Hi all, I have reviewed the document, and I think it's well written and largely ready.
Please find below a few minor comments. Hope this helps! Best, /Marco [Section 3.1.3] * When describing Figure 4, it says: > Note that the EDHOC error message may not be omitted. I think you mean: > Note that the EDHOC error message cannot be omitted. [Section 3.3] * It says: > ... means that the integer Type value is embedded in a CBOR byte string. I think you mean: > ... means that the CBOR-encoded integer Type value is embedded in a CBOR byte string. That is, the value of the CBOR byte string is the binary representation of the integer Type value. For example <<1>> results in the context 0x4101, while <<24>> results in the context 0x421818. [Section 3.5] * It says: > The keying material can be derived after the EDHOC message_2 has been sent or received. Is this correct? Receiving (and successfully processing) the incoming message_2 indeed enables the Initiator to derive PRK_out, hence PRK_exporter, hence the keying material. However, the Responder needs to receive (and successfully process) the following message_3 in order to do the same. Perhaps you mean the following? > The keying material can be derived by the Initiator (Responder) after the EDHOC message_2 (message_3) has been received. [Section 3.6] * It says: > Accordingly, a new EAD item is defined to incorporate EAP channel binding information into the EAD fields of the EAP-EDHOC messages: I guess that the new IEAD item is meant to be used only in a critical way, right? (see Section 3.8 of RFC 9528) Also, is it allowed to repeat it within the same EAD field? Consistent with the corresponding entry in Table 1 of Section 6.1.1, it should also be defined that the EAD is intended only for EAD_3 and EAD_4. That said, can it be silently ignored if included in EAD_1 or EAD_2? [Nits] * Section 1.1 --- s/methods includes/methods include --- s/Tokens and CWT Claims Sets/Tokens, and CWT Claims Sets (CCSs) --- s/a connection for/a session for --- s/messages makes use/messages make use * Section 3.1.1 --- s/And while the/While the --- s/} they do/, they do * Section 3.1.3 --- s/For example with/For example, with --- s/it is indicated/, it is indicated * Section 3.1.4 --- "NAIs" can be expanded at its first use here, instead of later in Section 3.1.5. --- s/; See/. See * Section 3.1.6 --- s/passed/transferred --- s/However as/However, as --- s/(See/(see --- s/successful, and fragmentation/successful and fragmentation --- s/the conversation, illustrated in Figure 6 will appear as follows:/the conversation is as illustrated in Figure 6: * Section 3.6 --- s/message, and the/message and the * Section 4.1 --- s/fragmentation it is/fragmentation, it is --- s/of transported EDHOC/of the transported EDHOC --- s/set to 0, and the/set to 0 and the * Section 4.2 --- s/fragmentation it is/fragmentation, it is --- s/of transported EDHOC/of the transported EDHOC --- s/set to 0, and the/set to 0 and the * Section 6.1.1 --- s/CWTs and all/CWTs, and all --- s/Ciphersuite/Cipher suite --- s/prot./protection --- s/This include X.509/These include X.509 --- s/) and CCSs/), and CCSs --- s/attackers and message_3/attackers, while message_3 * Section 6.2 --- s/initiator/Initiator * Section 6.3 --- s/considerations as/considerations as in * Section 6.4 --- s/considerations as/considerations as in * Section 6.9 --- s/. Does not/, while it does not Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se ________________________________ From: Peter Yee <[email protected]> Sent: Wednesday, June 25, 2025 2:17 PM To: EMU WG <[email protected]> Subject: [Emu] WGLC for draft-ietf-emu-eap-edhoc I've initiated a Working Group Last Call for draft-ietf-emu-eap-edhoc. The document was last updated earlier this month but appears fairly stable, with only small changes in the last version. Please provide your input on this document within the next two weeks (by 9 July 2025) so that we can discuss it during the upcoming meeting in Madrid. Thank you! -Peter and Joe _______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
