Hello Éric, Thank you for the comments. I put my replies inline and will update the draft on github accordingly. The changes are visible via the diff: https://author-tools.ietf.org/diff?doc_1=draft-ietf-anima-brski-prm&url_2=https://raw.githubusercontent.com/anima-wg/anima-brski-prm/refs/heads/main/draft-ietf-anima-brski-prm.txt
Best regards Steffen > -----Original Message----- > From: Éric Vyncke via Datatracker <nore...@ietf.org> > Sent: Thursday, April 17, 2025 11:51 AM > To: The IESG <i...@ietf.org> > Cc: draft-ietf-anima-brski-...@ietf.org; anima-cha...@ietf.org; > anima@ietf.org; > i...@kovatsch.net; t...@cs.fau.de; i...@kovatsch.net; t...@dd.org > Subject: Éric Vyncke's Discuss on draft-ietf-anima-brski-prm-19: (with DISCUSS > and COMMENT) > > Éric Vyncke has entered the following ballot position for > draft-ietf-anima-brski-prm-19: Discuss > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to > https://www.ietf.org/ > %2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot- > positions%2F&data=05%7C02%7Csteffen.fries%40siemens.com%7Cc6882eca6d5 > 94babf9ba08dd7d955d61%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0% > 7C638804802717272350%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOn > RydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D > %3D%7C0%7C%7C%7C&sdata=pwDbvN9TpyntKpXxCYnQlgGlVp7awloJolEX6Er > E1f0%3D&reserved=0 > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.i/ > etf.org%2Fdoc%2Fdraft-ietf-anima-brski- > prm%2F&data=05%7C02%7Csteffen.fries%40siemens.com%7Cc6882eca6d594ba > bf9ba08dd7d955d61%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C63 > 8804802717301116%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D% > 7C0%7C%7C%7C&sdata=UsoI6Ew7BvAybCxDGW0lpaJzNIPM04vNk2W%2F0xMQ > CoA%3D&reserved=0 > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments for draft-ietf-anima-brski-prm-19 > CC @evyncke > > Thank you for the work put into this document (even using nice SVG graphics!), > I am afraid that my review was rather superficial (lack of time due to last > week AI pref interim), but I trust the responsible AD. It is also interesting > to see how the scope has increased in the 10 years of ANIMA (while staying in > the charter) from always-on big routers network to IoT. > > Please find below one blocking DISCUSS points (easy to address), some > non-blocking COMMENT points (but replies would be appreciated even if only for > my own education), and some nits. > > Special thanks to Matthias Kovatsch for the shepherd's detailed write-up > including the WG consensus *and* the justification of the intended status. > > Other thanks to David Lawrence, the DNS directorate reviewer, please consider > this dns-dir review: > https://datatracker.i/ > etf.org%2Fdoc%2Fdraft-ietf-anima-brski- > prm%2Freviewrequest%2F21545%2F&data=05%7C02%7Csteffen.fries%40siemen > s.com%7Cc6882eca6d594babf9ba08dd7d955d61%7C38ae3bcd95794fd4addab42 > e1495d55a%7C1%7C0%7C638804802717316123%7CUnknown%7CTWFpbGZsb3d > 8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiT > WFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Z%2FkdLHAPweseEeISh > KblBB6n6mwYegWTiPa5DI8s1F0%3D&reserved=0 > (thanks Steffen for your reply) > > I hope that this review helps to improve the document, > > Regards, > > -éric > > ## DISCUSS (blocking) > > As noted in > https://www.ietf.org/ > %2Fblog%2Fhandling-iesg-ballot- > positions%2F&data=05%7C02%7Csteffen.fries%40siemens.com%7Cc6882eca6d5 > 94babf9ba08dd7d955d61%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0% > 7C638804802717329986%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOn > RydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D > %3D%7C0%7C%7C%7C&sdata=8WwVM07Q9ZGcwZ%2BpSHgjM1FA8puDwrj8RC > FJI0%2BanqQ%3D&reserved=0, a > DISCUSS ballot is just a request to have a discussion on the following topics: > > ### Section 6.1.2 > > It appears that there is no restriction on 'product-serial-number' in this > section and for mDNS a label has a strict syntax, i.e., if the serial number > is > always composed of only digits or A-2 or '-', then all is good, but if there > is > a dot, then all is bad or if the serial number if longer than 255 > characters... > Can this syntax check be added ? > > `Note that the service name definition is not fully inline with the naming > recommendation of [RFC6763]. However, the definition allows to discover > specific instances of a pledge.` the readers and implementers will appreciate > some explanations for the deviation and how to minimize the impact. [stf] good point. Proposal to address it as following: OLD Note that the service name definition is not fully inline with the naming recommendation of [RFC6763]. However, the definition allows to discover specific instances of a pledge. NEW Note that the service name definition is not fully inline with the naming recommendation of [RFC6763] due to the positioning of '_tcp'. However, the definition of the 'product-serial-number' has align with the allowed character set (see [RFC6763]) to avoid discovery problems. This check is necessary as the 'product-serial-number' is also contained in the certificate as X520SerialNumber, that has a larger allowed character set. Using the 'product-serial-number' as part of the service name allows to discover specific instances of a pledge. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > ## COMMENTS (non-blocking) > > ### Section 4 > > Please expand `BTLE` (usually written BLE I think). And section 7 uses a > different acronym in `Bluetooth Low Energy (BLE), or Near Field Communication > (NFC)` [stf] Thanks, update first occurrence from OLD BTLE NEW Bluetooth Low Energy (BLE) > `over other technologies like BTLE or NFC, which may not support TLS protected > communication` but the 6LO WG has defined IP over these media, i.e., COAP > could > be used. Suggest adding text why 6LO WG technologies cannot be used. [stf] Hm, I thought we have the openness through the " which may not support TLS protected communication. " Do you think it needs further explanation, as it does not rule out the use of IP? > `The use of authenticated self-contained objects addresses both, the TLS > challenges` for sure mTLS offers authentication, but it also offers > confidentiality and that is not the case for `authenticated self-contained > objects`. Or did I miss something obvious ? [stf] yes, true, but TLS cannot be easily applied, as the pledge does not possess a suitable certificate to act as server. So some adaptations are necessary. That was one reason why we use self-contained objects, besides the introduction of an intermediate component by still retaining the trust relation/establishment between the pledge and the registrar. The intention here was to argue for the use of self-contained objects. > ### Section 5 > > About the title s/5. Solution Architecture/5. Architecture/ > > ### Section 5.1 > > I was about to DISCUSS this point as I find *very unusual* to refer to another > PDF document rather than having a SVG/ASCII ART diagram in the I-D... `An > abstract overview of the BRSKI-PRM protocol can be found on slide 8 of > [BRSKI-PRM-abstract].` [stf] during the WG/AD reviews we got the comment to include a link to the presentation as it provides an easy to grasp overview picture. We did the same approach in BRSKI-AE (RFC 9733). > In which figure ? `Note that the Join Proxy is not shown in the figure` ? I > guess it is about figure 1, but let's be precise. [stf] It actually relates to both, Figure 1 and the referenced presentation. Proposal to update to OLD Note that the Join Proxy is not shown in the figure. NEW Note that the Join Proxy is neither shown in Figure 1 nor in [BRSKI-PRM-abstract]. > Figure 1, what does `drop ship` means on this figure ? [stf] We use the same terminology as in BRSKI (RFC 8995). Drop ship was meant to describe "delivery" > ### Section 6.1.2 > > I noted that authors of the related draft-ietf-anima-brski-discovery also > tried > to interact with the DNSSD WG, see > https://mailarchive.i/ > etf.org%2Farch%2Fmsg%2Fdnssd%2FrWqgj_c_ZRT6CTGi7gby1r5FdLQ%2F&dat > a=05%7C02%7Csteffen.fries%40siemens.com%7Cc6882eca6d594babf9ba08dd7d > 955d61%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388048027173 > 43115%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjA > uMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7 > C%7C&sdata=uEB2XE4CD0MTOrdhp%2FMq1rFvCLjhzLlnqw0AqVYjtlw%3D&reser > ved=0 which > is good of course. Thanks. > > ### Section 10.2 > > While I noted that the datatrack IANA note says OK, please add the exact URI > for the IANA registry as I was unable to find it in > https://www.iana.or/ > g%2Fassignments%2Fservice-names-port-numbers%2Fservice-names-port- > numbers.xhtml%3Fsearch%3Dbrski- > pledge&data=05%7C02%7Csteffen.fries%40siemens.com%7Cc6882eca6d594babf > 9ba08dd7d955d61%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C6388 > 04802717356073%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWU > sIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7 > C0%7C%7C%7C&sdata=X%2FOMbnQBGH5fkJSkJUI5HUCyKLpAPxUtteUkp%2Fti > xfk%3D&reserved=0 > if this was the intended registry then s/IANA has registered the following > service name*s*/IANA is requested to register the following service name/ [stf] We will take the suggestion to state "*IANA is requested to register the following service name" > ## NITS (non-blocking / cosmetic) > > ### Section 7.2.2.2 (and other places) > > You may want to use 2025 rather than 2022 ;-) [stf] okay, looks more recent ;-) _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
