Skip to main content

Last Call Review of draft-ietf-anima-brski-prm-15
review-ietf-anima-brski-prm-15-iotdir-lc-tiloca-2024-12-01-00

Request Review of draft-ietf-anima-brski-prm
Requested revision No specific revision (document currently at 18)
Type Last Call Review
Team Internet of Things Directorate (iotdir)
Deadline 2024-12-06
Requested 2024-11-19
Requested by Mahesh Jethanandani
Authors Steffen Fries , Thomas Werner , Eliot Lear , Michael Richardson
I-D last updated 2024-12-01
Completed reviews Secdir Early review of -10 by Charlie Kaufman (diff)
Secdir Early review of -05 by Charlie Kaufman (diff)
Yangdoctors Early review of -05 by Martin Björklund (diff)
Iotdir Early review of -05 by Marco Tiloca (diff)
Iotdir Last Call review of -15 by Marco Tiloca (diff)
Secdir Last Call review of -17 by Wes Hardaker (diff)
Opsdir Last Call review of -15 by Ran Chen (diff)
Dnsdir Last Call review of -17 by David C Lawrence (diff)
Genart Last Call review of -17 by Paul Kyzivat (diff)
Comments
The shepherd writeup suggested that a security area and IoT directorate review be conducted once the document is ready for publication.
Assignment Reviewer Marco Tiloca
State Completed
Request Last Call review on draft-ietf-anima-brski-prm by Internet of Things Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/iot-directorate/zHTvwthbWWQVXwysnO5poZdQBvg
Reviewed revision 15 (document currently at 18)
Result Ready w/nits
Completed 2024-12-01
review-ietf-anima-brski-prm-15-iotdir-lc-tiloca-2024-12-01-00
Hi,

I am the assigned IoT-Directorate reviewer for this draft.

Summary: Ready with Nits.

This document specifies the Bootstrapping a Remote Secure Key Infrastructure
(BRSKI) with Pledge in Responder Mode (PRM), thus enabling the bootstrapping of
a pledge device that acts as server during the process.

I previously reviewed version -05, and I find the quality of the document
greatly improved since then as to clarity and presentation.

Please see below my comments for version -15. I hope it helps!

Best,
/Marco

[Section 6.1.2]

* It says:

  > The discovery of the pledge by the Registrar-Agent in the context of this
  document describes the minimum discovery approach to be supported.

  Can this be more assertive and normatively say "... the minimum discovery
  approach that MUST be supported." ?

[Section 7.5.2.1]

* It says

  > ... or an array of at least two X.509 v3 certificates ...

  This requires to fix the CDDL definition in Figure 27 (see Sections 3.2 and
  3.4 of RFC 8610).

  OLD:
  "x5bag": bytes / [+ bytes]

  NEW:
  "x5bag": bytes / [2* bytes]

[Nits]

* Section 1
  - s/associated to/associated with

* Section 3.1.3
  - s/operate a RA/operate an RA

* Section 3.2
  - s/communicate with another/communicate with one another

* Section 5.1
  - s/or protocol to be/or protocols to be

* Section 5.4
  - s/communicated via/communicates via

* Section 6.1.2
  - s/an DNS-SD/a DNS-SD
  - s/a mDNS/an mDNS
  - s/support this functionality/supports this functionality

* Section 6.3.1
  - s/establishment, that/establishment that

* Section 6.4
  - s/resp./respectively.

* Section 7.2.2.2
  - s/in the case the/in case the

* Section 7.3
  - s/is of the pledge verified/of the pledge are verified
  - s/to an Registrar/to a Registrar

* Section 7.3.1
  - s/MASA MAY chose/MASA MAY choose
  - s/certificate that signed by/certificate that is signed by

* Section 7.3.6
  - s/BRSKi-PRM/BRSKI-PRM

* Section 7.4
  - s/signed signed with/signed with

* Section 7.6
  - s/MAY stored/MAY store
  - s/but use the/but using the
  - s/pledge did not did not/pledge did not

* Section 7.6.2.3
  - s/plege/pledge

* Section 7.7
  - s/certficate/certificate
  - s/processed by pledge/processed by the pledge

* Section 7.10
  - s/Second, the Registrar-Agent/First, the Registrar-Agent

* Section 7.11.2.3
  - s/according its bootstrapping/according to its bootstrapping

* Section 8
  - s/in EE certificate/in the EE certificate

* Section 10
  - s/to optional apply/to optionally apply

* Section 11
  - s/BRSKI-PRM, the pledge/BRSKI-PRM the pledge
  - s/does not limited/does not limit
  - s/simply resent the/simply resend the

* Appendix B

  - s/dependant/dependent
  - s/scanable/scannable
  - s/useable/usable