Telechat Review of draft-ietf-core-oscore-edhoc-10
review-ietf-core-oscore-edhoc-10-iotdir-telechat-baccelli-2024-03-27-00
review-ietf-core-oscore-edhoc-10-iotdir-telechat-baccelli-2024-03-27-00
Hello, I've been selected as the IoT Directorate for a review of this draft. The document is very clearly structured, and very well written. I have a few minor nits and optional suggestions, listed below. # Overall: What *might* add marginal value is a small subsection somewhere upfront, which summarizes crisply the applicability / limits of the EDHOC+OSCORE request which are for now scattered in the doc (second paragraph of section 3. and last paragraph of section 3.2.2., if I did not miss something). # Section 1: "Without this optimization, it is not possible, not even in theory, to..." => Suggestion: just simplify to "Without this optimization, it is not possible to..." # Section 2: In Fig. 1 the caption ends by the mention "... without which that message needs no payload." => Suggestion: this mention is difficult to parse at first, and does not related obviously with the accompanying text. What about just removing this mention, or alternatively, rephrase? # Section 6: "It would be convenient to ..." "It would be convenient that ..." => Suggestion: fells a little convoluted. Is there an opportunity to simplify the text here, and make it more direct like "In order to enable XYZ, we specify ABC"? "While a client may become aware of the application profile through several means..." => Suggestion: why not give an concrete example here. # Section 7: "[...] a minimum of 128-bit security [...] is achieved" => Suggestion: A naive question that arises here is (caveat: I am not a cryptographer, as most readers aren't ;) does this 128-bit level hold post-quantum, as far as we can tell. If yes, mention that and maybe point to https://datatracker.ietf.org/doc/html/rfc9528#name-post-quantum-considerations ?