Skip to main content

Constrained RESTful Environments (CoRE) Resource Directory
draft-ietf-core-resource-directory-28

Revision differences

Document history

Date Rev. By Action
2022-04-15
28 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2022-02-03
28 (System) RFC Editor state changed to AUTH48
2021-11-10
28 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2021-10-08
28 (System) RFC Editor state changed to EDIT from MISSREF
2021-05-05
28 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2021-05-05
28 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2021-05-05
28 (System) IANA Action state changed to In Progress from Waiting on Authors
2021-05-04
28 (System) IANA Action state changed to Waiting on Authors from In Progress
2021-05-04
28 (System) IANA Action state changed to In Progress from On Hold
2021-03-19
28 (System) IANA Action state changed to On Hold from In Progress
2021-03-19
28 (System) IANA Action state changed to In Progress from Waiting on Authors
2021-03-17
28 (System) IANA Action state changed to Waiting on Authors from In Progress
2021-03-17
28 (System) IANA Action state changed to In Progress from Waiting on Authors
2021-03-16
28 (System) IANA Action state changed to Waiting on Authors from In Progress
2021-03-08
28 (System) RFC Editor state changed to MISSREF
2021-03-08
28 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2021-03-08
28 (System) Announcement was received by RFC Editor
2021-03-08
28 (System) IANA Action state changed to In Progress
2021-03-07
28 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2021-03-07
28 Amy Vezza IESG has approved the document
2021-03-07
28 Amy Vezza Closed "Approve" ballot
2021-03-07
28 Amy Vezza Ballot approval text was generated
2021-03-07
28 Barry Leiba IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup
2021-03-07
28 Christian Amsüss New version available: draft-ietf-core-resource-directory-28.txt
2021-03-07
28 (System) New version approved
2021-03-07
28 (System)
Request for posting confirmation emailed to previous authors: Carsten Bormann , Christian Amsuess , Michael Koster , Peter van der Stok , Zach Shelby , …
Request for posting confirmation emailed to previous authors: Carsten Bormann , Christian Amsuess , Michael Koster , Peter van der Stok , Zach Shelby , core-chairs@ietf.org
2021-03-07
28 Christian Amsüss Uploaded new revision
2021-02-24
27 Barry Leiba Doing another check with Christian before finishing this up...
2021-02-22
27 Christian Amsüss New version available: draft-ietf-core-resource-directory-27.txt
2021-02-22
27 (System) New version approved
2021-02-22
27 (System)
Request for posting confirmation emailed to previous authors: Carsten Bormann , Christian Amsuess , Michael Koster , Peter van der Stok , Zach Shelby , …
Request for posting confirmation emailed to previous authors: Carsten Bormann , Christian Amsuess , Michael Koster , Peter van der Stok , Zach Shelby , core-chairs@ietf.org
2021-02-22
27 Christian Amsüss Uploaded new revision
2021-02-10
26 Barry Leiba Looking at Ben’s non-blocking comments on -26 before the final go-ahead.
2021-02-10
26 Barry Leiba IESG state changed to Approved-announcement to be sent::AD Followup from IESG Evaluation::AD Followup
2021-02-10
26 Benjamin Kaduk
[Ballot comment]
Thanks for the updates in the -26; they help a lot.

I'm particularly happy to see the (default/example)
"first-come-first-remembered" policy in § 7.5, …
[Ballot comment]
Thanks for the updates in the -26; they help a lot.

I'm particularly happy to see the (default/example)
"first-come-first-remembered" policy in § 7.5, which does a good job of
documenting its properties (including potential deficiencies) and can be
usable for many environments.  (I do have some suggestions for
improvements to the specific wording in the section-by-section comments,
but on the whole I like it.)

It does lead in to a more general comment, though (which is not exactly
new to the changes in the -26 though it is reflected in several of
them): some aspects of the concept of "authorization" to appear in a
directory, and the verification of authorization for the entire flow
from client locating the RD server to final request at the discovered
resource, are somewhat subtle.  (The new text discusses, e.g., "repeat
the URI discovery step at the /.well-known/core resource of the
indicated host to obtain the resource type information from an
authorized source" and "a straightforward way to verify [discovered
information] is to request it again from an authorized server, typically
the one that hosts the target resource".)  The aspects I'm concerned
about are not matters of a resource server being authorized to publish
to a directory or a client deeming that a server is authorized to act as
an RD (though both of those are also important), but seems to rather
just be relating to the RD faithfully disseminating the information the
RD retrieved from /.well-known/core discovery on the given server(s)
(or otherwise learned via some other mechanism).
In this sense the RD is just acting as a cache or efficiency aid, but
the authoritative source of the information remains (in general) the
server hosting the resource.  To be clear, I think the procedures that
this document specifies are good and correct procedures for a client to
perform, I'm just not sure whether "authorized" is the right term in
these cases; "authoritative" might be more appropriate, in that the
operation in question is to verify the information retrieved from the RD
(which acts in some sense as an intermediary) at the more authoritative
source.

(On a tangent from that note, it seems that there is not necessarily any
indication to a client that a server claiming to provide a given
resource (whether discovered via RD or /.well-known/core) is actually
authorized to provide such a resource and be trusted by the client.  But
that's not really a property of RD, and rather the underlying CoRE
mechanism and any provisioned trust database, so my thoughts about it
seem out of scope for this document.)

Section 5.1

  URI Template Variables are as they are for registration in Section 5.
  The base attribute is not accepted to keep the registration interface
  simple; that rules out registration over CoAP-over-TCP or HTTP that
  would need to specify one.  For some time during this document's
  development, the URI template "/.well-known/core{?ep,...}" has been
  in use instead.

(It's not entirely clear to me what the reader is expected to do with
the information about the previous formulation.)

Section 7.3

  In this case, the endpoint (and not the lookup clients) needs to be
  careful to check the RD's authorization.

(It seems that something also needs to cause the RD to check the
authorization of lookup clients to receive the information in question,
which might be worth reiterating in this section.)

Section 7.5

  *  If the client's credentials indicate any subject name that is
      certified by any authority which the RD recognizes (which may be
      the system's trust anchor store), all those subject names are
      stored.  [...]

I'm pretty sure the intent here is that only the subject names that are
certified by the recognized authority(ies) are stored, in which case I'd
suggest to s/all those/all such/.

      With X.509 certificates, the Common Name (CN) and the complete
      list of SubjectAltName entries are stored.  In both cases, the
      authority that certified the claim is stored along with the
      subject, as the latter may only be locally unique.

(I can understand why the "store the whole list" logic is used, though
there may be some subtleties about name constraints on the (X.509) CAs
used, which is why we typically don't recomment treating the entire list
of names in the certificate as validated from a single operation,
instead preferring "is this certificate authenticated for this specific
name?" when the specific target name is available.)

  *  If neither is present, a reference to the security session itself
      is stored.  With (D)TLS, that is the connection itself, or the
      session resumption information if available.  With OSCORE, that is
      the security context.

Should we talk about whether the lifetime of registration entries is
related to the various lifetimes of these credentials/identifiers?  DTLS
without resumption is perhaps an interesting case, in that keeping the
DTLS association "live" just to be able to update the registration
information seems impractical, so perhaps some fixed cap would be
applied on the lifetime in that case.  If resumption is used, the
resumption information (ticket or session state) has some finite
lifetime that could be used to bound the lifetime of the registration.
IIRC an OSCORE security context can also have an expiration time;
certificates and JWT/CWT have expiration time as well (though the
procedures in the first bullet point would effectively allow a "renewal"
operation), but the validity period (if any) of a raw public key would
have to be provisioned along with that key (or just have RPK be handled
akin to DTLS without resumption, I guess).

  Any operation on a registration resource, including registrations
  that lead to an existing registration resource, MUST be rejected by
  the RD unless all the stored information is found in the new
  request's credentials.

(Similar to my earlier parenthetical comment, the requirement for exact
match of all subject name information is unusual.  In effect this is a
way of pinning the set of names that the CA has chosen to include in a
single certificate, which is arguably a stronger requirement than needed
but should not lead to any unauthorized access.)
2021-02-10
26 Benjamin Kaduk [Ballot Position Update] Position for Benjamin Kaduk has been changed to No Objection from Discuss
2021-02-01
26 Éric Vyncke
[Ballot comment]
Thank you for the work put into this document. As you can noticed, I have cleared my 2 DISCUSS points (kept below for …
[Ballot comment]
Thank you for the work put into this document. As you can noticed, I have cleared my 2 DISCUSS points (kept below for archive) thank you also for replying to my comments over email.

BTW, I appreciated the use of ASCII art to represent an entity-relationship diagram !

I hope that this helps to improve the document,

Regards,

-éric

== cleared DISCUSS (no more blocking, kept for history) ==

-- Section 4.1 --
It will be trivial to fix, in IPv6 address configuration (SLAAC vs. DHCP) is orthogonal to DHCP 'other-information'. E.g., even if address is configured via SLAAC, DHCPv6 other-information can be used to configure the Recursive DNS Server (or possibly the RD).

-- Section 4.1.1 --
Another trivial DISCUSS to fix: in which message is this RDAO sent ? I guess unicast Router Advertisement but this MUST be specified.== COMMENTS ==

In general, I wonder how much interactions and exchanges of ideas have happened in the long history of this document with the DNSSD (DNS Service Discovery) Working Group that has very similar constraints (sleeping nodes) and same objectives.

-- Section 2 --
To be honest: I am not too much an APP person; therefore, I was surprised to see "source address (URI)" used to identify the "anchor="... I do not mind too much the use of "destination address (URI)" as it is really a destination but the anchor does not appear to me as a "source address". Is it common terminology ? If so, then ignore my COMMENT, else I suggest to change to "destination URI" and simply "anchor" ?

-- Section 3.3 --
Should the lifetime be specified in seconds at first use in the text?

-- Section 3.6 --
Is the use of "M2M" still current? I would suggest to use the word "IoT" esp when 6LBR (assuming it is 6LO Border Router) is cited later.

Please expand and add reference for 6LBR.

Using 'modern' technologies (cfr LP-WAN WG) could also add justification to section 3.5.

-- Section 4.1 --
About "coap://[MCD1]/.well-known/core?rt=core.rd*", what is the value of MCD1 ? The IANA section discuss about it but it may help the reader to give a hint before (or simply use TBDx that is common in I-D).

Any reason to use "address" rather than "group" in "When answering a multicast request directed at a link-local address" ?

Later "to use one of their own routable addresses for registration." but there can be multiple configured prefixes... Which one should the RD select ? Should this be specified ?

As a co-author of RFC 8801, I would have appreciated to read PvD option mentionned to discover the RD. Any reason why PvD Option cannot be used ?

-- Section 4.1.1 --
I suggest to swap the reserved and lifetime fields in order to be able to use a lifetime in units of seconds (to be consistent with other NDP options).

-- Section 5 --
May be I missed it, but, can an end-point register multiple base URI ? E.g., multiple IPv6 addresses.

-- Section 9.2 --
For information, value 38 is already assigned to RFC 8781.



== NITS ==

-- Section 2 --
The extra new lines when defining "Sector" are slighly confusing. Same applies to "Target" and "Context". This is cosmetic only.
2021-02-01
26 Éric Vyncke Ballot comment text updated for Éric Vyncke
2021-02-01
26 Éric Vyncke [Ballot Position Update] Position for Éric Vyncke has been changed to No Objection from Discuss
2021-01-29
26 Erik Kline
[Ballot comment]
[[ comments ]]

Clearing my discuss from -25.  Thanks for the thoughtful feedback.

[ section 4.1.1 ]

* I just thought of one …
[Ballot comment]
[[ comments ]]

Clearing my discuss from -25.  Thanks for the thoughtful feedback.

[ section 4.1.1 ]

* I just thought of one thing that might help save some RA space:

In the case (perhaps not the common case) there the RDAO IPv6 address is the same as the source address of the RA itself, the length field could be just 1 and the IPv6 address field omitted.

I don't think this complicates parsing too much -- the length is either 3 => address included or 1 => address is the RA source address (a link-local address).

I'll leave it up to the group to consider whether this is a useful optimisation or not.  Perhaps this idea has already been considered and rejected, though.
2021-01-29
26 Erik Kline [Ballot Position Update] Position for Erik Kline has been changed to No Objection from Discuss
2020-11-15
26 Roman Danyliw [Ballot comment]
Thanks for addressing my DISCUSS and COMMENT feedback.
2020-11-15
26 Roman Danyliw [Ballot Position Update] Position for Roman Danyliw has been changed to No Objection from Discuss
2020-11-14
26 Marco Tiloca Added to session: IETF-109: core  Tue-1200
2020-11-02
26 (System) Sub state has been changed to AD Followup from Revised ID Needed
2020-11-02
26 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2020-11-02
26 Christian Amsüss New version available: draft-ietf-core-resource-directory-26.txt
2020-11-02
26 (System) New version approved
2020-11-02
26 (System)
Request for posting confirmation emailed to previous authors: Zach Shelby , core-chairs@ietf.org, Peter van der Stok , Michael Koster , Carsten Bormann , Christian …
Request for posting confirmation emailed to previous authors: Zach Shelby , core-chairs@ietf.org, Peter van der Stok , Michael Koster , Carsten Bormann , Christian Amsuess
2020-11-02
26 Christian Amsüss Uploaded new revision
2020-11-02
26 Christian Amsüss Uploaded new revision
2020-09-10
25 Marco Tiloca Changed document external resources from:

[]

to:

github_repo https://github.com/core-wg/resource-directory (Working Group Repo)
2020-08-28
25 Barry Leiba
There are four DISCUSS ballots on this, as well as comments from Rob Wilton and some minor issues raised in a Gen-ART review... all need …
There are four DISCUSS ballots on this, as well as comments from Rob Wilton and some minor issues raised in a Gen-ART review... all need responses from the authors.
2020-08-28
25 Barry Leiba IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation::AD Followup
2020-08-17
25 Jaime Jimenez
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Barry Leiba 

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, …
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Barry Leiba 

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient.  These problems can be solved by employing an entity called a Resource Directory (RD), which hosts descriptions of resources held on other servers, allowing lookups to be performed for those resources.  This document specifies the web interfaces that a Resource Directory supports in order for web servers to discover the RD and to register, maintain, lookup and remove resources descriptions.  Furthermore, new link attributes useful in conjunction with an RD are defined.

The document is intended for Standards Track.

### Review and Consensus

The document has gone through multiple expert reviews and has been discussed on multiple IETF meetings.
There have been several implementations and interoperability events during IETF Hackathons and off-site.
There are implementations made by Open Source OS makers (e.g. Mbed, RIOT...), several open source implementations by individuals (e.g. aiocoap, californium...) and versions run by companies on their products as well as several SDO (i.e., OMA, etc) implementations that use *some* version of this draft. 

### Intellectual Property

Each author has stated that they do not have direct, personal knowledge of any IPR related to this document. I am not aware of any IPR discussion about this document on the CoRE WG.

### Other Points

Since this document has been work in progress for several years now, it is cumbersome to find references to the specific discussions regarding new core-parameters.
They were added already in earlier versions of the draft, taking RFC6690 as a model for link formatting.
Some of the discussions on the new "rt=" values and registry can be found at https://github.com/core-wg/resource-directory/issues?utf8=%E2%9C%93&q=rt%3D

### Checklist

* [x] Does the shepherd stand behind the document and think the document is ready for publication?
* [x] Is the correct RFC type indicated in the title page header?
* [x] Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
* [x] Is the intent of the document accurately and adequately explained in the introduction?
* [x] Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?                                                         
* [x] Has the shepherd performed automated checks -- idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on -- and determined that the document passes the tests?
* [x] Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
* [x] Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
* [x] Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
* [x] If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction?
* [x] If this is a "bis" document, have all of the errata been considered?

* **IANA** Considerations:

        * [x] Are the IANA Considerations clear and complete? Remember that IANA have to understand unambiguously what's being requested, so they can perform the required actions.
        * [x] Are all protocol extensions that the document makes associated with the appropriate reservations in IANA registries?
        * [x] Are all IANA registries referred to by their exact names (check them in http://www.iana.org/protocols/ to be sure)?
        * [x] Have you checked that any registrations made by this document correctly follow the policies and procedures for the appropriate registries?
        * [x] For registrations that require expert review (policies of Expert Review or Specification Required), have you or the working group had any early review done, to make sure the requests are ready for last call?
        * [x] For any new registries that this document creates, has the working group actively chosen the allocation procedures and policies and discussed the alternatives?
        * [x]  Have reasonable registry names been chosen (that will not be confused with those of other registries), and have the initial contents and valid value ranges been clearly specified?
2020-08-13
25 Cindy Morgan IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation
2020-08-13
25 Robert Wilton
[Ballot comment]
Hi,

Thank you for this document.

I'm glad that the shepherd's writeup indicates that there are implementations since that indicates that there does …
[Ballot comment]
Hi,

Thank you for this document.

I'm glad that the shepherd's writeup indicates that there are implementations since that indicates that there does appear to be value in standardizing this work, despite its long journey.

My main comment (which I was considering raising as a discuss) is:

Since this document is defining a new service, I think that this document would benefit on having a short later section on "Operations, Administration and Management".  This document does seem to cover some management/administration considerations in various sections in a somewhat ad hoc way, but having a section highlighting those would potentially make it easier deploy.  Defining a common management model (or API) would potentially also make administration of the service easier, I don't know if that had been considered, and if useful could be done as a separate document.

A few other comments:

    5.3.  Operations on the Registration Resource

      An endpoint should not use this interface for registrations that it
      did not create.  This is usually enforced by security policies, which
      in general require equivalent credentials for creation of and
      operations on a registration.

What happens if an endpoint is managing the registration and is upgraded to new hardware with a different certificate?  Would the updated endpoint expect to be able to update the registration?  Or would it have to wait for the existing registration to timeout (which could be a long time)?

    5.3.  Operations on the Registration Resource

      The Registration Resource may also be used cancel the registration
      using DELETE, and to perform further operations beyond the scope of
      this specification.

      These operations are described below.
 
Nit: Perhaps reword the second sentence.  Otherwise it seems to conflict with the last sentence of the prior paragraph.

    5.3.1.  Registration Update

      The update interface is used by the registering endpoint to refresh
      or update its registration with an RD.  To use the interface, the
      registering endpoint sends a POST request to the registration
      resource returned by the initial registration operation.

      An update MAY update the lifetime or the base URI registration
      parameters "lt", "base" as in Section 5.  Parameters that are not
      being changed SHOULD NOT be included in an update.  Adding parameters
      that have not changed increases the size of the message but does not
      have any other implications.  Parameters MUST be included as query
      parameters in an update operation as in Section 5.

The "SHOULD NOT" feels a bit strong to me, and I would prefer to see this as "MAY NOT".  In many cases, if the configuration is not too big then providing the full configuration makes it easy to guarantee that the receiver has exactly the correct configuration.  I appreciate that there are many cases where from an endpoint perspective it may want to keep the update small, but if I was doing this from a CT, I think that I would rather just resend the entire configuration, if it is not large.

    5.3.1.  Registration Update

      Req: GET /rd-lookup/res?ep=endpoint1

      Res: 2.05 Content
      Payload:
      ;ct=41;
          rt="temperature-c";if="sensor";
          anchor="coap://local-proxy-old.example.com:5683/",
      ;
          anchor="coap://local-proxy-old.example.com:5683/sensors/temp";
          rel="describedby"

          Figure 14: Example lookup before a change to the base address

Just to check, is it correct that the anchor in the http link is also to coap://?  If this is wrong then there is a second example in the same section that also needs to be fixed.       
     
Regards,
Rob
2020-08-13
25 Robert Wilton [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton
2020-08-13
25 Benjamin Kaduk
[Ballot discuss]
I agree with Roman that the authorization model seems under-developed.
While I recognize that there is need for flexibility across various
deployments, I …
[Ballot discuss]
I agree with Roman that the authorization model seems under-developed.
While I recognize that there is need for flexibility across various
deployments, I think that we should be providing a default model (and
procedures for it) that will apply in many cases, and let
deployments specify alternate models if needed.  This stuff is hard
enough to get right that we should have a secure option that people can
use if they don't need to have customized details.  (To be clear, I
agree with the change of focus from -24 to -25 on the properties that a
security policy needs to provide and/or consider, as that is
fundamentally the important thing.  I just want a fallback/default
option that "does something reasonable in most cases" in addition.
Doing that by reference to some other existing thing would be fine, if
such a thing exists.)

In particular, the current text seems to rely on the authorization
model including:

(1) the RD knowing how clients will be using it (and thus what
properties the RD needs to enforce), which in the general case cannot be
known (though for static networks it could be), yet I don't see any
discussion that indicates this as a prerequisite; and

(2) the client either knowing out-of-band that an entity is authorized
to act as a RD or just blindly trusting any of the unauthenticated (*)
advertisement mechanisms.  (* Yes, there may be some protection in the
network on subscribing to the relevant multicast address, DNS-SD, etc.,
but the client cannot a priori know that such protections are in place.)

Relatedly, the naming model and naming authority should have some
clearer discussion.  We do mention in Section 7 the possibility for a
weak naming model where the RD is responsible for enforcing uniqueness
of names but otherwise link attributes are the primary authorization
criteria (vs. a traditional scheme with a naming authority and naming
hierarchy), but with naming as a fundamental prerequisite of any
authentication/authorization scheme, I think clearer discussion of how a
naming model is to be selected (and, perhaps more importantly, that it
must be fixed as part of a given deployment) for a given network is
needed.

If I understand correctly, we have some codepoint squatting going on in
the examples (e.g., for resource types).

We should talk about the security properties of the various RD discovery
mechanisms that are defined.
2020-08-13
25 Benjamin Kaduk
[Ballot comment]
My apologies for where these comments diverge off into rambling
incoherency, or where I'm misunderstanding something that's clearly laid
out; this document had …
[Ballot comment]
My apologies for where these comments diverge off into rambling
incoherency, or where I'm misunderstanding something that's clearly laid
out; this document had the misfortune of being the last one I got to
this week.

Section 1

  [RFC6690] only describes how to discover resources from the web
  server that hosts them by querying "/.well-known/core".  In many
  constrained scenarios, direct discovery of resources is not practical
  due to sleeping nodes, disperse networks, or networks where multicast
  traffic is inefficient.  These problems can be solved by employing an
  entity called a Resource Directory (RD), which contains information
  about resources held on other servers, allowing lookups to be
  performed for those resources.

nit(?): I'd consider specifying that the RD is "a trusted entity".
(Even when the resources themselves are authenticated, a hostile RD can
still deny existence of a given resource, so by choosing to use an RD
there is some level of trust involved.)

Section 2

  Resource Directory (RD)
      A web entity that stores information about web resources and
      implements the REST interfaces defined in this specification for
      discovery, for the creation, the maintenance and the removal of
      registrations, and for lookup of the registered resources.

nit: the list structure is not parallel here.  Maybe "for discovery,
creation, maintenance, and removal of registrations, and for lookup of
the registered resources"?

  Commissioning Tool
      Commissioning Tool (CT) is a device that assists during the
      installation of the network by assigning values to parameters,
      naming endpoints and groups, or adapting the installation to the
      needs of the applications.

Is "the installation of the network" a one-time event?  (Might a CT be
involved when adding a new device to a network at a later time?)

Section 3.1

  Information SHOULD only be stored in the RD if it can be obtained by
  querying the described device's /.well-known/core resource directly.

When might that not be the case?

Section 3.2

  The RD architecture is illustrated in Figure 1.  An RD is used as a
  repository of registrations describing resources hosted on other web
  servers, also called endpoints (EP).  An endpoint is a web server
  associated with a scheme, IP address and port.  A physical node may

(side note) hmm, I feel like in the HTTP world an endpoint is more
likely to be associated with a DNS name than an IP address, in common
usage.  Also, we later go on to assert that the endpoint's name has
primacy and that the IP address/port can be ephemeral.

  An endpoint uses specific interfaces to register, update and remove a
  registration.  It is also possible for an RD to fetch Web Links from
  endpoints and add their contents to its registrations.

  At the first registration of an endpoint, a "registration resource"
  is created, the location of which is returned to the registering
  endpoint.  The registering endpoint uses this registration resource
  to manage the contents of registrations.

Does the "RD fetches links unilaterally" case count as a "first
registration of an endpoint"?  I'm having a hard time seeing how these
two statements are consistent with each other, and a naive reading
admits the possibility that a given endpoint could be "locked out" of
the ability to manage the contents of its registrations.

Section 4

  REST clients (registrant-EPs and CTs during registration and
  maintenance, lookup clients, RD servers during simple registrations)
  MUST be prepared to receive any unsuccessful code and act upon it
  according to its definition, options and/or payload to the best of
  their capabilities, falling back to failing the operation if recovery
  is not possible.  In particular, they should retry the request upon

"MUST be prepared [...] to the best of their abilities" seems
non-actionable.  The stuff after "In particular", on the other hand, is
actual concrete guidance that could be mandated using normative
language.

Section 4.1

  1.  In a 6LoWPAN, just assume the Border Router (6LBR) can act as an
      RD (using the ABRO option to find that [RFC6775]).  Confirmation
      can be obtained by sending a Unicast to "coap://[6LBR]/.well-
      known/core?rt=core.rd*".

nit(?): I was unaware that "Unicast" was a proper noun.

Section 4.3

  "core.rd" in the query string.  Likewise, a Resource Type parameter
  value of "core.rd-lookup*" is used to discover the URIs for RD Lookup
  operations, core.rd* is used to discover all URI paths for RD
  operations.  [...]

Is the distinction between URIs (for RD Lookup) and URI paths (for RD)
important here?

  While the link targets in this discovery step are often expressed in
  path-absolute form, this is not a requirement.  Clients of the RD
  SHOULD therefore accept URIs of all schemes they support, both as
  URIs and relative references, and not limit the set of discovered
  URIs to those hosted at the address used for URI discovery.

I'm not sure I see how the "not limit [...] to those hosted at the
address used for URI discovery" follows from the non-requirement for
expression of the link-targets from discovery in path-absolute form.
(Given the ability to send the discovery query to a multicast address,
the guidance seems okay; it's just the "therefore" that is puzzling me.)

  It would typically be stored in an implementation information link
  (as described in [I-D.bormann-t2trg-rel-impl]):

  Req: GET /.well-known/core?rel=impl-info

This seems to be depicting a link-relation type that is not registered
at https://www.iana.org/assignments/link-relations/link-relations.xhtml
, i.e., codepoint squatting.  Please put in a stronger disclaimer that
this is an example link relation type, not just an example exchange.

Section 5

These first few paragraphs give the impression that this is
first-come-first-served with minimal authentication or authorization
checking.  Mentioning that there are authorization checks, with a
forward-reference, might be helpful.

  further parameters (see Section 9.3).  The RD then creates a new
  registration resource in the RD and returns its location.  The

Is this returned "registration resource" expected to function as a
"capability URL" (https://www.w3.org/TR/capability-urls/) that would
need to contain an appropriate amount of entropy to be reasonably
unguessable by parties other than the registrant-ep/CT responsible for
it?

  The registration request interface is specified as follows:

  Interaction:  EP -> RD

I thought that the CT could be a requestor as well as the EP.

        well.  The endpoint name and sector name are not set when one
        or both are set in an accompanying authorization token.

What should the RD do if they are set but also present in the
accompanying authorization token?

  Req: POST coap://rd.example.com/rd?ep=node1
  Content-Format: 40
  Payload:
  ;ct=41;rt="temperature-c";if="sensor",

(side note) XML for the sensors, not SenML?  With Carsten as an author,
even? ;)

  An RD may optionally support HTTP.  Here is an example of almost the
  same registration operation above, when done using HTTP.

  Req:
  POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1
  Host: example.com

Wouldn't "Host: rd.example.com" be closer to "almost the same
registration"?

Section 5.1

I'm a little uneasy about specifying new behavior for POST to the
existin /.well-known/core that was defined by RFC 6690 for other uses.
What factors go into using the same well-known URI vs. defining a new
one for this usage?

  The sequence of fetching the registration content before sending a
  successful response was chosen to make responses reliable, and the
  caching item was chosen to still allow very constrained registrants.

I'm not sure what "the caching item" is supposed to be (if it's not a
typo/misordering of words).

Section 5.3

  queries concerning this endpoint.  The RD SHOULD continue to provide
  access to the Registration Resource after a registration time-out
  occurs in order to enable the registering endpoint to eventually
  refresh the registration.  The RD MAY eventually remove the
  registration resource for the purpose of garbage collection.  If the
  Registration Resource is removed, the corresponding endpoint will
  need to be re-registered.

(This MAY is actually a MUST for the simple registration case, per §5.1,
right?)

Section 5.3.1

  An update MAY update the lifetime or the base URI registration
  parameters "lt", "base" as in Section 5.  Parameters that are not

What about the "extra-attrs"; are they inherently forbidden from
updates?

                            base :=  Base URI (optional).  This
        parameter updates the Base URI established in the original
        registration to a new value.  If the parameter is set in an
        update, it is stored by the RD as the new Base URI under which
        to interpret the relative links present in the payload of the
        original registration, following the same restrictions as in
        the registration.  If the parameter is not set in the request

nit: is it the interpretation of relative links that is following the
same restrictions as in the registration, or the new value of the
parameter being supplied in the update?

  The following example shows how the registering endpoint updates its
  registration resource at an RD using this interface with the example
  location value: /rd/4521.

The path component "4521" contains a worryingly small amount of
unpredictableness; I would prefer examples that used longer random
locations, as for capability URLs.  (Throughout the document, of
course.)  See also draft-gont-numeric-ids-sec-considerations, that I'm
AD sponsoring, though I do not see any clear issues on first glance.

(Also, it might be worth another sentence that this update is serving
just to reset the lifetime, making no other changes, since this might be
expected to be a common usage.)

Section 6

With "Resource Lookup" and "Endpoint Lookup" as (apparent) top-level
siblings, would it make sense to put 6.2, or at least 6.3, as
subsections under 6.1?

Section 6.1

  Resource lookup results in links that are semantically equivalent to
  the links submitted to the RD.  The links and link parameters
  returned by the lookup are equal to the submitted ones, except that
  the target and anchor references are fully resolved.

Are the "submitted ones" the submissions at registration time, or during
the lookup query itself?  (I assume registration-time, but being
explicit costs little.)

  If the base URI of a registration contains a link-local address, the
  RD MUST NOT show its links unless the lookup was made from the same
  link.  The RD MUST NOT include zone identifiers in the resolved URIs.

Same link as what?

Section 6.2

  The page and count parameters are used to obtain lookup results in
  specified increments using pagination, where count specifies how many

(We haven't introduced the page and count parameters yet.)

  operator as in Section 4.1 of [RFC6690].  Attributes that are defined
  as "link-type" match if the search value matches any of their values

Where is it specified how an attribute might be "defined as
'link-type'"?  This is the only instance of the string "link-type" in
this document, and it does not appear in RFC 6690 at all...

  references) and are matched against a resolved link target.  Queries
  for endpoints SHOULD be expressed in path-absolute form if possible
  and MUST be expressed in URI form otherwise; the RD SHOULD recognize
  either.  The "anchor" attribute is usable for resource lookups, and,
  if queried, MUST be for in URI form as well.

I don't see how it can be only a SHOULD to recognize either given these
generation criteria.

Section 6.3

  The following example shows a client performing a lookup of all
  resources of all endpoints of a given endpoint type.  It assumes that
  two endpoints (with endpoint names "sensor1" and "sensor2") have
  previously registered with their respective addresses
  "coap://sensor1.example.com" and "coap://sensor2.example.com", and
  posted the very payload of the 6th request of section 5 of [RFC6690].

Er, the 6th request is a GET; do we mean to say the response to the 6th
request?

Section 6.4

  The endpoint lookup returns registration resources which can only be
  manipulated by the registering endpoint.

This seems to leave it unclear whether the endpoint lookup is expected
to return resources that the requestor will not have permission to
manipulate (in addition to those it does have permission for).

  While Endpoint Lookup does expose the registration resources, the RD
  does not need to make them accessible to clients.  Clients SHOULD NOT
  attempt to dereference or manipulate them.

But why expose them at all if they're not going to be accessible?

  An RD can report endpoints in lookup that are not hosted at the same
  address.  [...]

The "same address" as what?

Section 7.1

  Whenever an RD needs to provide trustworthy results to clients doing
  endpoint lookup, or resource lookup with filtering on the endpoint

How will the RD know whether the client is expecting trustworthy
results?  (When would a client *not* expect trustworthy results?)

  name, the RD must ensure that the registrant is authorized to use the
  given endpoint name.  This applies both to registration and later to
  operations on the registration resource.  It is immaterial there
  whether the client is the registrant-ep itself or a CT is doing the
  registration: The RD can not tell the difference, and CTs may use

I suppose there might be plausible authorization models where a
return-routability check to a given address constitutes authorization to
use that address as an endpoint name, in which case the RD can tell the
difference between a registrant-ep and a CT attempting to act on its
behalf.

  When certificates are used as authorization credentials, the
  sector(s) and endpoint name(s) can be transported in the subject.  In
  an ACE context, those are typically transported in a scope claim.

As Russ noted in the Gen-ART review, "transported in the subject" is
sufficiently vague to not really be actionable.  It might be better to
say that the holder of the private key corresponding to the public key
certified in the certificate is generally considered authorized to act
on behalf of any identities (including endpoint names) contained in the
certificate's subject name.

Section 7.1.1

  Conversely, in applications where the RD does not check the endpoint
  name, the authorized registering endpoint can generate a random
  number (or string) that identifies the endpoint.  The RD should then

How much entropy/randomness in the random name?  Does a CSPRNG need to
be used?  (I do see the follow-up about doubling the length in case of
failure or starting with a UUID if that's not possible, but some
guidance on where to start still seems appropriate.)

Section 7.2

  When lookup clients expect that certain types of links can only
  originate from certain endpoints, then the RD needs to apply
  filtering to the links an endpoint may register.

As before, how will the RD know what behavior clients are relying on?

  An RD may also require that only links are registered on whose anchor
  (or even target) the RD recognizes as authoritative of.  One way to

I don't think I can parse this sentence (especially "the RD recognizes
as authoritative of").

Section 8

In contexts where we discuss DTLS and TLS as being generally comparable,
we typically will state that DTLS replay protection is required in order
to provide equivalent levels of protection.

We might also want to reiterate or refer back to the previous discussion
of the potential for attributes or resource/endpoint names, link
relations, etc. that may need to be confidential, the relevant access
control/filtering, and the avenues by which disclosure of resource names
can occur even when access to those resources will not be permitted.  (I
think some of this overlaps with 8288 and 6690, but don't mind repeating
it.)

Section 8.1

It's probably worth reiterating that all name comparisons must be done
at sector scope (since failing to do so can lead to attacks).

  Endpoint authentication needs to be checked independently of whether
  there are configured requirements on the credentials for a given
  endpoint name (Section 7.1) or whether arbitrary names are accepted
  (Section 7.1.1).

I think this is more properly authorization than authentication.

Section 8.3

  attacks.  There is also a danger that NTP Servers could become
  implicated in denial-of-service (DoS) attacks since they run on
  unprotected UDP, there is no return routability check, and they can
  have a large amplification factor.  The responses from the NTP server
  were found to be 19 times larger than the request.  An RD which

(It's not clear to me why the specific discussion of NTP numbers is
relevant here, since RD is not NTP.)

Section 9.3

Should we also include "rt" in the initial entries?  I see it is used as
a query parameter for resource lookup in the examples in Section 6.3.

  *  indication of whether it can be passed as a query parameter at
      registration of endpoints, as a query parameter in lookups, or be
      expressed as a target attribute,

(Since this text does not clarify about lookup of endpoints vs.
resources...

  Review" as described in [RFC8126].  The evaluation should consider
  formal criteria, duplication of functionality (Is the new entry
  redundant with an existing one?), topical suitability (E.g. is the
  described property actually a property of the endpoint and not a
  property of a particular resource, in which case it should go into
  the payload of the registration and need not be registered?), and the

... and this text suggests that query parameters for *resource* lookups
need not be registered.)

  potential for conflict with commonly used target attributes (For
  example, "if" could be used as a parameter for conditional
  registration if it were not to be used in lookup or attributes, but
  would make a bad parameter for lookup, because a resource lookup with
  an "if" query parameter could ambiguously filter by the registered
  endpoint property or the [RFC6690] target attribute).

Then why do we use it as an example of lookup filtering in Section 6.2?

Section 10.1.2

Should we really be using unregistered resource types (i.e., codepoint
squatting) in the examples?

  After the filling of the RD by the CT, the application in the
  luminaries can learn to which groups they belong, and enable their
  interface for the multicast address.

Just to check: the luminaries are learning their own group membership by
querying the resource directory?

Section 10.2.2

Please expand MSISDN.

Section 13.2

I think RFC 7252 should probably be normative.

Likewise for RFC 8288 ("the query parameter MUST be [...] a token as
used in [RFC8288]").
2020-08-13
25 Benjamin Kaduk [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk
2020-08-13
25 Murray Kucherawy
[Ballot comment]
I concur with my colleagues who commended the authors for making the document very readable.

I support Roman's first two DISCUSS points.

In …
[Ballot comment]
I concur with my colleagues who commended the authors for making the document very readable.

I support Roman's first two DISCUSS points.

In Section 9.2, you might want to mention that you're talking about a sub-registry under "Internet Control Message Protocol version 6 (ICMPv6) Parameters".

In Section 9.3, you enumerate six fields in each registration, but the initial table of entries has only five columns.  It's obvious (I think) that the sixth column would be "this document" for all entries, but I suggest that you should either include the column or some prose making this explicit (since everything else is).
2020-08-13
25 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2020-08-12
25 Martin Duke
[Ballot comment]
This document was particularly easy to follow and presented ideas in a sensible order.

One nit: the sentence that contains “cannot be executed …
[Ballot comment]
This document was particularly easy to follow and presented ideas in a sensible order.

One nit: the sentence that contains “cannot be executed as a base attribute” appears to have been mangled.
2020-08-12
25 Martin Duke [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke
2020-08-12
25 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2020-08-12
25 Alissa Cooper [Ballot comment]
Please respond to the Gen-ART review.
2020-08-12
25 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2020-08-12
25 Erik Kline
[Ballot discuss]
[[ discuss ]]

[ section 4.1.1 ]

* Did this get presented to 6man at any point, either via mail to the list …
[Ballot discuss]
[[ discuss ]]

[ section 4.1.1 ]

* Did this get presented to 6man at any point, either via mail to the list or
  chair or in a presentation slot at an IETF meeting or a 6man interim?

  I feel confident that there would be no objection to the option as described
  here, but the working group should have its chance to make an evaluation
  irrespective of my opinion.

  ---

  If this is to be used when link-local methods don't work, another option
  would have been to add an RD PVD API key and recommend including a PVD
  option.

[ section 4.1.1 & 9.2 ]

* Please clarify which ND messages can carry an RDAO.  I suspect they should
  only appear in RAs, but it would be good to state the expectation explicitly.

[ Appendix A. ]

* Can you explain the ff35:30:2001:db8:1 construction?  RFC 3306 section 4
  defines some fine-grained structure, and I'm wondering how a group ID of 1
  is selected/computed/well known.  If there is already a COAP document
  describing this vis. RFC 3307 section 4.*, perhaps it's worth dropping a
  reference in here.
2020-08-12
25 Erik Kline
[Ballot comment]
[[ comments ]]

[ section 1 ]

* I'm unclear on what "disperse networks" might mean.

[ section 10.1.1 ]

* What is …
[Ballot comment]
[[ comments ]]

[ section 1 ]

* I'm unclear on what "disperse networks" might mean.

[ section 10.1.1 ]

* What is meant by "therefore SLAAC addresses are assigned..." followed by this
  table of not-very-random-looking IPv6 addresses?

  Is the assumption that there might not be some off-network DNS server but
  there is some RA with a /64 A=1 PIO?
2020-08-12
25 Erik Kline [Ballot Position Update] New position, Discuss, has been recorded for Erik Kline
2020-08-11
25 Roman Danyliw
[Ballot discuss]
There appear to be a few areas of straightforward, under-specified elements of the authorization model. 

-- How does the RD know that a …
[Ballot discuss]
There appear to be a few areas of straightforward, under-specified elements of the authorization model. 

-- How does the RD know that a node claiming to be a CT is in fact a CT and is permitted to register on behalf of end-points?  It seems like there is a missing, simple statement to make that this is configured out of band with the RD?  Or is that carrier somehow in a authentication credentials?

-- Is there are reason why there is not normative guidance requiring the RD to check whether authentication clients are authorized to register particular resources?  Section 7.1 covers the issue, but all of Section 7.* is explicitly noted as informative.  Section 8.1. says “Endpoint authentication needs to be checked independently of whether there are configured requirements on the credentials for a given endpoint name (Section 7.1) or whether arbitrary names are accepted (Section 7.1.1)” but this text seems to frame it as authentication issue.  Section 8.2 seems to stress only the distinction between the registration and lookup API.

-- Section 8.1.  Per “If the server does not check whether the identifier provided in the DTLS handshake matches the identifier used at the CoAP layer then it may be inclined to use the endpoint name for looking up what information to provision to the malicious device.”, this is good advice.  If DTLS PSK and RPK are used, what identifiers does the RD have to check to ensure the DTLS and CoAP layers match?  Per 9.1.3.1. (for PSK) and 9.1.3.2.1 (for RPK) of RFC7252 there is the notion of identifiers for DTLS but those don’t manifest in CoAP?  Additionally, when DTLS with a certificate is used, is it intended to compare the subjectAltName with the authority in the Registration Base URI (i.e., which exact certificate fields should it compare with the CoAP)?
2020-08-11
25 Roman Danyliw
[Ballot comment]
** Section 3.5.  Per “When endpoints are not connected … a remote server is usually used to provide proxy access to the endpoints”, …
[Ballot comment]
** Section 3.5.  Per “When endpoints are not connected … a remote server is usually used to provide proxy access to the endpoints”, this architecture wasn’t entirely clear to me.  How can a proxy provide access to an endpoint that isn’t connected?  Or is proxy meant as a substitute here or an intermediary?

** Section 3.6.  The home and building automation use case doesn’t make any reference to the RD architecture (like the other two use cases).

** Section 4.0.  Per “… falling back to failing the operations if recovery is not possible”, can “failing the operation” be clarified?

** Per Section 4.0.  Per “An RD MAY make the information submitted to it available to further directories”, are there circumstances where end points would not want that?

** Section 4.1.  Per “2. In a network that supports multicast well, …”, what does it mean to “support multicast _well_”?

** Section 5.  Per the ep definition of the URI Template Variables, what does it mean for the an endpoint to be “(mostly mandatory)?

** Section 7.1.  Per “When certificates are used as authorization credentials, the sector(s) and endpoint name(s) can be transported in the subject”, recommend being more precise on what exact X.509 field(s) you mean when saying “subject”.

** Section 7.1.1. Per “Registrants that are prepared to pick a different identifier when their initial attempt at registration is unauthorized should pick an identifier at least twice as long as the expected number of registrants”, how would a registrant know the population size?

** Section 7.2.  Per “To avoid the limitations, RD applications should consider prescribe that lookup clients only use the discovered information as hints, and describe which pieces of information need to be verified with the server”, I wasn’t sure which verification this would be.

** Section 7.3.  This section cautions about the differences between the registrant publishes itself vs. what is in the RD.  It might be worth reiterating that the RD may also publish what it knows to others per Section 4.0’s “An RD MAY make the information submitted to it available to further directories”

** Editorial Nits
-- Global.  s/can not/cannot/g

-- Section 4.  Editorial.  Per “Only multicast discovery operations are not possible on HTTP, and Simple Registration can not be executed as base attribute … can not be used there”, this sentence didn’t parse.
2020-08-11
25 Roman Danyliw [Ballot Position Update] New position, Discuss, has been recorded for Roman Danyliw
2020-08-11
25 Warren Kumari
[Ballot comment]
Thank you -- I found this document to be a very friendly read. The Terminology section in particular was one of the best …
[Ballot comment]
Thank you -- I found this document to be a very friendly read. The Terminology section in particular was one of the best in recent memory.

Comments:
1: "These CTs are thought to act on behalf of endpoints too constrained, or generally unable, to present that information themselves. "
This reads very oddly - "thought to act on" sounds like we've seen some of these in the wild, and only have a vague idea about how they work. Does "These CTs act on behalf of endpoints too constrained, or generally unable, to present that information themselves. " work?

2: "From the system design point of view, the ambition is to design horizontal solutions that  can enable utilization of machines in different applications depending on their current availability and capabilities as well as application requirements, thus avoiding silo like solutions" - this is very buzzwordy, and I have no idea what it is actually trying to say...

3: "  A (re-)starting device may want to find one or more RDs for discovery purposes."
Either I don't understand what this sentence is  trying to say, or "for discovery purposes" should be dropped....

4: "As some of the RD addresses obtained by the methods listed here are just (more or less educated) guesses, endpoints MUST make use of any error messages to very strictly rate-limit requests to candidate IP addresses that don't work out. "
What happens if device A discovers RD X, and device B discovers RD Y? Surely there has to be some sort of deterministic method so that one doesn't end up in a "split brain" type outcome?


Nits:
1: " The input to an RD is composed of links and the output is composed of links constructed from the information stored in the RD."
While  true, this sentence doesn't actually communicate anything useful to the reader -- I'd suggest removing it from the Abstract (note that this is just a nit).

2: "The RD is primarily a tool to make discovery operations more
  efficient than querying /.well-known/core on all connected devices,
  or across boundaries that would be limiting those operations."
s/would be limiting those/that would limit those/
2020-08-11
25 Warren Kumari [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari
2020-08-11
25 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2020-08-09
25 Valery Smyslov Request for Telechat review by SECDIR Completed: Ready. Reviewer: Valery Smyslov. Sent review to list.
2020-08-06
25 Amanda Baber IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2020-08-06
25 Tero Kivinen Request for Telechat review by SECDIR is assigned to Valery Smyslov
2020-08-06
25 Tero Kivinen Request for Telechat review by SECDIR is assigned to Valery Smyslov
2020-08-05
25 Éric Vyncke
[Ballot discuss]
Thank you for the work put into this document. I am little puzzled by the document shepherd's write-up dated more than one year …
[Ballot discuss]
Thank you for the work put into this document. I am little puzzled by the document shepherd's write-up dated more than one year ago (the responsible AD has even changed and the change is not reflected in the write-up)... while well-written this write-up seems to indicate neither a large consensus nor a deep interest by the CORE WG community. But, I am trusting the past and current responsible ADs on this aspect.

Did the authors check with 6MAN WG about the new RDAO option for IPv6 NDP ? I was unable to find any 6MAN email related to this new NDP option and, after checking with the 6MAN WG chairs, they also do not remember any discussion.

BTW, I appreciated the use of ASCII art to represent an entity-relationship diagram !

Please find below a couple of non-blocking COMMENTs (and I would appreciate a reply to each of my COMMENTs) and 2 blocking DISCUSS points (but only trivial actions/fixes are required).

I hope that this helps to improve the document,

Regards,

-éric

== DISCUSS ==

-- Section 4.1 --
It will be trivial to fix, in IPv6 address configuration (SLAAC vs. DHCP) is orthogonal to DHCP 'other-information'. E.g., even if address is configured via SLAAC, DHCPv6 other-information can be used to configure the Recursive DNS Server (or possibly the RD).

-- Section 4.1.1 --
Another trivial DISCUSS to fix: in which message is this RDAO sent ? I guess unicast Router Advertisement but this MUST be specified.
2020-08-05
25 Éric Vyncke
[Ballot comment]
== COMMENTS ==

In general, I wonder how much interactions and exchanges of ideas have happened in the long history of this document …
[Ballot comment]
== COMMENTS ==

In general, I wonder how much interactions and exchanges of ideas have happened in the long history of this document with the DNSSD (DNS Service Discovery) Working Group that has very similar constraints (sleeping nodes) and same objectives.

-- Section 2 --
To be honest: I am not too much an APP person; therefore, I was surprised to see "source address (URI)" used to identify the "anchor="... I do not mind too much the use of "destination address (URI)" as it is really a destination but the anchor does not appear to me as a "source address". Is it common terminology ? If so, then ignore my COMMENT, else I suggest to change to "destination URI" and simply "anchor" ?

-- Section 3.3 --
Should the lifetime be specified in seconds at first use in the text?

-- Section 3.6 --
Is the use of "M2M" still current? I would suggest to use the word "IoT" esp when 6LBR (assuming it is 6LO Border Router) is cited later.

Please expand and add reference for 6LBR.

Using 'modern' technologies (cfr LP-WAN WG) could also add justification to section 3.5.

-- Section 4.1 --
About "coap://[MCD1]/.well-known/core?rt=core.rd*", what is the value of MCD1 ? The IANA section discuss about it but it may help the reader to give a hint before (or simply use TBDx that is common in I-D).

Any reason to use "address" rather than "group" in "When answering a multicast request directed at a link-local address" ?

Later "to use one of their own routable addresses for registration." but there can be multiple configured prefixes... Which one should the RD select ? Should this be specified ?

As a co-author of RFC 8801, I would have appreciated to read PvD option mentionned to discover the RD. Any reason why PvD Option cannot be used ?

-- Section 4.1.1 --
I suggest to swap the reserved and lifetime fields in order to be able to use a lifetime in units of seconds (to be consistent with other NDP options).

-- Section 5 --
May be I missed it, but, can an end-point register multiple base URI ? E.g., multiple IPv6 addresses.

-- Section 9.2 --
For information, value 38 is already assigned to RFC 8781.



== NITS ==

-- Section 2 --
The extra new lines when defining "Sector" are slighly confusing. Same applies to "Target" and "Context". This is cosmetic only.
2020-08-05
25 Éric Vyncke [Ballot Position Update] New position, Discuss, has been recorded for Éric Vyncke
2020-07-27
25 Russ Housley Request for Telechat review by GENART Completed: Almost Ready. Reviewer: Russ Housley. Sent review to list.
2020-07-25
25 Marco Tiloca Added to session: IETF-108: core  Tue-1410
2020-07-24
25 Jean Mahoney Request for Telechat review by GENART is assigned to Russ Housley
2020-07-24
25 Jean Mahoney Request for Telechat review by GENART is assigned to Russ Housley
2020-07-23
25 Cindy Morgan Placed on agenda for telechat - 2020-08-13
2020-07-23
25 Barry Leiba IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup
2020-07-23
25 Barry Leiba Ballot has been issued
2020-07-23
25 Barry Leiba [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba
2020-07-23
25 Barry Leiba Created "Approve" ballot
2020-07-13
25 (System) Sub state has been changed to AD Followup from Revised ID Needed
2020-07-13
25 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2020-07-13
25 Christian Amsüss New version available: draft-ietf-core-resource-directory-25.txt
2020-07-13
25 (System) New version approved
2020-07-13
25 (System)
Request for posting confirmation emailed to previous authors: Christian Amsuess , Peter van der Stok , Zach Shelby , Michael Koster , core-chairs@ietf.org, Carsten …
Request for posting confirmation emailed to previous authors: Christian Amsuess , Peter van der Stok , Zach Shelby , Michael Koster , core-chairs@ietf.org, Carsten Bormann
2020-07-13
25 Christian Amsüss Uploaded new revision
2020-07-13
25 Christian Amsüss Uploaded new revision
2020-04-11
24 Barry Leiba IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead
2020-04-02
24 Sabrina Tanamal IANA Experts State changed to Expert Reviews OK
2020-04-02
24 Sabrina Tanamal IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2020-03-31
24 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2020-03-30
24 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2020-03-30
24 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-core-resource-directory-24. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-core-resource-directory-24. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are nine actions which we must complete.

First, in the Resource Type (rt=) Link Target Attribute Values registry on the Constrained RESTful Environments (CoRE) Parameters registry page located at:

https://www.iana.org/assignments/core-parameters/

four new registrations are to be made as follows:

Value: core.rd
Description: Directory resource of an RD
Reference: [ RFC-to-be; Section 4.3 ]
Notes:

Value: core.rd-lookup-res
Description: Resource lookup of an RD
Reference: [ RFC-to-be; Section 4.3 ]
Notes:

Value: core.rd-lookup-ep
Description: Endpoint lookup of an RD
Reference: [ RFC-to-be; Section 4.3 ]
Notes:

Value: core.rd-ep
Description: Endpoint resource of an RD
Reference: [ RFC-to-be; Section 6 ]
Notes:

Second, in the IPv6 Neighbor Discovery Option Formats registry on the Internet Control Message Protocol version 6 (ICMPv6) Parameters registry page located at:

https://www.iana.org/assignments/icmpv6-parameters/

a new registration is to be made as follows:

Type: [ TBD-at-Registration ]
Description: Resource Directory Address Option
Reference: [ RFC-to-be ]

Third, a new registry is to be created called the RD Parameters registry. The new registry will be located on the Constrained RESTful Environments (CoRE) Parameters registry page located at:

https://www.iana.org/assignments/core-parameters/

Registrations in the new registry will be managed via Expert Review as defined in [RFC8126]. There are initial registrations in the new registry as follows:

+==============+=======+==============+=====+=====================+===============+
| Endpoint | ep | Unicode* | RLA | Name of the | Reference |
| Name | | | | endpoint | |
+--------------+-------+--------------+-----+---------------------+---------------+
| Lifetime | lt | 1-4294967295 | R | Lifetime of the | [ RFC-to-be ] |
| | | | | registration in | |
| | | | | seconds | |
+--------------+-------+--------------+-----+---------------------+---------------+
| Sector | d | Unicode* | RLA | Sector to which | [ RFC-to-be ] |
| | | | | this endpoint | |
| | | | | belongs | |
+--------------+-------+--------------+-----+---------------------+---------------+
| Registration | base | URI | RLA | The scheme, address | [ RFC-to-be ] |
| Base URI | | | | and port and path | |
| | | | | at which this | |
| | | | | server is available | |
+--------------+-------+--------------+-----+---------------------+---------------+
| Page | page | Integer | L | Used for pagination | [ RFC-to-be ] |
+--------------+-------+--------------+-----+---------------------+---------------+
| Count | count | Integer | L | Used for pagination | [ RFC-to-be ] |
+--------------+-------+--------------+-----+---------------------+---------------+
| Endpoint | et | Section | RLA | Semantic type of | [ RFC-to-be ] |
| Type | | 9.3.1 | | the endpoint (see | |
| | | | | [ RFC-to-be ] | |
| | | | | Section 9.4) | |
+--------------+-------+--------------+-----+---------------------+---------------+

Fourth, IANA's reading of section 9.3.1 is that the section provides guidance for implementers, but does not make any request for action by IANA.

Fifth, a new registry is to be created called the "Endpoint Type" (et=) RD Parameter values registry. The new registry will be located on the Constrained RESTful Environments (CoRE) Parameters registry page located at:

https://www.iana.org/assignments/core-parameters/

Registrations in the new registry will be managed via IETF Review for values starting with "core," and Specification Required for others as defined in [RFC8126]. There is a single, initial registration in the new registry as follows:

Value: core.rd-group
Description: Application Group
Reference: [ RFC-to-be; Appendix A ]
Notes:

Sixth, in the Internetwork Control Block (224.0.1.0 - 224.0.1.255 (224.0.1/24)) registry on the IPv4 Multicast Address Space Registry page located at:

https://www.iana.org/assignments/multicast-addresses/

a new address will be assigned as follows:

Address(es): [ TBD-at-Registration ]
Description: all CoRE resource directories
Reference: [ RFC-to-be ]
Change Controller:
Date Registered: [ TBD-at-Registration ]
Last Reviewed:

IANA notes that the authors have suggested 224.0.1.189 for this registration.

Seventh, in the Variable Scope Multicast Addresses registry on the IPv6 Multicast Address Space Registry page located at:

https://www.iana.org/assignments/ipv6-multicast-addresses/

a new address will be registered as follows:

Address(es): [ TBD-at-Registration ]
Description: all CoRE resource directories
Reference: [ RFC-to-be ]
Change controller:
Date Registered: [ TBD-at-Registration ]
Last Reviewed:

IANA notes that the authors have suggested FF0X::FE for this registration.

As this document requests registrations in an Expert Review (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK.

Eighth, in the Well-Known URIs registry located at:

https://www.iana.org/assignments/well-known-uris/

the existing registration for URI suffix core will have its reference changed from:

[RFC6690]

to:

[RFC6690][ RFC-to-be ]

Ninth, in the Service Name and Transport Protocol Port Number Registry located at:

https://www.iana.org/assignments/service-names-port-numbers/

four new service names will be registered as follows:

Service Name: core-rd
Port number:
Transport Protocol: udp
Description: Resource Directory accessed using CoAP
Assignee: [IESG]
Contact: [IETF_Chair]
Reference: [ RFC-to-be ]

Service Name: core-rd-dtls
Port number:
Transport Protocol: udp
Description: Resource Directory accedded using CoAP over DTLS
Assignee: [IETF_Chair]
Contact: [IETF_Chair]
Reference: [ RFC-to-be ]

Service Name: core-rd
Port number:
Transport Protocol: tcp
Description: Resource Directory accessed using CoAP over TCP
Assignee: [IETF_Chair]
Contact: [IETF_Chair]
Reference: [ RFC-to-be ]

Service Name: core-rd-tls
Port number:
Transport Protocol: tcp
Description: Resource Directory accedded using CoAP over TLS
Assignee: [IETF_Chair]
Contact: [IETF_Chair]
Reference: [ RFC-to-be ]

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2020-03-24
24 Adam Montville Request for Last Call review by SECDIR Completed: Ready. Reviewer: Adam Montville. Sent review to list.
2020-03-14
24 Russ Housley Request for Last Call review by GENART Completed: Not Ready. Reviewer: Russ Housley. Sent review to list.
2020-03-13
24 Barry Leiba Ballot writeup was changed
2020-03-13
24 Jean Mahoney Request for Last Call review by GENART is assigned to Russ Housley
2020-03-13
24 Jean Mahoney Request for Last Call review by GENART is assigned to Russ Housley
2020-03-12
24 Tero Kivinen Request for Last Call review by SECDIR is assigned to Adam Montville
2020-03-12
24 Tero Kivinen Request for Last Call review by SECDIR is assigned to Adam Montville
2020-03-11
24 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Fred Baker
2020-03-11
24 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Fred Baker
2020-03-10
24 Amy Vezza IANA Review state changed to IANA - Review Needed
2020-03-10
24 Amy Vezza
The following Last Call announcement was sent out (ends 2020-03-31):

From: The IESG
To: IETF-Announce
CC: jaime.jimenez@ericsson.com, alexey.melnikov@isode.com, core-chairs@ietf.org, core@ietf.org, jaime@iki.fi …
The following Last Call announcement was sent out (ends 2020-03-31):

From: The IESG
To: IETF-Announce
CC: jaime.jimenez@ericsson.com, alexey.melnikov@isode.com, core-chairs@ietf.org, core@ietf.org, jaime@iki.fi, draft-ietf-core-resource-directory@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (CoRE Resource Directory) to Proposed Standard


The IESG has received a request from the Constrained RESTful Environments WG
(core) to consider the following document: - 'CoRE Resource Directory'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-03-31. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  In many IoT applications, direct discovery of resources is not
  practical due to sleeping nodes, disperse networks, or networks where
  multicast traffic is inefficient.  These problems can be solved by
  employing an entity called a Resource Directory (RD), which contains
  information about resources held on other servers, allowing lookups
  to be performed for those resources.  The input to an RD is composed
  of links and the output is composed of links constructed from the
  information stored in the RD.  This document specifies the web
  interfaces that a Resource Directory supports for web servers to
  discover the RD and to register, maintain, lookup and remove
  information on resources.  Furthermore, new target attributes useful
  in conjunction with an RD are defined.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-core-resource-directory/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-core-resource-directory/ballot/


No IPR declarations have been submitted directly on this I-D.




2020-03-10
24 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2020-03-10
24 Amy Vezza Last call announcement was changed
2020-03-10
24 Alexey Melnikov Shepherding AD changed to Barry Leiba
2020-03-10
24 Alexey Melnikov Last call was requested
2020-03-10
24 Alexey Melnikov Last call announcement was generated
2020-03-10
24 Alexey Melnikov Ballot approval text was generated
2020-03-10
24 Alexey Melnikov Ballot writeup was generated
2020-03-10
24 Alexey Melnikov IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2020-03-09
24 (System) Sub state has been changed to AD Followup from Revised ID Needed
2020-03-09
24 Christian Amsüss New version available: draft-ietf-core-resource-directory-24.txt
2020-03-09
24 (System) New version approved
2020-03-09
24 (System)
Request for posting confirmation emailed to previous authors: Michael Koster , Zach Shelby , Christian Amsuess , core-chairs@ietf.org, Peter van der Stok , Carsten …
Request for posting confirmation emailed to previous authors: Michael Koster , Zach Shelby , Christian Amsuess , core-chairs@ietf.org, Peter van der Stok , Carsten Bormann
2020-03-09
24 Christian Amsüss Uploaded new revision
2020-03-09
24 Christian Amsüss Uploaded new revision
2020-03-09
24 (System)
Request for posting confirmation emailed to previous authors: Peter van der Stok , Carsten Bormann , Michael Koster , Zach Shelby , core-chairs@ietf.org, Christian …
Request for posting confirmation emailed to previous authors: Peter van der Stok , Carsten Bormann , Michael Koster , Zach Shelby , core-chairs@ietf.org, Christian Amsuess
2020-03-09
24 Christian Amsüss Uploaded new revision
2020-03-09
24 Christian Amsüss Uploaded new revision
2019-11-04
23 Alexey Melnikov Revised ID needed based on AD review that is going to be sent out shortly.
2019-11-04
23 Alexey Melnikov IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2019-11-04
23 Alexey Melnikov Changed consensus to Yes from Unknown
2019-08-05
23 Alexey Melnikov IESG state changed to AD Evaluation from Publication Requested
2019-07-08
23 Jaime Jimenez
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Alexey Melnikov

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, …
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Alexey Melnikov

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient.  These problems can be solved by employing an entity called a Resource Directory (RD), which hosts descriptions of resources held on other servers, allowing lookups to be performed for those resources.  This document specifies the web interfaces that a Resource Directory supports in order for web servers to discover the RD and to register, maintain, lookup and remove resources descriptions.  Furthermore, new link attributes useful in conjunction with an RD are defined.

The document is intended for Standards Track.

### Review and Consensus

The document has gone through multiple expert reviews and has been discussed on multiple IETF meetings.
There have been several implementations and interoperability events during IETF Hackathons and off-site.
There are implementations made by Open Source OS makers (e.g. Mbed, RIOT...), several open source implementations by individuals (e.g. aiocoap, californium...) and versions run by companies on their products as well as several SDO (i.e., OMA, etc) implementations that use *some* version of this draft. 

### Intellectual Property

Each author has stated that they do not have direct, personal knowledge of any IPR related to this document. I am not aware of any IPR discussion about this document on the CoRE WG.

### Other Points

Since this document has been work in progress for several years now, it is cumbersome to find references to the specific discussions regarding new core-parameters.
They were added already in earlier versions of the draft, taking RFC6690 as a model for link formatting.
Some of the discussions on the new "rt=" values and registry can be found at https://github.com/core-wg/resource-directory/issues?utf8=%E2%9C%93&q=rt%3D

### Checklist

* [x] Does the shepherd stand behind the document and think the document is ready for publication?
* [x] Is the correct RFC type indicated in the title page header?
* [x] Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
* [x] Is the intent of the document accurately and adequately explained in the introduction?
* [x] Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?                                                         
* [x] Has the shepherd performed automated checks -- idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on -- and determined that the document passes the tests?
* [x] Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
* [x] Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
* [x] Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
* [x] If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction?
* [x] If this is a "bis" document, have all of the errata been considered?

* **IANA** Considerations:

        * [x] Are the IANA Considerations clear and complete? Remember that IANA have to understand unambiguously what's being requested, so they can perform the required actions.
        * [x] Are all protocol extensions that the document makes associated with the appropriate reservations in IANA registries?
        * [x] Are all IANA registries referred to by their exact names (check them in http://www.iana.org/protocols/ to be sure)?
        * [x] Have you checked that any registrations made by this document correctly follow the policies and procedures for the appropriate registries?
        * [x] For registrations that require expert review (policies of Expert Review or Specification Required), have you or the working group had any early review done, to make sure the requests are ready for last call?
        * [x] For any new registries that this document creates, has the working group actively chosen the allocation procedures and policies and discussed the alternatives?
        * [x]  Have reasonable registry names been chosen (that will not be confused with those of other registries), and have the initial contents and valid value ranges been clearly specified?
2019-07-08
23 Jaime Jimenez IETF WG state changed to Submitted to IESG for Publication from WG Document
2019-07-08
23 Jaime Jimenez IESG state changed to Publication Requested from AD is watching
2019-07-08
23 Jaime Jimenez Notification list changed to jaime@iki.fi from "Jaime Jimenez" <jaime.jimenez@ericsson.com>
2019-07-08
23 Christian Amsüss New version available: draft-ietf-core-resource-directory-23.txt
2019-07-08
23 (System) New version approved
2019-07-08
23 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2019-07-08
23 Christian Amsüss Uploaded new revision
2019-07-08
23 Christian Amsüss Uploaded new revision
2019-07-08
22 Jaime Jimenez
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Alexey Melnikov

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, …
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Alexey Melnikov

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient.  These problems can be solved by employing an entity called a Resource Directory (RD), which hosts descriptions of resources held on other servers, allowing lookups to be performed for those resources.  This document specifies the web interfaces that a Resource Directory supports in order for web servers to discover the RD and to register, maintain, lookup and remove resources descriptions.  Furthermore, new link attributes useful in conjunction with an RD are defined.

The document is intended for Standards Track.

### Review and Consensus

The document has gone through multiple expert reviews and has been discussed on multiple IETF meetings.
There have been several implementations and interoperability events during IETF Hackathons and off-site.
There are implementations made by Open Source OS makers (e.g. Mbed, RIOT...), several open source implementations by individuals (e.g. aiocoap, californium...) and versions run by companies on their products as well as several SDO (i.e., OMA, etc) implementations that use *some* version of this draft. 

### Intellectual Property

Each author has stated that they do not have direct, personal knowledge of any IPR related to this document. I am not aware of any IPR discussion about this document on the CoRE WG.

### Other Points

Since this document has been work in progress for several years now, it is cumbersome to find references to the specific discussions regarding new core-parameters.
They were added already in earlier versions of the draft, taking RFC6690 as a model for link formatting.
Some of the discussions on the new "rt=" values and registry can be found at https://github.com/core-wg/resource-directory/issues?utf8=%E2%9C%93&q=rt%3D

### Checklist

* [x] Does the shepherd stand behind the document and think the document is ready for publication?
* [x] Is the correct RFC type indicated in the title page header?
* [x] Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
* [x] Is the intent of the document accurately and adequately explained in the introduction?
* [x] Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?                                                         
* [x] Has the shepherd performed automated checks -- idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on -- and determined that the document passes the tests?
* [x] Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
* [x] Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
* [x] Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
* [x] If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction?
* [x] If this is a "bis" document, have all of the errata been considered?

* **IANA** Considerations:

        * [x] Are the IANA Considerations clear and complete? Remember that IANA have to understand unambiguously what's being requested, so they can perform the required actions.
        * [x] Are all protocol extensions that the document makes associated with the appropriate reservations in IANA registries?
        * [x] Are all IANA registries referred to by their exact names (check them in http://www.iana.org/protocols/ to be sure)?
        * [x] Have you checked that any registrations made by this document correctly follow the policies and procedures for the appropriate registries?
        * [x] For registrations that require expert review (policies of Expert Review or Specification Required), have you or the working group had any early review done, to make sure the requests are ready for last call?
        * [x] For any new registries that this document creates, has the working group actively chosen the allocation procedures and policies and discussed the alternatives?
        * [x]  Have reasonable registry names been chosen (that will not be confused with those of other registries), and have the initial contents and valid value ranges been clearly specified?
2019-07-02
22 Christian Amsüss New version available: draft-ietf-core-resource-directory-22.txt
2019-07-02
22 (System) New version approved
2019-07-02
22 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2019-07-02
22 Christian Amsüss Uploaded new revision
2019-07-02
21 Jaime Jimenez
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Alexey Melnikov

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, …
### Summary

Document Shepherd: Jaime Jiménez
Area Director: Alexey Melnikov

In many M2M applications, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient.  These problems can be solved by employing an entity called a Resource Directory (RD), which hosts descriptions of resources held on other servers, allowing lookups to be performed for those resources.  This document specifies the web interfaces that a Resource Directory supports in order for web servers to discover the RD and to register, maintain, lookup and remove resources descriptions.  Furthermore, new link attributes useful in conjunction with an RD are defined.

The document is intended for Standards Track.

### Review and Consensus

The document has gone through multiple expert reviews and has been discussed on multiple IETF meetings.
There have been several implementations and interoperability events during IETF Hackathons and off-site.
There are implementations made by Open Source OS makers (e.g. Mbed, RIOT...), several open source implementations by individuals (e.g. aiocoap, californium...) and versions run by companies on their products as well as several SDO (i.e., OMA, etc) implementations that use *some* version of this draft. 

### Intellectual Property

Each author has stated that they do not have direct, personal knowledge of any IPR related to this document. I am not aware of any IPR discussion about this document on the CoRE WG.

### Other Points

### Checklist

* [x] Does the shepherd stand behind the document and think the document is ready for publication?
* [x] Is the correct RFC type indicated in the title page header?
* [x] Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
* [x] Is the intent of the document accurately and adequately explained in the introduction?
* [x] Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?                                                         
* [x] Has the shepherd performed automated checks -- idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on -- and determined that the document passes the tests?
* [x] Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
* [x] Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
* [x] Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
* [x] If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction?
* [x] If this is a "bis" document, have all of the errata been considered?

* **IANA** Considerations:

        * [x] Are the IANA Considerations clear and complete? Remember that IANA have to understand unambiguously what's being requested, so they can perform the required actions.
        * [x] Are all protocol extensions that the document makes associated with the appropriate reservations in IANA registries?
        * [x] Are all IANA registries referred to by their exact names (check them in http://www.iana.org/protocols/ to be sure)?
        * [x] Have you checked that any registrations made by this document correctly follow the policies and procedures for the appropriate registries?
        * [x] For registrations that require expert review (policies of Expert Review or Specification Required), have you or the working group had any early review done, to make sure the requests are ready for last call?
        * [x] For any new registries that this document creates, has the working group actively chosen the allocation procedures and policies and discussed the alternatives?
        * [x]  Have reasonable registry names been chosen (that will not be confused with those of other registries), and have the initial contents and valid value ranges been clearly specified?
2019-06-13
21 Peter Van der Stok New version available: draft-ietf-core-resource-directory-21.txt
2019-06-13
21 (System) New version approved
2019-06-13
21 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2019-06-13
21 Peter Van der Stok Uploaded new revision
2019-03-11
20 Christian Amsüss New version available: draft-ietf-core-resource-directory-20.txt
2019-03-11
20 (System) New version approved
2019-03-11
20 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2019-03-11
20 Christian Amsüss Uploaded new revision
2019-03-11
20 Christian Amsüss Uploaded new revision
2019-01-11
19 Christian Amsüss New version available: draft-ietf-core-resource-directory-19.txt
2019-01-11
19 (System) New version approved
2019-01-11
19 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2019-01-11
19 Christian Amsüss Uploaded new revision
2019-01-11
19 Christian Amsüss Uploaded new revision
2018-12-20
18 Christian Amsüss New version available: draft-ietf-core-resource-directory-18.txt
2018-12-20
18 (System) New version approved
2018-12-20
18 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2018-12-20
18 Christian Amsüss Uploaded new revision
2018-12-20
18 Christian Amsüss Uploaded new revision
2018-10-22
17 Christian Amsüss New version available: draft-ietf-core-resource-directory-17.txt
2018-10-22
17 (System) New version approved
2018-10-22
17 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2018-10-22
17 Christian Amsüss Uploaded new revision
2018-10-22
16 Christian Amsüss New version available: draft-ietf-core-resource-directory-16.txt
2018-10-22
16 (System) New version approved
2018-10-22
16 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2018-10-22
16 Christian Amsüss Uploaded new revision
2018-10-03
15 Christian Amsüss New version available: draft-ietf-core-resource-directory-15.txt
2018-10-03
15 (System) New version approved
2018-10-03
15 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter van der Stok , Michael Koster
2018-10-03
15 Christian Amsüss Uploaded new revision
2018-10-03
15 Christian Amsüss Uploaded new revision
2018-07-02
14 Peter Van der Stok New version available: draft-ietf-core-resource-directory-14.txt
2018-07-02
14 (System) New version approved
2018-07-02
14 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter Van der Stok , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Christian Amsuess , Carsten Bormann , Zach Shelby , Peter Van der Stok , Michael Koster
2018-07-02
14 Peter Van der Stok Uploaded new revision
2018-03-01
13 Christian Amsüss New version available: draft-ietf-core-resource-directory-13.txt
2018-03-01
13 (System) New version approved
2018-03-01
13 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Carsten Bormann , Zach Shelby , Peter Van der Stok , Christian Amsuess , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Carsten Bormann , Zach Shelby , Peter Van der Stok , Christian Amsuess , Michael Koster
2018-03-01
13 Christian Amsüss Uploaded new revision
2018-03-01
13 Christian Amsüss Uploaded new revision
2018-02-26
13 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Carsten Bormann , Zach Shelby , Peter Van der Stok , Christian Amsuess , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Carsten Bormann , Zach Shelby , Peter Van der Stok , Christian Amsuess , Michael Koster
2018-02-26
13 Christian Amsüss Uploaded new revision
2017-10-30
12 Christian Amsüss New version available: draft-ietf-core-resource-directory-12.txt
2017-10-30
12 (System) New version approved
2017-10-30
12 (System)
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Carsten Bormann , Zach Shelby , Peter Van der Stok , Christian Amsuess , Michael …
Request for posting confirmation emailed to previous authors: core-chairs@ietf.org, Carsten Bormann , Zach Shelby , Peter Van der Stok , Christian Amsuess , Michael Koster
2017-10-30
12 Christian Amsüss Uploaded new revision
2017-07-03
11 Christian Amsüss New version available: draft-ietf-core-resource-directory-11.txt
2017-07-03
11 (System) New version approved
2017-07-03
11 (System) Request for posting confirmation emailed to previous authors: Michael Koster , Carsten Bormann , Zach Shelby , Peter Van der Stok , core-chairs@ietf.org
2017-07-03
11 Christian Amsüss Uploaded new revision
2017-03-13
10 Michael Koster New version available: draft-ietf-core-resource-directory-10.txt
2017-03-13
10 (System) New version approved
2017-03-13
10 (System) Request for posting confirmation emailed to previous authors: Michael Koster , Carsten Bormann , Zach Shelby , Peter Van der Stok , core-chairs@ietf.org
2017-03-13
10 Michael Koster Uploaded new revision
2016-10-31
09 Carsten Bormann New version available: draft-ietf-core-resource-directory-09.txt
2016-10-31
09 (System) New version approved
2016-10-31
08 (System) Request for posting confirmation emailed to previous authors: "Peter Van der Stok" , "Carsten Bormann" , "Zach Shelby" , "Michael Koster" , core-chairs@ietf.org
2016-10-31
08 Carsten Bormann Uploaded new revision
2016-07-08
08 Michael Koster New version available: draft-ietf-core-resource-directory-08.txt
2016-06-11
07 Alexey Melnikov Notification list changed to "Jaime Jimenez" <jaime.jimenez@ericsson.com>
2016-06-11
07 Alexey Melnikov Document shepherd changed to Jaime Jimenez
2016-04-23
07 Alexey Melnikov IESG process started in state AD is watching
2016-04-23
07 (System) Earlier history may be found in the Comment Log for /doc/draft-shelby-core-resource-directory/
2016-04-04
07 Carsten Bormann Added to session: IETF-95: core  Tue-1740
2016-03-21
07 Michael Koster New version available: draft-ietf-core-resource-directory-07.txt
2016-03-21
06 Carsten Bormann New version available: draft-ietf-core-resource-directory-06.txt
2015-10-19
05 Michael Koster New version available: draft-ietf-core-resource-directory-05.txt
2015-07-06
04 Michael Koster New version available: draft-ietf-core-resource-directory-04.txt
2015-06-22
03 Carsten Bormann New version available: draft-ietf-core-resource-directory-03.txt
2014-11-09
02 Zach Shelby New version available: draft-ietf-core-resource-directory-02.txt
2013-12-11
01 Zach Shelby New version available: draft-ietf-core-resource-directory-01.txt
2013-07-31
00 Carsten Bormann Intended Status changed to Proposed Standard from None
2013-06-03
00 Zach Shelby New version available: draft-ietf-core-resource-directory-00.txt