Telechat Review of draft-ietf-lamps-lightweight-cmp-profile-15
review-ietf-lamps-lightweight-cmp-profile-15-iotdir-telechat-widell-2022-11-25-00

Reviewer: Niklas Widell
Review result: Ready

I have reviewed  draft-ietf-lamps-lightweight-cmp-profile from IoT point of
view, as part of IoT directorate document reviews.

The long and comprehensive document specifies a CMP profile for use in
industrial/machine-to-machine deployments. I am not a Certificate management
expert so I cannot judge on detailed level how well the profile fulfils what it
sets out to do, but document appears to be a well-written, thorough and
detailed work.

I did not identify any other IoT related issues with the document other than
the minor one below.

The document is ready for publication.

Minor issue:
- (more of a question really)  The draft notes that it can be used for
(constrained) IoT devices, and I don't see anything directly countering that
(e.g., there is mapping to CoAP, optionality is reduced etc). However, without
implementation insights it is hard to say if the profile actually results in
lightweight implementation - are there any results to show that that is the
case? E.g., are any of the mandatory EE side operations known to be cumbersome
from compute perspective, or are the similar existing 3gpp & UNISIG profiles
reasonably lean in size?

Nits:

- (editorial) section 4: the CMP message names (ip/cp/etc) are  not described
until section four, but used before that. Given the otherwise good background
material it would be good to have the reference moved earlier.

- Why, if CMP message names are well known and commonly used, are they only
used for CoAP paths and not for HTTP ones?  (e.g., why does CoAP have "ir" and
HTTP "initiatlization" for the same operation (enroll EE to new PKI))