Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained Application Protocol (CoAP) and Object Security for Constrained RESTful Environments (OSCORE)
draft-ietf-core-oscore-edhoc-11
Yes
Paul Wouters
No Objection
Erik Kline
Jim Guichard
Murray Kucherawy
Zaheduzzaman Sarker
Recuse
Note: This ballot was opened for revision 10 and is now closed.
Orie Steele
Yes
Comment
(2024-03-28 for -10)
Sent
Thanks to Shuping Peng for the ART-ART review. Thanks to Carsten Bormann for the shepherd writeup. In Section 2 """ The Content-Format of the request can be set to application/cid-edhoc+cbor-seq. """ SHOULD ? or MUST ?.. same question for the use of "can" in the following sections. In Section 3.2.1 """ The application/cid-edhoc+cbor-seq media type does not apply to this message, whose media type is unnamed. """ I think this is intending to say "application/cid-edhoc+cbor-seq" SHOULD NOT be used for this message... but this could be clearer if a media type was named.
Paul Wouters
Yes
Erik Kline
No Objection
Gunter Van de Velde
No Objection
Comment
(2024-03-29 for -10)
Sent
idnits spits up a downref (ref. 'I-D.ietf-core-target-attr'). Not sure if in the reference section an IANA registry reference is better informational then normative reference.
Jim Guichard
No Objection
John Scudder
(was Discuss)
No Objection
Comment
(2024-04-03 for -10)
Sent
Thanks for the discussion. On that basis (and also IANA feedback) I'm clearing my DISCUSS. See also my reply to the DISCUSS email thread.
Mahesh Jethanandani
No Objection
Comment
(2024-03-26 for -10)
Sent
Thanks to Juergen for his OPSDIR review. I am no security expert, and therefore relying on the SECDIR review from Wes to ballot my position. Just one nit. If there are no IANA considerations, it should probably just state that, rather than to go onto giving RFC Editor instructions in the section. But I imagine IANA will take one look at the section, and just ignore it, while the RFC Editors wonder why the instruction for them were left in the IANA Considerations section.
Murray Kucherawy
No Objection
Roman Danyliw
No Objection
Comment
(2024-04-02 for -10)
Not sent
Thank you to Joel Halpern for the GENART review. ** References. [RFC8392], [RFC5280] and [I-D.ietf-cose-cbor-encoded-cert] are being used to references to create registry in Section 8.3. They should be normative references.
Warren Kumari
No Objection
Comment
(2024-04-02 for -10)
Sent
I support John Scudder's DISCUSS position -- the Specification Required with Standards Action and a Designated Expert" isn't on the menu[0], and it's unclear what it means. Also, much thanks to Jürgen Schönwälder for the OpsDir review (https://datatracker.ietf.org/doc/review-ietf-core-oscore-edhoc-10-opsdir-telechat-schoenwaelder-2024-03-03/), and to the authors for addressing it. W [0]: While reading John DISCUSS, I ended up with a hankering for ice-cream with whipped-cream, chocolate sauce, sprinkles and a cherry...
Zaheduzzaman Sarker
No Objection
Éric Vyncke
No Objection
Comment
(2024-04-03 for -10)
Sent
Thanks for the work and thanks to Emmanuel Baccelli for the IoT directorate review at: https://datatracker.ietf.org/doc/review-ietf-core-oscore-edhoc-10-iotdir-telechat-baccelli-2024-03-27/ Strong suggestion to the authors: please reply to Emmanuel's review.
Francesca Palombini
Recuse
Comment
(2024-03-08 for -10)
Not sent
I am an author of this one.