Hi Michael, The proposal sounds good for me as well. I like the substructure, which makes it better readable. I only added a small comment in the PR.
Best regards Steffen > -----Original Message----- > From: Michael Richardson <[email protected]> > Sent: Monday, May 26, 2025 7:43 PM > To: William Atwood <[email protected]> > Cc: Gorry Fairhurst <[email protected]>; The IESG <[email protected]>; > draft-ietf- > [email protected]; [email protected]; [email protected]; > [email protected]; [email protected] > Subject: Re: [Anima] Re: Gorry Fairhurst's No Objection on > draft-ietf-anima-brski- > prm-22: (with COMMENT) > > > William Atwood <[email protected]> wrote: > >> Such a physically present attacker could learn the identity of the > Pledge by > simply pretending to be a Registrar-Agent, and asking the device for it's > identity. > > > s/it's/its/ > > fixed. > > >> An active on-path attacker can not replace the signed objects that the > >> Pledge and Registrar-Agent exchange. > > > "can not" is ambiguous. It can mean "it is impossible for the attacker > to > > replace the signed objects", or it can mean "it is possible for the > attacker > > to 'not replace' (i.e., leave as-is) the signed objects". > > > If the first meaning is what you intend, then you could s/can > not/cannot/, > > but you should probably reword as "It is impossible for an active > on-path > > attacker to replace the signed objects that the Pledge and > Registrar-Agent > > exchange." If the second meaning is what you intend, then I suggest > > rewriting to express what is actually true. > > I replaced the sentence as you suggest, and I extended to explain: > > > Also, it would be good to add a sentence explaining why (in either > case). > > Now in https://github.com/anima-wg/anima-brski-prm/pull/151 > > -- > Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
