Hi, I think that could work for me. If the changes address the initial concerns, we may publish these changes in the coming days.
Yours,. Daniel ________________________________ From: Stefanie Gerdes <ger...@tzi.de> Sent: Wednesday, February 17, 2021 8:51 AM To: Daniel Migault <daniel.miga...@ericsson.com>; Daniel Migault <mglt.i...@gmail.com>; Francesca Palombini <francesca.palomb...@ericsson.com> Cc: Göran Selander <goran.selander=40ericsson....@dmarc.ietf.org>; Russ Mundy <mu...@tislabs.com>; Olaf Bergmann <bergm...@tzi.org>; ace@ietf.org <ace@ietf.org> Subject: Re: [Ace] secdir review of draft-ietf-ace-dtls-authorize-14 Hi Daniel, On 02/16/2021 04:53 PM, Daniel Migault wrote: > Section 5: > OLD > "Profiles MUST specify a communication security protocol that provides > the features required above." > NEW > "Profiles MUST specify at least one communication security protocol that > provides the features required above." > > <mglt> > I have the impression that with MUST specify one expects a mandatory protocol > to be provided. Would the following text be acceptable ? > > NEW2: > "Profiles RECOMMENDs at least one communication security protocol that > provides the features required above." > </mglt> I don't understand it like that but I see your point. But I think "RECOMMENDS" leaves too much wiggle room :). The profiles could then omit the protocols completely, which I think is a bad idea. Implementers should have at least one example how the communication between C and AS is protected. Since we don't provide it in the framework we must have it in the profiles. How about: NEW3: "Profiles MUST specify at least one communication security protocol that provides the features required above as an example how the respective communication can be secured." Viele Grüße Steffi
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace