Skip to main content

Last Call Review of draft-ietf-rats-eat-21
review-ietf-rats-eat-21-genart-lc-robles-2023-08-09-00

Request Review of draft-ietf-rats-eat
Requested revision No specific revision (document currently at 31)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2023-08-09
Requested 2023-07-19
Authors Laurence Lundblade , Giridhar Mandyam , Jeremy O'Donoghue , Carl Wallace
I-D last updated 2023-08-09
Completed reviews Opsdir Last Call review of -21 by Linda Dunbar (diff)
Opsdir Last Call review of -27 by Linda Dunbar (diff)
Genart Last Call review of -21 by Ines Robles (diff)
Intdir Telechat review of -21 by Haoyu Song (diff)
Secdir Last Call review of -13 by Hilarie Orman (diff)
Iotdir Last Call review of -13 by Eliot Lear (diff)
Assignment Reviewer Ines Robles
State Completed
Request Last Call review on draft-ietf-rats-eat by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/Wzll24SUe_WpdUUELkhoH6GVAUI
Reviewed revision 21 (document currently at 31)
Result Ready w/nits
Completed 2023-08-09
review-ietf-rats-eat-21-genart-lc-robles-2023-08-09-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-rats-eat-21
Reviewer: Ines Robles
Review Date: 2023-08-09
IETF LC End Date: 2023-08-09
IESG Telechat date: Not scheduled for a telechat

Summary:

This document describes Entity Attestation Token (EAT) that provides an
attested claims set that describes state and characteristics of an entity. This
claims set is used by a relying party, server, or service to assess the
trustworthiness of the entity. EAT is constructed as a framework for defining
specific attestation tokens for specific use cases.

The document is well documented, with good set of references. No major issues
found, minor nits found as specified below.

Major Issues: None

Minor Issues: None

Nits:

- Abstract: What about "...service to determine how much it wishes to trust the
entity." --> "...service to assess the trustworthiness of the entity." ?

- Section 4.1.17: Maybe "failure, fail to run, ..." --> "failure, fail to run,
among others." ?

- In Section 4.2.14 "(DLOAs))" --> (DLOAs), the same for (Section 4.2.16)) in
Section 6.2.12

- Section 4.3.3 and Section 7.3.1. "TBD(BUNDLE-Untagged-Message)" -->
TBD602(BUNDLE-Untagged-Message) ? (To be aligned with IANA Section)

- Section 6.2.12: "This document requires an EAT receiver must accept all
claims it does not understand." are there specific security consideration to
follow in this case not mentioned in section 9.1?

- Section 6.3: It would be nice to have a caption for Table 2. (Same for rest
of the tables)

- Section 7.3.1: "one place that that a CBOR token" --> "one place where a CBOR
token" ?

- Appendix C.1: "EAT doesn't define a an device implementation and DevID does."
--> "EAT doesn't define a device implementation, but DevID does." ?

Thanks for this document,

Ines.