Hi Alissa This commit https://github.com/SanKumar2015/EST-coaps/commit/a45eda375f4b228b4bcb29e142e 393cddbaa4e6a tries to address your feedback. The full discussion is in https://github.com/SanKumar2015/EST-coaps/issues/157
Let us know if it does not make sense. Rgs, Panos -----Original Message----- From: Ace <ace-boun...@ietf.org> On Behalf Of Panos Kampanakis (pkampana) Sent: Thursday, December 19, 2019 11:50 PM To: Alissa Cooper <ali...@cooperw.in>; The IESG <i...@ietf.org> Cc: draft-ietf-ace-coap-...@ietf.org; i...@augustcellars.com; ace-cha...@ietf.org; ace@ietf.org Subject: Re: [Ace] Alissa Cooper's No Objection on draft-ietf-ace-coap-est-17: (with COMMENT) Hi Alissa, Thank you for the feedback. > "It is also RECOMMENDED that the Implicit Trust Anchor database used > for EST server authentication is carefully managed to reduce the > chance of a third-party CA with poor certification practices > jeopardizing authentication." > > This strikes me as a slightly odd use of normative language (what are the exception cases when the trust anchor database should not be carefully managed?). > The blurb is directly from RFC7030. We reiterate it here to point it out as a best practice and then we present a potential deviation from it for constrained environments. To avoid this confusion we can rephrase it as As discussed in Section 6 of [RFC7030], it is "RECOMMENDED that the Implicit Trust Anchor database used for EST server authentication is carefully managed to reduce the chance of a third-party CA with poor certification practices jeopardizing authentication. Disabling the Implicit Trust Anchor database after successfully receiving the Distribution of CA certificates response (Section 4.1.3 of [RFC7030]) limits any risk to the first DTLS exchange." [...] Rgs, Panos -----Original Message----- From: Ace <ace-boun...@ietf.org> On Behalf Of Alissa Cooper via Datatracker Sent: Tuesday, December 17, 2019 2:35 PM To: The IESG <i...@ietf.org> Cc: draft-ietf-ace-coap-...@ietf.org; i...@augustcellars.com; ace-cha...@ietf.org; ace@ietf.org Subject: [Ace] Alissa Cooper's No Objection on draft-ietf-ace-coap-est-17: (with COMMENT) Alissa Cooper has entered the following ballot position for draft-ietf-ace-coap-est-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ace-coap-est/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 10.1: "It is also RECOMMENDED that the Implicit Trust Anchor database used for EST server authentication is carefully managed to reduce the chance of a third-party CA with poor certification practices jeopardizing authentication." This strikes me as a slightly odd use of normative language (what are the exception cases when the trust anchor database should not be carefully managed?). _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace