Skip to main content

A CBOR Tag for Unprotected CWT Claims Sets
draft-ietf-rats-uccs-11

Revision differences

Document history

Date Rev. By Action
2024-10-21
11 (System) Changed action holders to Roman Danyliw (IESG state changed)
2024-10-21
11 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2024-10-21
11 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2024-10-21
11 Carsten Bormann New version available: draft-ietf-rats-uccs-11.txt
2024-10-21
11 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-10-21
11 Carsten Bormann Uploaded new revision
2024-10-04
10 Per Andersson Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Per Andersson. Sent review to list.
2024-10-03
10 (System) Changed action holders to Carsten Bormann, Nancy Cam-Winget, Henk Birkholz, Jeremy O'Donoghue (IESG state changed)
2024-10-03
10 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2024-10-02
10 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2024-10-02
10 Éric Vyncke
[Ballot comment]
Thanks for the work done in this document. To be honest, I was about to ballot ABSTAIN because CWT at rest (e.g., in …
[Ballot comment]
Thanks for the work done in this document. To be honest, I was about to ballot ABSTAIN because CWT at rest (e.g., in audit trails or logs) are no more secure and the secure channel transport entity could be different than the CWT producer/consumer, but I am trusting the SEC ADs in their ballot (i.e., I probably do not understand the use cases), hence a NoObjection ballot. Some non-blocking comments anyway:

# Section 1

s/A true CWT/A RFC8392 CWT/ ? Unsure whether 'true' is applicable here.

Should there be a reference for "PCIe IDE" ?

# Section 2

Please expand "RATS"

# Section 4

Please expand "EAT"

# Section 7.1

Even if by default the text is normative, should BCP14 terms be used ?

# Sections 7.2 to 7.5

These sections are specific to currently used crypto algorithms, should these section be more condensed in a generic one ? or should there be a section about future algorithms ?

# Appendix A

How can `This appendix is informative.` and `this specification shows how to use CDDL` appear in the same section ? s/this specification shows how to use CDDL/this example shows how to use CDDL/
2024-10-02
10 Éric Vyncke [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke
2024-10-02
10 Francesca Palombini
[Ballot discuss]
Updating my second comment to DISCUSS, because I'd really like to see an answer to it.

Appendix C:

I was surprised to see …
[Ballot discuss]
Updating my second comment to DISCUSS, because I'd really like to see an answer to it.

Appendix C:

I was surprised to see "Unprotected JWT Claims Set" defined here, while the main body of the document specifies that JWT with algorithm:none is equivalent to the UCCS. What is the difference, and why is this definition of UJCS useful or needed?
2024-10-02
10 Francesca Palombini
[Ballot comment]
Thank you for the work on this document. I have only two comments:

Section 6.3:

Please fix the IANA request, by using the …
[Ballot comment]
Thank you for the work on this document. I have only two comments:

Section 6.3:

Please fix the IANA request, by using the correct registry terminology for the CoAP Content-Formats registry ("Content Type" and "Content Coding" instead of "Media Type" and Encoding"). Yes, IANA has understood the request, but it would be good that the text matched the registry as well.


Thank you for having forwarded the media type registration request to the media types mailing list (noted and appreciated).
2024-10-02
10 Francesca Palombini [Ballot Position Update] Position for Francesca Palombini has been changed to Discuss from No Objection
2024-10-02
10 Zaheduzzaman Sarker [Ballot comment]
Supporting Orie's Dicsuss.
2024-10-02
10 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2024-10-01
10 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2024-10-01
10 Amanda Baber Both IANA expert review requests have been approved.
2024-10-01
10 Amanda Baber IANA Experts State changed to Expert Reviews OK from Reviews assigned
2024-10-01
10 Warren Kumari [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari
2024-10-01
10 Paul Wouters
[Ballot discuss]
An easy but important issue to consider is to add guidance to the Security Considerations Section to make it clear that the Secure …
[Ballot discuss]
An easy but important issue to consider is to add guidance to the Security Considerations Section to make it clear that the Secure Channel cryptographic strength should be at least as strong as the cryptographic keys it is transporting through this Secure Channel.

Similarly, I think when mentioning the algorithms in this section, that it could be clarified these are not the algorithms of the Secure Channel, but the content relayed through it.
2024-10-01
10 Paul Wouters [Ballot Position Update] New position, Discuss, has been recorded for Paul Wouters
2024-10-01
10 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2024-10-01
10 Orie Steele
[Ballot discuss]
### JSON Support without media types or content formats

```
733 Appendix C.  JSON Support

735   This appendix is informative.

737   …
[Ballot discuss]
### JSON Support without media types or content formats

```
733 Appendix C.  JSON Support

735   This appendix is informative.

737   The above definitions, concepts and security considerations all may
738   be applied to define a JSON-encoded Claims-Set. Such an unsigned
739   Claims-Set can be referred to as a "UJCS", an "Unprotected JWT Claims
740   Set".  The CDDL definition in Figure 1 can be used for a "UJCS".
```

There are no registrations that end in +json in this document.

Should there be?

For example, eat media types draft contains: https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-media-type-10#name-media-types
2024-10-01
10 Orie Steele
[Ballot comment]
# Orie Steele, ART AD, comments for draft-ietf-rats-uccs-10
CC @OR13

* line numbers:
  - https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-rats-uccs-10.txt&submitcheck=True

* comment syntax:
  - https://github.com/mnot/ietf-comments/blob/main/format.md

* "Handling Ballot Positions":
  - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/


## Comments

### OHTTP?

```
318 5.2.  Privacy Preservation
```

Are there any examples of such privacy preserving secure channels that should be mentioned here?

## Nits

### Expand on first use: EAT

```
291   The Secure Channel context does not govern fully formed CWTs in the
292   same way it governs UCCS.  As with EATs nested in other EATs
```

### Informative appendix

```
642   This appendix is informative.
```

Not sure that this sentence is needed... its also repeated a lot.
I think its ok to note that an appendix is normative, if its referenced as normative (with BCP14) from the body.


### JC order

```
688   JSON-ONLY = J .feature "json"
689   CBOR-ONLY = C .feature "cbor"
690   JC = JSON-ONLY / CBOR-ONLY
```

I might move these definitions above the first use of JC, so the reader doesn't need to backtrack.
2024-10-01
10 Orie Steele [Ballot Position Update] New position, Discuss, has been recorded for Orie Steele
2024-09-30
10 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2024-09-30
10 Vincent Roca Request for Last Call review by SECDIR Completed: Ready. Reviewer: Vincent Roca. Sent review to list.
2024-09-30
10 Francesca Palombini
[Ballot comment]
Thank you for the work on this document. I have only two comments:

Section 6.3:

Please fix the IANA request, by using the …
[Ballot comment]
Thank you for the work on this document. I have only two comments:

Section 6.3:

Please fix the IANA request, by using the correct registry terminology for the CoAP Content-Formats registry ("Content Type" and "Content Coding" instead of "Media Type" and Encoding"). Yes, IANA has understood the request, but it would be good that the text matched the registry as well.

Appendix C:

I was surprised to see "Unprotected JWT Claims Set" defined here, while the main body of the document specifies that JWT with algorithm:none is equivalent to the UCCS. What is the difference, and why is this definition of UJCS useful or needed?

Thank you for having forwarded the media type registration request to the media types mailing list (noted and appreciated).
2024-09-30
10 Francesca Palombini [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini
2024-09-29
10 Deb Cooley
[Ballot comment]
I have one easy comment:

Section 7.2, 7.3, 7.4, and 7.5:  The bullets from these sections are all selected or paraphrased from RFC9053 …
[Ballot comment]
I have one easy comment:

Section 7.2, 7.3, 7.4, and 7.5:  The bullets from these sections are all selected or paraphrased from RFC9053.  In some cases the paraphrasing is imprecise.  I'd almost rather see the bullets eliminated, leaving the section numbers of RFC9053.  This might ensure that a developer actually consults with RFC9053 vice assuming the bullets are complete.
2024-09-29
10 Deb Cooley [Ballot Position Update] New position, No Objection, has been recorded for Deb Cooley
2024-09-26
10 Gunter Van de Velde
[Ballot comment]
# Gunter Van de Velde, RTG AD, comments for draft-ietf-rats-uccs-10

# line numbers are derived with the idnits tool https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-rats-uccs-10.txt

# After reviewing …
[Ballot comment]
# Gunter Van de Velde, RTG AD, comments for draft-ietf-rats-uccs-10

# line numbers are derived with the idnits tool https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-rats-uccs-10.txt

# After reviewing the document, I did not identify any significant typographical errors. The text is well-written.

# idnits gives some warnings about the references


#DETAILED COMMENTS
#=================
## classified as [minor] and [major]

15 Abstract
16
17   When transported over secure channels, CBOR Web Token (CWT, RFC 8392)
18   Claims Sets may not need the protection afforded by wrapping them
19   into COSE, as is required for a true CWT.  This specification defines
20   a CBOR tag for such unprotected CWT Claims Sets (UCCS) and discusses
21   conditions for its proper use.

[minor]

GV> What about the following rewrite making the abstract more higher level descriptive:

"
This document defines the Unprotected CWT Claims Set (UCCS), a data format for representing a CBOR Web Token (CWT) Claims Set without a signature, message authentication code (MAC), or encryption. UCCS enables the use of CWT claims in environments where data protection is provided by other means, such as secure communication channels or trusted execution environments. This specification describes the UCCS format, its encoding, and processing considerations, and discusses the security implications of using unprotected claims sets.
"
2024-09-26
10 Gunter Van de Velde [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde
2024-09-25
10 Peter Yee
Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Peter Yee. Sent review to list. Submission of review completed at an earlier …
Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Peter Yee. Sent review to list. Submission of review completed at an earlier date.
2024-09-25
10 Peter Yee Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Peter Yee.
2024-09-19
10 Erik Kline [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline
2024-09-18
10 Roman Danyliw Placed on agenda for telechat - 2024-10-03
2024-09-18
10 Roman Danyliw Ballot has been issued
2024-09-18
10 Roman Danyliw [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw
2024-09-18
10 Roman Danyliw Created "Approve" ballot
2024-09-18
10 Roman Danyliw IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead
2024-09-18
10 Roman Danyliw Ballot writeup was changed
2024-09-18
10 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2024-09-12
10 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2024-09-12
10 David Dong
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-rats-uccs-10. If any part of this review is inaccurate, please let us know.

The …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-rats-uccs-10. If any part of this review is inaccurate, please let us know.

The IANA understands that, upon approval of this document, there are three actions which we must complete. 

First, in the Concise Binary Object Representation (CBOR) Tags registry located at:

https://www.iana.org/assignments/cbor-tags/

A single new tag will be registered as follows:

Tag: [ TBD-at-Registration ]
Data Item: map (Claims-Set as per Appendix A of [ RFC-to-be ]) 
Semantics: Unprotected CWT Claims Set [ RFC-to-be ]
Reference: [ RFC-to-be ]
Template: 

IANA understands that the authors have requested a tag value of 601 for this registration.

As this document requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated the required Expert Review via a separate request.  This review must be completed before the document’s IANA state can be changed to “IANA OK.”

Second, in the application namespace of the Media Types registry located at:

https://www.iana.org/assignments/media-types/

A single new registration will be made as follows:

Name: uccs+cbor
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Third, in the CoAP Content-Formats registry in the Constrained RESTful Environments (CoRE) Parameters registry group located at:

https://www.iana.org/assignments/core-parameters/

Content type: application/uccs+cbor
Content coding: 
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

IANA understands that the authors have requested a tag value of 601 for this registration.

As this also requests a registration in an Expert Review or Specification Required (see RFC 8126) registry, we have completed the required Expert Review via a separate request.

We understand that these three actions are the only ones required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2024-09-11
10 David Dong The CoAP Content-Formats registration has been approved.
2024-09-09
10 Carlos Pignataro Request for Last Call review by OPSDIR is assigned to Per Andersson
2024-09-07
10 Tero Kivinen Request for Last Call review by SECDIR is assigned to Vincent Roca
2024-09-06
10 David Dong IANA Experts State changed to Reviews assigned
2024-09-05
10 Jean Mahoney Request for Last Call review by GENART is assigned to Peter Yee
2024-09-04
10 Barry Leiba Request for Last Call review by ARTART is assigned to Jaime Jimenez
2024-09-04
10 Jenny Bui IANA Review state changed to IANA - Review Needed
2024-09-04
10 Jenny Bui
The following Last Call announcement was sent out (ends 2024-09-18):

From: The IESG
To: IETF-Announce
CC: Kathleen.Moriarty.ietf@gmail.com, draft-ietf-rats-uccs@ietf.org, rats-chairs@ietf.org, rats@ietf.org, rdd@cert.org …
The following Last Call announcement was sent out (ends 2024-09-18):

From: The IESG
To: IETF-Announce
CC: Kathleen.Moriarty.ietf@gmail.com, draft-ietf-rats-uccs@ietf.org, rats-chairs@ietf.org, rats@ietf.org, rdd@cert.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (A CBOR Tag for Unprotected CWT Claims Sets) to Proposed Standard


The IESG has received a request from the Remote ATtestation ProcedureS WG
(rats) to consider the following document: - 'A CBOR Tag for Unprotected CWT
Claims Sets'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-09-18. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  When transported over secure channels, CBOR Web Token (CWT, RFC 8392)
  Claims Sets may not need the protection afforded by wrapping them
  into COSE, as is required for a true CWT.  This specification defines
  a CBOR tag for such unprotected CWT Claims Sets (UCCS) and discusses
  conditions for its proper use.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-rats-uccs/



No IPR declarations have been submitted directly on this I-D.




2024-09-04
10 Jenny Bui IESG state changed to In Last Call from Last Call Requested
2024-09-04
10 Jenny Bui Last call announcement was generated
2024-09-04
10 Roman Danyliw Last call was requested
2024-09-04
10 Roman Danyliw Last call announcement was generated
2024-09-04
10 Roman Danyliw Ballot approval text was generated
2024-09-04
10 Roman Danyliw Ballot writeup was generated
2024-09-04
10 Roman Danyliw IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2024-07-08
10 Ned Smith Added to session: IETF-120: rats  Tue-2000
2024-07-04
10 (System) Changed action holders to Roman Danyliw (IESG state changed)
2024-07-04
10 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2024-07-04
10 Carsten Bormann New version available: draft-ietf-rats-uccs-10.txt
2024-07-04
10 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-07-04
10 Carsten Bormann Uploaded new revision
2024-03-18
09 Roman Danyliw Follow-up AD review: https://mailarchive.ietf.org/arch/msg/rats/VFMB11oiqsTwZPkoOS83eD7I0cs/
2024-03-18
09 (System) Changed action holders to Henk Birkholz, Jeremy O'Donoghue, Nancy Cam-Winget, Carsten Bormann (IESG state changed)
2024-03-18
09 Roman Danyliw IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation::AD Followup
2024-03-04
09 (System) Changed action holders to Roman Danyliw (IESG state changed)
2024-03-04
09 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2024-03-04
09 Carsten Bormann New version available: draft-ietf-rats-uccs-09.txt
2024-03-04
09 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2024-03-04
09 Carsten Bormann Uploaded new revision
2024-02-02
08 Roman Danyliw AD Review: https://mailarchive.ietf.org/arch/msg/rats/3rfzNY_RrjQODnjHaO2O3pLgUh8/
2024-02-02
08 (System) Changed action holders to Roman Danyliw, Henk Birkholz, Jeremy O'Donoghue, Nancy Cam-Winget, Carsten Bormann (IESG state changed)
2024-02-02
08 Roman Danyliw IESG state changed to AD Evaluation::Revised I-D Needed from Publication Requested
2024-01-19
08 Kathleen Moriarty
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document has now passed through 2 working group last calls and represents working group consensus. A finding emerged int he first call that resulted in an addition to the document significant enough to warrant a second working group last call to ensure this full consensus was reached.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The draft is straightforward and references similar work for a JWT, applied here to a CWT with the same described risks. Please see #1 and the diff from version 6 to 8 of the draft.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?
There are 2 known implementations:
https://github.com/laurencelundblade/ctoken
https://github.com/veraison/parsec/blob/1d1cf7b1797199c859412ddaaf5f7cb13b3e7fcf/cca/cbor.go#L15
## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

The work is closely related to the COSE working group and has included review from participants in that WG as well.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

CBOR Tags Registry requires Specification only, not expert review.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?
N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, with COSE working group review during WG last call, and a subsequent WG last call, the draft is ready.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?
Yes.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Yes. The document introduces a new technical application for the base standards used for RATS. As such, this is a standards track document.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.
A check was performed during the first working group last call and a second one will complete on list by January 26, 2024.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.
Yes and author list is limited to 4.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)
Passed the check with expected findings for internationalization of author names.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].
The list is well considered after review as references you'd expect to be normative as used in the text as examples. The usage of those references as informative is correct.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?
None found.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.
N/A

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?
N/A

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).
There is just a request to add an entry to a registry and the request does not present any concerns.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries are created.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

2024-01-19
08 Kathleen Moriarty IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2024-01-19
08 Kathleen Moriarty IESG state changed to Publication Requested from I-D Exists
2024-01-19
08 (System) Changed action holders to Roman Danyliw (IESG state changed)
2024-01-19
08 Kathleen Moriarty Responsible AD changed to Roman Danyliw
2024-01-19
08 Kathleen Moriarty Document is now in IESG state Publication Requested
2024-01-19
08 Kathleen Moriarty
Write up has been completed and submitted. A second call for IPR has commenced on the mailing list. Since a call has already completed along …
Write up has been completed and submitted. A second call for IPR has commenced on the mailing list. Since a call has already completed along with the first WG last call, the document can proceed to IETF last call while this second call for IPR takes place.
2024-01-19
08 Kathleen Moriarty IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document
2024-01-19
08 Kathleen Moriarty
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document has now passed through 2 working group last calls and represents working group consensus. A finding emerged int he first call that resulted in an addition to the document significant enough to warrant a second working group last call to ensure this full consensus was reached.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The draft is straightforward and references similar work for a JWT, applied here to a CWT with the same described risks. Please see #1 and the diff from version 6 to 8 of the draft.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?
There are 2 known implementations:
https://github.com/laurencelundblade/ctoken
https://github.com/veraison/parsec/blob/1d1cf7b1797199c859412ddaaf5f7cb13b3e7fcf/cca/cbor.go#L15
## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

The work is closely related to the COSE working group and has included review from participants in that WG as well.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

CBOR Tags Registry requires Specification only, not expert review.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?
N/A

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, with COSE working group review during WG last call, and a subsequent WG last call, the draft is ready.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?
Yes.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Yes. The document introduces a new technical application for the base standards used for RATS. As such, this is a standards track document.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.
A check was performed during the first working group last call and a second one will complete on list by January 26, 2024.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.
Yes and author list is limited to 4.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)
Passed the check with expected findings for internationalization of author names.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].
The list is well considered after review as references you'd expect to be normative as used in the text as examples. The usage of those references as informative is correct.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?
None found.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.
N/A

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?
N/A

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).
There is just a request to add an entry to a registry and the request does not present any concerns.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries are created.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

2024-01-16
08 Henk Birkholz New version available: draft-ietf-rats-uccs-08.txt
2024-01-16
08 Henk Birkholz New version accepted (logged-in submitter: Henk Birkholz)
2024-01-16
08 Henk Birkholz Uploaded new revision
2023-11-27
07 Henk Birkholz New version available: draft-ietf-rats-uccs-07.txt
2023-11-27
07 Henk Birkholz New version accepted (logged-in submitter: Henk Birkholz)
2023-11-27
07 Henk Birkholz Uploaded new revision
2023-10-31
06 Ned Smith Added to session: IETF-118: rats  Wed-0830
2023-08-26
06 Kathleen Moriarty
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The draft is straightforward and references similar work for a JWT, applied here to a CWT with the same described risks.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?
There are 2 known implementations:
https://github.com/laurencelundblade/ctoken
https://github.com/veraison/parsec/blob/1d1cf7b1797199c859412ddaaf5f7cb13b3e7fcf/cca/cbor.go#L15
## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

The work is closely related to the COSE working group.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

CBOR Tags Registry requires Specification only, not expert review.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, with COSE working group review during WG last call, the draft is ready.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Yes.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries are created.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

2023-08-04
06 Kathleen Moriarty
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The draft is straightforward and references similar work for a JWT, applied here to a CWT with the same described risks.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

The work is closely related to the COSE working group.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

CBOR Tags Registry requires Specification only, not expert review.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, with COSE working group review during WG last call, the draft is ready.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Yes.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries are created.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

2023-08-04
06 Kathleen Moriarty
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

The draft is straightforward and references similar work for a JWT, applied here to a CWT with the same described risks.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

The work is closely related to the COSE working group.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

CWT expert review

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, with COSE expert review, the draft is ready.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Yes.

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

No.

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

No new registries are created.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

2023-08-04
06 Kathleen Moriarty Notification list changed to Kathleen.Moriarty.ietf@gmail.com because the document shepherd was set
2023-08-04
06 Kathleen Moriarty Document shepherd changed to Kathleen Moriarty
2023-08-04
06 Kathleen Moriarty Changed consensus to Yes from Unknown
2023-08-04
06 Kathleen Moriarty Intended Status changed to Proposed Standard from None
2023-08-02
06 Carsten Bormann New version available: draft-ietf-rats-uccs-06.txt
2023-08-02
06 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2023-08-02
06 Carsten Bormann Uploaded new revision
2023-07-12
05 Ned Smith Added to session: IETF-117: rats  Wed-1630
2023-02-01
05 Ned Smith Changed document external resources from: None to:

github_repo https://github.com/ietf-rats-wg/draft-ietf-rats-uccs
2023-02-01
05 Carsten Bormann New version available: draft-ietf-rats-uccs-05.txt
2023-02-01
05 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2023-02-01
05 Carsten Bormann Uploaded new revision
2023-01-11
04 Henk Birkholz New version available: draft-ietf-rats-uccs-04.txt
2023-01-11
04 Henk Birkholz New version accepted (logged-in submitter: Henk Birkholz)
2023-01-11
04 Henk Birkholz Uploaded new revision
2022-07-11
03 Carsten Bormann New version available: draft-ietf-rats-uccs-03.txt
2022-07-11
03 Carsten Bormann New version accepted (logged-in submitter: Carsten Bormann)
2022-07-11
03 Carsten Bormann Uploaded new revision
2022-03-15
02 Ned Smith Added to session: IETF-113: rats  Tue-1000
2022-01-12
02 Carsten Bormann New version available: draft-ietf-rats-uccs-02.txt
2022-01-12
02 (System) New version accepted (logged-in submitter: Carsten Bormann)
2022-01-12
02 Carsten Bormann Uploaded new revision
2021-11-04
01 Ned Smith Added to session: IETF-112: rats  Mon-1200
2021-07-12
01 Henk Birkholz New version available: draft-ietf-rats-uccs-01.txt
2021-07-12
01 (System) New version accepted (logged-in submitter: Henk Birkholz)
2021-07-12
01 Henk Birkholz Uploaded new revision
2021-05-19
00 Cindy Morgan This document now replaces draft-birkholz-rats-uccs instead of None
2021-05-19
00 Henk Birkholz New version available: draft-ietf-rats-uccs-00.txt
2021-05-19
00 (System) WG -00 approved
2021-05-19
00 Henk Birkholz Set submitter to "Henk Birkholz ", replaces to (none) and sent approval email to group chairs: rats-chairs@ietf.org
2021-05-19
00 Henk Birkholz Uploaded new revision