing.
For the 256-9999 range the procedure is "IETF review" -> did you mean to select this range?

It would be ok to continue the registration with the current draft, if the authors want to make text clarifications later on and not now.
A number in the 256-9999 is for sure ok (if that's intended), for example 260, but for 0-255 range some reason/rationale needs to be provided.

The following Last Call announcement was sent out (ends 2024-01-25):

From: The IESG
To: IETF-Announce
CC: ace-chairs@ietf.org, ace@ietf.org, draft-ietf-ace-wg-coap-eap@ietf.org, loganaden@gmail.com, paul.wouters@aiven.io
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (EAP-based Authentication Service for CoAP) to Proposed Standard


The IESG has received a request from the Authentication and Authorization for
Constrained Environments WG (ace) to consider the following document: -
'EAP-based Authentication Service for CoAP'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-01-25. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document specifies an authentication service that uses the
  Extensible Authentication Protocol (EAP) transported employing
  Constrained Application Protocol (CoAP) messages.  As such, it
  defines an EAP lower layer based on CoAP called CoAP-EAP.  One of the
  main goals is to authenticate a CoAP-enabled IoT device (EAP peer)
  that intends to join a security domain managed by a Controller (EAP
  authenticator).  Secondly, it allows deriving key material to protect
  CoAP messages exchanged between them based on Object Security for
  Constrained RESTful Environments (OSCORE), enabling the establishment
  of a security association between them.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ace-wg-coap-eap/



No IPR declarations have been submitted directly on this I-D.

# Document Shepherd Writeup

*This version is dated 8 April 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?
The Working Group reached broad agreement.


2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?
No.The consensus was particularly rough.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)
No. There was no threat of appeal.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?
There is an implementation. XXX: Check with co-authors.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?
Yes. It was reviewed by EMU WG.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.
N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?
N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.
N/A

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?
Yes. It is ready to be handed off to the responsible Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?
No. There are no remaining issues.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?
Proposed Standard.
12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.
XXX: Check with co-authors.
13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.
XXX: Check with authors.
14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.
  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == There is 1 instance of lines with non-ascii characters in the document.


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

    No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (27 May 2022) is 19 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: '0' on line 632

  -- Looks like a reference, but probably isn't: '1' on line 629

  -- Looks like a reference, but probably isn't: '2' on line 629

  ** Downref: Normative reference to an Informational RFC: RFC 5869

  ** Downref: Normative reference to an Informational RFC: RFC 7967

  == Outdated reference: A later version (-46) exists of
    draft-ietf-ace-oauth-authz-36

  == Outdated reference: draft-ietf-core-resource-directory has been
    published as RFC 9176

  == Outdated reference: draft-ietf-emu-eap-noob has been published as RFC
    9140

  -- Obsolete informational reference (is this intentional?): RFC 6347
    (Obsoleted by RFC 9147)


    Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--).
15. Should any informative references be normative or vice-versa?
Yes.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?
None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.
No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?
None.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.
No.
20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).
  *  Assignment of EAP lower layer identifier.
IANA registry: https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml.
Requires expert review: Joseph Salowey. Please ask the authors to fill in the IANA
table.

  *  Assignment of the URI /.well-known/coap-eap
IANA registry: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml.
Requires expert review: Mark Nottingham. Please ask the authors to fill in the IANA table.

  *  Assignment of the media type "application/coap-eap"

In order to move forward the draft, I am wondering if the media type registration has been filled in according to https://www.rfc-editor.org/rfc/rfc6838.html#section-5. I believe the IANA section of the document should include a template similar to this: https://datatracker.ietf.org/doc/html/rfc8613#section-13.8. I also believe it would be clear to have the exact table of the registry in the IANA section.

IANA registry: https://www.iana.org/assignments/media-types/media-types.xhtml.
Requires expert review: Ned Freed, Alexey Melnikov, Murray Kucherawy.
From RFC 6838: "registration requests can be sent to iana@iana.org". A web form for registration requests is also available: http://www.iana.org/form/media-types according to https://www.rfc-editor.org/rfc/rfc6838.html#section-5.


  *  Assignment of the content format "application/coap-eap"
IANA registry: https://www.iana.org/assignments/media-types/media-types.xhtml.
Requires expert review: Ned Freed, Alexey Melnikov, Murray Kucherawy.
Could you please send the requests to iana@iana.org ?
A web form for registration requests is also available: https://www.iana.org/form/media-types.
Please fill the IANA section with the exact table.

  *  Assignment of the resource type (rt=) "core.coap-eap"
IANA registry: https://www.iana.org/assignments/core-parameters/core-parameters.xhtml.
Requires expert review: Carsten Bormann, Jaime Jimenez, Christian Amsüss.
Could you please send the requests to iana@iana.org ?
According to https://www.rfc-editor.org/rfc/rfc6690.html#section-3.1, can you please let us know if you have followed the described procedure ?

  *  Assignment of the numbers assigned for the cipher suite
      negotiation
Can you please write down the assignment of numbers for the cipher suite negotiation ?

  *  Assignment of the numbers assigned for the numbers of the CBOR
      object in CoAP-EAP
Can you please write down the assignment of numbers of the CBOR object in CoAP-EAP ? In, particular, I would like to know the link to the IANA registry as well as the reference to the registration procedure you followed and the exact table.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html

# Document Shepherd Writeup

*This version is dated 8 April 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this writeup to give helpful context to Last Call and
Internet Engineering Steering Group ([IESG][1]) reviewers, and your diligence in
completing it, is appreciated. The full role of the shepherd is further
described in [RFC 4858][2], and informally. You will need the cooperation of
authors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?
The Working Group reached broad agreement.


2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?
No.The consensus was particularly rough.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)
No. There was no threat of appeal.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?
There is an implementation. XXX: Check with co-authors.

### Additional Reviews

5. Does this document need review from other IETF working groups or external
  organizations? Have those reviews occurred?
Yes. It was reviewed by EMU WG.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.
N/A

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?
N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.
N/A

### Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?
Yes. It is ready to be handed off to the responsible Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. Do any such issues remain that would merit specific
    attention from subsequent reviews?
No. There are no remaining issues.

11. What type of RFC publication is being requested on the IETF stream (Best
    Current Practice, Proposed Standard, Internet Standard, Informational,
    Experimental, or Historic)? Why is this the proper type of RFC? Do all
    Datatracker state attributes correctly reflect this intent?
Proposed Standard.
12. Has the interested community confirmed that any and all appropriate IPR
    disclosures required by [BCP 78][7] and [BCP 79][8] have been filed? If not,
    explain why. If yes, summarize any discussion and conclusion regarding the
    intellectual property rights (IPR) disclosures, including links to relevant
    emails.
XXX: Check with co-authors.
13. Has each Author or Contributor confirmed their willingness to be listed as
    such? If the number of Authors/Editors on the front page is greater than 5,
    please provide a justification.
XXX: Check with authors.
14. Identify any remaining I-D nits in this document. (See [the idnits tool][9]
    and the checkbox items found in Guidelines to Authors of Internet-Drafts).
    Simply running the idnits tool is not enough; please review the entire
    guidelines document.
  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

    No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == There is 1 instance of lines with non-ascii characters in the document.


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

    No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  -- The document date (27 May 2022) is 19 days in the past.  Is this
    intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

    (See RFCs 3967 and 4897 for information about using normative references
    to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: '0' on line 632

  -- Looks like a reference, but probably isn't: '1' on line 629

  -- Looks like a reference, but probably isn't: '2' on line 629

  ** Downref: Normative reference to an Informational RFC: RFC 5869

  ** Downref: Normative reference to an Informational RFC: RFC 7967

  == Outdated reference: A later version (-46) exists of
    draft-ietf-ace-oauth-authz-36

  == Outdated reference: draft-ietf-core-resource-directory has been
    published as RFC 9176

  == Outdated reference: draft-ietf-emu-eap-noob has been published as RFC
    9140

  -- Obsolete informational reference (is this intentional?): RFC 6347
    (Obsoleted by RFC 9147)


    Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 5 comments (--).
15. Should any informative references be normative or vice-versa?
Yes.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?
None.

17. Are there any normative downward references (see [RFC 3967][10],
    [BCP 97][11])? If so, list them.
No.

18. Are there normative references to documents that are not ready for
    advancement or are otherwise in an unclear state? If they exist, what is the
    plan for their completion?
None.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.
No.
20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][12]).
  *  Assignment of EAP lower layer identifier.
IANA registry: https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml.
Requires expert review: Joseph Salowey. Please ask the authors to fill in the IANA
table.

  *  Assignment of the URI /.well-known/coap-eap
IANA registry: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml.
Requires expert review: Mark Nottingham. Please ask the authors to fill in the IANA table.

  *  Assignment of the media type "application/coap-eap"

In order to move forward the draft, I am wondering if the media type registration has been filled in according to https://www.rfc-editor.org/rfc/rfc6838.html#section-5. I believe the IANA section of the document should include a template similar to this: https://datatracker.ietf.org/doc/html/rfc8613#section-13.8. I also believe it would be clear to have the exact table of the registry in the IANA section.

IANA registry: https://www.iana.org/assignments/media-types/media-types.xhtml.
Requires expert review: Ned Freed, Alexey Melnikov, Murray Kucherawy.
From RFC 6838: "registration requests can be sent to iana@iana.org". A web form for registration requests is also available: http://www.iana.org/form/media-types according to https://www.rfc-editor.org/rfc/rfc6838.html#section-5.


  *  Assignment of the content format "application/coap-eap"
IANA registry: https://www.iana.org/assignments/media-types/media-types.xhtml.
Requires expert review: Ned Freed, Alexey Melnikov, Murray Kucherawy.
Could you please send the requests to iana@iana.org ?
A web form for registration requests is also available: https://www.iana.org/form/media-types.
Please fill the IANA section with the exact table.

  *  Assignment of the resource type (rt=) "core.coap-eap"
IANA registry: https://www.iana.org/assignments/core-parameters/core-parameters.xhtml.
Requires expert review: Carsten Bormann, Jaime Jimenez, Christian Amsüss.
Could you please send the requests to iana@iana.org ?
According to https://www.rfc-editor.org/rfc/rfc6690.html#section-3.1, can you please let us know if you have followed the described procedure ?

  *  Assignment of the numbers assigned for the cipher suite
      negotiation
Can you please write down the assignment of numbers for the cipher suite negotiation ?

  *  Assignment of the numbers assigned for the numbers of the CBOR
      object in CoAP-EAP
Can you please write down the assignment of numbers of the CBOR object in CoAP-EAP ? In, particular, I would like to know the link to the IANA registry as well as the reference to the registration procedure you followed and the exact table.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://trac.ietf.org/trac/ops/wiki/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://trac.ietf.org/trac/iesg/wiki/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp78
[8]: https://www.rfc-editor.org/info/bcp79
[9]: https://www.ietf.org/tools/idnits/
[10]: https://www.rfc-editor.org/rfc/rfc3967.html
[11]: https://www.rfc-editor.org/info/bcp97
[12]: https://www.rfc-editor.org/rfc/rfc8126.html