1. I want to verify that the following is the desired statement: There is a strong preference that TLS not use PSK for authentication. This follows from the recommendation to use TLS:Anon-MQTT:ace for the authentication option. I have no problems with this statement, I just want to be sure that the group as a whole is ok with this position. I found that I implemented the SHOULD NOT option for PSK to start with, but that is because I was trying to be completist not because I think the position is wrong.
2. While implementing I found that there did not appear to be a mandatory to implement validation algorithm, one needs to be specified. 3. After reading the log of bugs which have been showing up on the MQTT code base that I have been using, I think there needs to be text put into the document to deal with the clean session requirement that this profile is enforcing. I am seeing a lot of people who are relying on the fact they are not reconnecting with clean session to get QoS information back from the server in the event of unexpected disconnects. 4. I keep going back and forth on a recommendation that we channel bind in the challenge response case. I don't have the knowledge to be able to do a formal proof, but I think that all of necessary conditions are going to be met without it. However, having the binding included would most likely make the proofs that much easier. Jim _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
