HTML format at http://jaimejim.github.io/temp/draft-ietf-core-object-security.html
## Shepherd Writeup
* Document Shepherd: Jaime Jiménez, <firstname.lastname@example.org>
* Area Director: Alexey Melnikov, <email@example.com>
This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.
The document is intended as a Standards Track document.
###Review and Consensus
The document has gone through multiple expert reviews and has been discussed on multiple IETF meetings. Before the last IETF the WGLC was completed.
Each author has stated that they do not have direct, personal knowledge of any IPR related to this document. I am not aware of any IPR discussion about this document on the CoRE WG.
There are RFC Editor comments that need to be edited out "note to RFC Editor".
There have been multiple (informal) interops that have been instrumental in improving the document.
There are some available implementations at:
- Java (Californium): https://bitbucket.org/lseitz/oscoap_californium
- C (Contiki, Erbium): https://github.com/Gunzter/contiki-oscoap
- Python (aiocoap): https://github.com/chrysn/aiocoap
- C# (CoAP-CSharp): https://github.com/Com-AugustCellars/CoAP-CSharp
- Python (CoAP for openwsn): https://github.com/openwsn-berkeley/coap
- C (openwsn-fw): https://github.com/openwsn-berkeley/openwsn-fw
* [x] Does the shepherd stand behind the document and think the document is ready for publication?
* [x] Is the correct RFC type indicated in the title page header?
* [x] Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
* [x] Is the intent of the document accurately and adequately explained in the introduction?
* [x] Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?
* [x] Has the shepherd performed automated checks -- idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on -- and determined that the document passes the tests?
* [x] Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
* [x] Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
* [x] Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
* [x] If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction? `Does not apply`
* [x] If this is a "bis" document, have all of the errata been considered? `Does not apply`
IANA shall add 'kid context' to the COSE Header Parameters Registry.
A new CoAP Option is created.
a new CoAP Signaling Option is created.
a new Header Field is added to the Message Headers registry.
* [x] Are the IANA Considerations clear and complete? Remember that IANA have to understand unambiguously what's being requested, so they can perform the required actions.
* [x] Are all protocol extensions that the document makes associated with the appropriate reservations in IANA registries?
* [x] Are all IANA registries referred to by their exact names (check them in http://www.iana.org/protocols/ to be sure)?
* [x] Have you checked that any registrations made by this document correctly follow the policies and procedures for the appropriate registries?
* [x] For registrations that require expert review (policies of Expert Review or Specification Required), have you or the working group had any early review done, to make sure the requests are ready for last call?
* [x] For any new registries that this document creates, has the working group actively chosen the allocation procedures and policies and discussed the alternatives?
* [x] Have reasonable registry names been chosen (that will not be confused with those of other registries), and have the initial contents and valid value ranges been clearly specified?