IETF Last Call Review of draft-ietf-rats-network-device-subscription-11
review-ietf-rats-network-device-subscription-11-genart-lc-knodel-2026-04-08-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-rats-network-device-subscription-11
Reviewer: Mallory Knodel
Review Date: 2026-04-07
IETF LC End Date: 2026-04-13
IESG Telechat date: Not scheduled for a telechat

Summary: The specification in this document provides a continuous feed of
attestation data using YANG as the data structure so a TPM verifier can assess
device trustworthiness over time.

Major issues:
 * None.

Minor issues:
 * Security considerations could easily be made more readable. I would split
 this into three paragraphs: Security considerations related to YANG, to RATS
 and any new considerations introduced by bringing them together in this
 specification (seems like none, but fine to say this). Then under the YANG
 related considerations it would be simple to state the title of the RFC and if
 it isn't obvious to give the reader a very brief indication of why that
 section of the document is relevant to security for this specification. * FWIW
 I think the privacy section is mostly fine as it is, perhaps maybe also
 expanding a first sentence to give the title of the RFC and list quickly any
 specific privacy concerns.

Nits/editorial comments:
 * Spell out TPM in the abstract, because it's first use.
 * Figure 1: "|    |<------------------ subscribe(nonce, TpmName, ?PcrSelecion)
 |    |", ?PcrSelection looks like a typo. * Section 5: "adds a nonce to as a
 subscription parameters" has a couple of ways to resolve the grammar.