Skip to main content

Last Call Review of draft-ietf-ace-extend-dtls-authorize-06
review-ietf-ace-extend-dtls-authorize-06-opsdir-lc-qu-2023-02-09-00

Request Review of draft-ietf-ace-extend-dtls-authorize
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2023-01-24
Requested 2023-01-10
Authors Olaf Bergmann , John Preuß Mattsson , Göran Selander
I-D last updated 2023-02-09
Completed reviews Secdir Last Call review of -05 by Tirumaleswar Reddy.K (diff)
Opsdir Last Call review of -06 by Yingzhen Qu (diff)
Genart Last Call review of -05 by Paul Kyzivat (diff)
Assignment Reviewer Yingzhen Qu
State Completed
Request Last Call review on draft-ietf-ace-extend-dtls-authorize by Ops Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/h3Bt3xpJJOym2Z22e97uzLFETnU
Reviewed revision 06 (document currently at 07)
Result Has nits
Completed 2023-02-09
review-ietf-ace-extend-dtls-authorize-06-opsdir-lc-qu-2023-02-09-00
I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written with the intent of improving the operational aspects of the IETF
drafts. Comments that are not addressed in last call may be included in AD
reviews during the IESG review. Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-ietf-ace-extend-dtls-authorize-06 - Extension of the CoAP-DTLS
Profile for ACE to TLS Reviewer: Yingzhen Qu Review Date: 2023-02-09

Summary:
This document updates the CoAP-DTLS profile for ACE described in RFC 9202 to
apply to TLS as well as DTLS.

The document is ready, but the following nits may be considered by the authors
before publication.

Nits:
General: This document is updating RFC 9202, so there are lots of abbreviations
from RFC 9202. I’m not an expert in this field, I’d suggest expanding some of
these
 terms when they are used for the first time in the document, such as CoAP, ACE.

Question (line number from idnits):
114        The ace_profile parameter indicates the use of the DTLS profile for
115        ACE as defined in [RFC9202].  Therefore, the Client typically first
116        tries using DTLS to connect to the Resource Server.  If this fails
117        the Client MAY try to connect to the Resource Server via TLS.  The
118        client can try TLS and DTLS in parallel to accelerate the connection
119        setup.  It is up to the implementation to handle the case where the
120        RS reponds to both connection requests.

In case both the client and server support both TLS and DTLS, it says here “It
is up to the implementation to handle”. However it also says “the client
typically first tries using DTLS”, this seems to give priority to DTLS. Please
clarify.