Dear Laurence and Carsten, Thank you for your replies. We have updated our files as follows. Please review and let us know if any further changes are needed.
Section 4.2.10 OLD: If the entity is stationary, the heading is NULL. NEW: If the entity is stationary, the heading is 'null’. ... Section 6.3.6 OLD: JWT may use the JOSE NULL protection option. NEW: JWT may use the JOSE 'null' protection option. —Files (please refresh)— The updated XML file is here: https://www.rfc-editor.org/authors/rfc9711.xml The updated output files are here: https://www.rfc-editor.org/authors/rfc9711.txt https://www.rfc-editor.org/authors/rfc9711.pdf https://www.rfc-editor.org/authors/rfc9711.html These diff files show all changes made during AUTH48: https://www.rfc-editor.org/authors/rfc9711-auth48diff.html https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html (side by side) These diff files show only the change made during the last editing round: https://www.rfc-editor.org/authors/rfc9711-lastdiff.html https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html (side by side) These diff files show all changes made to date: https://www.rfc-editor.org/authors/rfc9711-diff.html https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html (side by side) For the AUTH48 status of this document, please see: https://www.rfc-editor.org/auth48/rfc9711 Best regards, RFC Editor/kc > On Apr 5, 2025, at 7:48 PM, Carsten Bormann <c...@tzi.org> wrote: > > On 5. Apr 2025, at 22:10, Laurence Lundblade <l...@island-resort.com> wrote: >> >> In the location Claim section > > There is another NULL in 6.3.6, which I think is trying to refer to RFC 7518 > “alg=none”. > > Grüße, Carsten > > On Apr 5, 2025, at 1:10 PM, Laurence Lundblade <l...@island-resort.com> wrote: > > Hi RFC editor, > > We need a fix to one of the changes we’ve made in the editing process. > > In the location Claim section > NULL -> ‘null’ > > The fix has been applied in this PR: > https://github.com/ietf-rats-wg/eat/pull/469/files > > Thank you Thomas for point this out. > > LL > On Mar 26, 2025, at 4:46 PM, Karen Moore <kmo...@staff.rfc-editor.org> wrote: > > Hi Roman, > > We are checking in on the status of this document. Please let us know if more > time is needed for the changes being reviewed by the working group or if the > document is ready to move forward in AUTH48. > > As a recap, all authors have approved the document, and we are awaiting your > approval of the changes that are beyond editorial (see Sections 3, 4.1, > 4.2.3.2, 4.2.3.3, 4.2.10, 4.2.18, 5, 7.3, 7.3.1, 7.3.2, and 9.1 as well as > Appendices A.1.7, A.2.2, A.2.3, B.2, and D). > > Best regards, > RFC Editor/kc > > —Files (please refresh)— > > The updated XML file is here: > https://www.rfc-editor.org/authors/rfc9711.xml > > The updated output files are here: > https://www.rfc-editor.org/authors/rfc9711.txt > https://www.rfc-editor.org/authors/rfc9711.pdf > https://www.rfc-editor.org/authors/rfc9711.html > > These diff files show all changes made during AUTH48: > https://www.rfc-editor.org/authors/rfc9711-auth48diff.html > https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html (side by side) > > These diff files show only the change made during the last editing round (5): > https://www.rfc-editor.org/authors/rfc9711-lastdiff.html > https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html (side by side) > > These diff files show all changes made to date: > https://www.rfc-editor.org/authors/rfc9711-diff.html > https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html (side by side) > > For the AUTH48 status of this document, please see: > https://www.rfc-editor.org/auth48/rfc9711 > > >> On Feb 24, 2025, at 10:45 AM, Karen Moore <kmo...@staff.rfc-editor.org> >> wrote: >> >> Dear Giri, >> >> We have noted your approval on the AUTH48 status page for this document >> (https://www.rfc-editor.org/auth48/rfc9711). >> >> We now await further changes, if needed, and approval from Roman. >> >> Best regards, >> RFC Editor/kc >> >>> On Feb 22, 2025, at 4:13 PM, Giridhar Mandyam <giridhar.mand...@gmail.com> >>> wrote: >>> >>> Dear RFC Ed, >>> I am satisfied with the latest changes. >>> >>> Thanks, >>> -Giri Mandyam >>> >>> On Fri, Feb 21, 2025, 10:52 AM Karen Moore <kmo...@staff.rfc-editor.org> >>> wrote: >>> Hi Jeremy, >>> >>> Thank you for the catch - our files have been updated accordingly (note >>> that we will perform a spell check prior to publication as well). We have >>> noted your approval on the AUTH48 status page for this document >>> (https://www.rfc-editor.org/auth48/rfc9711). >>> >>> We now await further changes, if needed, and approvals from Giri and the >>> AD. Once approvals are received, we will ask IANA to update their >>> registries accordingly. >>> >>> —Files (please refresh)— >>> >>> The updated XML file is here: >>> https://www.rfc-editor.org/authors/rfc9711.xml >>> >>> The updated output files are here: >>> https://www.rfc-editor.org/authors/rfc9711.txt >>> https://www.rfc-editor.org/authors/rfc9711.pdf >>> https://www.rfc-editor.org/authors/rfc9711.html >>> >>> These diff files show all changes made during AUTH48: >>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html (side by side) >>> >>> These diff files show only the change made during the last editing round >>> (5): >>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html (side by side) >>> >>> These diff files show all changes made to date: >>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html (side by side) >>> >>> For the AUTH48 status of this document, please see: >>> https://www.rfc-editor.org/auth48/rfc9711 >>> >>> Best regards, >>> RFC Editor/kc >>> >>>> On Feb 21, 2025, at 2:26 AM, Jeremy O'Donoghue <jodon...@qti.qualcomm.com> >>>> wrote: >>>> >>>> Hi Karen, >>>> >>>> One nit from the diff, close to line 463: >>>> >>>> Relying Party: A role preformed by an entity that depends on the >>>> >>>> >>>> I believe “preformed” should be “performed”. >>>> >>>> I approve publication once above not is addressed. >>>> >>>> Best regards >>>> Jeremy >>>> >>>> On 21/02/2025, 01:10, "Karen Moore" <kmo...@staff.rfc-editor.org> wrote: >>>> >>>> WARNING: This email originated from outside of Qualcomm. Please be wary of >>>> any links or attachments, and do not enable macros. >>>> >>>> Dear Carl, >>>> >>>> We have noted your approval on the AUTH48 status page for this document >>>> (https://www.rfc-editor.org/auth48/rfc9711). >>>> >>>> We now await further changes, if needed, and approvals from Giri, Jeremy, >>>> and the AD. Once approvals are received, we will ask IANA to update their >>>> registries accordingly. >>>> >>>> Best regards, >>>> RFC Editor/kc >>>> >>>> >>>>> On Feb 20, 2025, at 2:30 PM, Carl Wallace <c...@redhoundsoftware.com> >>>>> wrote: >>>>> >>>>> I reviewed the diff. Looks good to me. Thanks. >>>>> >>>>> On 2/20/25, 3:16 PM, "lgl securitytheory.com" <l...@securitytheory.com >>>>> <mailto:l...@securitytheory.com>> wrote: >>>>> >>>>> >>>>> Yes, looks great. Thank you! >>>>> >>>>> >>>>> Yes, I approve for publication. >>>>> >>>>> >>>>> LL >>>>> >>>>> >>>>> >>>>> >>>>>> On Feb 20, 2025, at 12:03 PM, Karen Moore <kmo...@staff.rfc-editor.org >>>>>> <mailto:kmo...@staff.rfc-editor.org>> wrote: >>>>>> >>>>>> Hi Laurence, >>>>>> >>>>>> Thank you for your comment. We have made the suggested updates; please >>>>>> see the changes in our updated files. We have also noted your approval >>>>>> of the document (we will assume your assent to any further changes made >>>>>> by your coauthors or the AD unless we hear objection at that time). >>>>>> >>>>>> We now await further changes, if needed, and approvals from your >>>>>> coauthors and the AD. Once approvals are received, we will ask IANA to >>>>>> update their registries accordingly. >>>>>> >>>>>> —Files (please refresh)— >>>>>> >>>>>> The updated XML file is here: >>>>>> https://www.rfc-editor.org/authors/rfc9711.xml >>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>> >>>>>> The updated output files are here: >>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>> https://www.rfc-editor.org/authors/rfc9711.pdf >>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>> https://www.rfc-editor.org/authors/rfc9711.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>> >>>>>> These diff files show all changes made during AUTH48: >>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> (side by >>>>>> side) >>>>>> >>>>>> These diff files show only the change made during the last editing round >>>>>> (5): >>>>>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> (side by >>>>>> side) >>>>>> >>>>>> These diff files show all changes made to date: >>>>>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html >>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> (side by side) >>>>>> >>>>>> For the AUTH48 status of this document, please see: >>>>>> https://www.rfc-editor.org/auth48/rfc9711 >>>>>> <https://www.rfc-editor.org/auth48/rfc9711> >>>>>> >>>>>> Best regards, >>>>>> RFC Editor/kc >>>>>> >>>>>>> On Feb 20, 2025, at 10:09 AM, lgl securitytheory.com >>>>>>> <l...@securitytheory.com <mailto:l...@securitytheory.com>> wrote: >>>>>>> >>>>>>> Hi Karen, >>>>>>> >>>>>>> I did a full review again. I’m ready to sign off, except we (well I) >>>>>>> didn’t get the last little change right. >>>>>>> >>>>>>> The terminology section is actually divided by reference source(s) by >>>>>>> one-sentence paragraphs that reference the source documents. So there >>>>>>> was already a reference to RFC 9334 and the one we just added should be >>>>>>> removed. Also the sentence about EAT not capitalizing should move to >>>>>>> the one-sentence paragraph (which will now be two sentences) that >>>>>>> references 9334 because it only applies to RATS terminology. >>>>>>> >>>>>>> Sorry I didn’t get that right. I really do think that is the last >>>>>>> change. >>>>>>> >>>>>>> Thanks for all the work! Really do appreciate it making the document >>>>>>> better! >>>>>>> >>>>>>> LL >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On Feb 19, 2025, at 1:52 PM, Karen Moore <kmo...@staff.rfc-editor.org >>>>>>>> <mailto:kmo...@staff.rfc-editor.org>> wrote: >>>>>>>> >>>>>>>> Hi Laurence, >>>>>>>> >>>>>>>> We have inserted the suggested sentence and updated the definitions of >>>>>>>> "base64url encoding”, “Relying Party”, and “Reference Values” to match >>>>>>>> the text in the RFCs referenced. If other terms need to be updated, >>>>>>>> please provide the Old/New text. >>>>>>>> >>>>>>>> —Files (please refresh)— >>>>>>>> >>>>>>>> The updated XML file is here: >>>>>>>> https://www.rfc-editor.org/authors/rfc9711.xml >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>>>> >>>>>>>> The updated output files are here: >>>>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>> https://www.rfc-editor.org/authors/rfc9711.pdf >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>>>> https://www.rfc-editor.org/authors/rfc9711.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>>>> >>>>>>>> These diff files show all changes made during AUTH48: >>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> (side >>>>>>>> by side) >>>>>>>> >>>>>>>> These diff files show only the change made during the last editing >>>>>>>> round (5): >>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> (side by >>>>>>>> side) >>>>>>>> >>>>>>>> These diff files show all changes made to date: >>>>>>>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>>>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html >>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> (side by >>>>>>>> side) >>>>>>>> >>>>>>>> For the AUTH48 status of this document, please see: >>>>>>>> https://www.rfc-editor.org/auth48/rfc9711 >>>>>>>> <https://www.rfc-editor.org/auth48/rfc9711> >>>>>>>> >>>>>>>> We will await approvals from each author and the AD prior to moving >>>>>>>> forward with publication. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> RFC Editor/kc >>>>>>>> >>>>>>>> >>>>>>>>> On Feb 19, 2025, at 11:14 AM, lgl securitytheory.com >>>>>>>>> <l...@securitytheory.com <mailto:l...@securitytheory.com>> wrote: >>>>>>>>> >>>>>>>>> Hi Karen, >>>>>>>>> >>>>>>>>> We’d like to use the exactly the same exact as the terminology >>>>>>>>> definition sources, but not capitalize the RATS terms like >>>>>>>>> “evidence." That gives consistency in the EAT document which we think >>>>>>>>> is better for the reader. >>>>>>>>> >>>>>>>>> We’d also like to add this sentence to the end of the paragraph that >>>>>>>>> starts with "This document reuses terminology from…" >>>>>>>>> >>>>>>>>> Note that EAT does not capitalize RATS terms like “evidence” for >>>>>>>>> easier readability. >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> LL >>>>>>>>> >>>>>>>>> >>>>>>>>>> On Feb 18, 2025, at 4:36 PM, Karen Moore >>>>>>>>>> <kmo...@staff.rfc-editor.org <mailto:kmo...@staff.rfc-editor.org>> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Dear Giri and *Roman (AD), >>>>>>>>>> >>>>>>>>>> *Roman, we are awaiting your approval of the following >>>>>>>>>> sections/appendices (note that we have added "Appendix C" to the >>>>>>>>>> list): Sections 3, 4.1, 4.2.3.2, 4.2.3.3, 4.2.10, 4.2.18, 5, 7.3, >>>>>>>>>> 7.3.1, 7.3.2, and 9.1 and Appendices A.1.7, A.2.2, A.2.3, B.2, C, >>>>>>>>>> and D. Please see the changes in >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html>> and >>>>>>>>>> some author explanations in the attached Word doc. >>>>>>>>>> >>>>>>>>>> Giri, thank you for providing the document that outlines round 5 of >>>>>>>>>> the suggested changes. Our files reflect these updates, except for >>>>>>>>>> item #3 - please see our questions below. >>>>>>>>>> >>>>>>>>>> 1) Regarding the request below, we note that the text in >>>>>>>>>> draft-ietf-rats-eat-31 does not exactly match the terminology >>>>>>>>>> definitions in the referenced documents. We believe the terms listed >>>>>>>>>> below are in question - please let us know if any other terms need >>>>>>>>>> to be reviewed. >>>>>>>>>> >>>>>>>>>> Note: For consistency, the “Perhaps” text reflects the choices the >>>>>>>>>> authors made regarding the capitalization of terms throughout the >>>>>>>>>> document (for example, lowercase “attester”, “evidence”, and >>>>>>>>>> “reference value”). If further changes are desired, please let us >>>>>>>>>> know. >>>>>>>>>> >>>>>>>>>>> 3) Please revert the terminology definitions in Section 2 back to >>>>>>>>>>> their original wording in Draft -31. The terminology definitions in >>>>>>>>>>> section 2 were copied exactly from the named RFC sources, and it is >>>>>>>>>>> important that independent readers not come away with the >>>>>>>>>>> impression that the EAT editors or the RATS WG changed definitions >>>>>>>>>>> that have already been provided in prior RFC’s. >>>>>>>>>> >>>>>>>>>> a) base64url encoding >>>>>>>>>> >>>>>>>>>> From RFC 7515: >>>>>>>>>> Base64url Encoding >>>>>>>>>> Base64 encoding using the URL- and filename-safe character set >>>>>>>>>> defined in Section 5 of RFC 4648 [RFC4648], with all trailing '=' >>>>>>>>>> characters omitted (as permitted by Section 3.2) and without the >>>>>>>>>> inclusion of any line breaks, whitespace, or other additional >>>>>>>>>> characters. >>>>>>>>>> >>>>>>>>>> From draft-ietf-rats-eat-31: >>>>>>>>>> base64url-encoded: base64url-encoded is as described in [RFC7515], >>>>>>>>>> i.e., using URL- and filename-safe character set [RFC4648] with >>>>>>>>>> all trailing '=' characters omitted and without the inclusion of >>>>>>>>>> any line breaks, whitespace, or other additional characters. >>>>>>>>>> >>>>>>>>>> Perhaps: >>>>>>>>>> base64url encoding: As defined in [RFC7515], base64 encoding uses the >>>>>>>>>> URL- and filename-safe character set defined in Section 5 of >>>>>>>>>> [RFC4648], >>>>>>>>>> with all trailing '=' characters omitted and without the inclusion >>>>>>>>>> of any line >>>>>>>>>> breaks, whitespace, or other additional characters. >>>>>>>>>> >>>>>>>>>> ... >>>>>>>>>> b) Relying Party >>>>>>>>>> >>>>>>>>>> From RFC 9334: >>>>>>>>>> Relying Party: A role performed by an entity that depends on the >>>>>>>>>> validity of information about an Attester for purposes of reliably >>>>>>>>>> applying application-specific actions. Compare: relying party >>>>>>>>>> [RFC4949]. >>>>>>>>>> >>>>>>>>>> From draft-ietf-rats-eat-31: >>>>>>>>>> Relying Party: A role that depends on the validity of information >>>>>>>>>> about an attester, for purposes of reliably applying application >>>>>>>>>> specific actions. Compare /relying party/ in [RFC4949]. >>>>>>>>>> >>>>>>>>>> Perhaps: >>>>>>>>>> Relying Party: A role performed by an entity that depends on the >>>>>>>>>> validity of information about an attester for purposes of reliably >>>>>>>>>> applying application-specific actions. Compare: relying party >>>>>>>>>> [RFC4949]. >>>>>>>>>> >>>>>>>>>> ... >>>>>>>>>> c) Reference Values >>>>>>>>>> >>>>>>>>>> From RFC 9334: >>>>>>>>>> Reference Values: A set of values against which values of Claims can >>>>>>>>>> be compared as part of applying an Appraisal Policy for Evidence. >>>>>>>>>> Reference Values are sometimes referred to in other documents as >>>>>>>>>> "known-good values", "golden measurements", or "nominal values”. >>>>>>>>>> These terms typically assume comparison for equality, whereas here, >>>>>>>>>> Reference Values might be more general and be used in any sort of >>>>>>>>>> comparison. >>>>>>>>>> >>>>>>>>>> From draft-ietf-rats-eat-31: >>>>>>>>>> Reference Values: A set of values against which values of claims can >>>>>>>>>> be compared as part of applying an appraisal policy for evidence. >>>>>>>>>> Reference Values are sometimes referred to in other documents as >>>>>>>>>> known-good values, golden measurements, or nominal values, >>>>>>>>>> although those terms typically assume comparison for equality, >>>>>>>>>> whereas here reference values might be more general and be >>>>>>>>>> used in any sort of comparison. >>>>>>>>>> >>>>>>>>>> Perhaps: >>>>>>>>>> Reference Values: A set of values against which values of claims can >>>>>>>>>> be compared as part of applying an appraisal policy for evidence. >>>>>>>>>> Reference values are sometimes referred to in other documents as >>>>>>>>>> "known-good values", "golden measurements", or "nominal values”. >>>>>>>>>> These terms typically assume comparison for equality, whereas here, >>>>>>>>>> reference values might be more general and be used in any sort of >>>>>>>>>> comparison. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> —Files (please refresh)— >>>>>>>>>> >>>>>>>>>> The updated XML file is here: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.xml >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>>>>>> >>>>>>>>>> The updated output files are here: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.pdf >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>>>>>> >>>>>>>>>> These diff files show all changes made during AUTH48: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> >>>>>>>>>> (side by side) >>>>>>>>>> >>>>>>>>>> These diff files show only the change made during the last editing >>>>>>>>>> round (5): >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> (side >>>>>>>>>> by side) >>>>>>>>>> >>>>>>>>>> These diff files show all changes made to date: >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html >>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> (side by >>>>>>>>>> side) >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> RFC Editor/kc >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On Feb 14, 2025, at 9:09 PM, Giridhar Mandyam >>>>>>>>>>> <giridhar.mand...@gmail.com <mailto:giridhar.mand...@gmail.com>> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Dear RFC Ed, >>>>>>>>>>> >>>>>>>>>>> Please see enclosed. The editors have found a few more editorial >>>>>>>>>>> items that need to be addressed. >>>>>>>>>>> >>>>>>>>>>> @Roman Danyliw , if you would like to meet with the editors to >>>>>>>>>>> discuss these items before publication then please let us know and >>>>>>>>>>> we can set up a call. >>>>>>>>>>> >>>>>>>>>>> -Giri >>>>>>>>>>> >>>>>>>>>>> On Fri, Feb 14, 2025 at 11:10 AM Karen Moore >>>>>>>>>>> <kmo...@staff.rfc-editor.org <mailto:kmo...@staff.rfc-editor.org>> >>>>>>>>>>> wrote: >>>>>>>>>>> Dear Roman (AD), >>>>>>>>>>> >>>>>>>>>>> We do not believe we have heard from you regarding the approval of >>>>>>>>>>> the changes to several sections in the document. Please review the >>>>>>>>>>> updates that were made to Sections 3, 4.1, 4.2.3.2, 4.2.3.3, >>>>>>>>>>> 4.2.10, 4.2.18, 5, 7.3, 7.3.1, 7.3.2, and 9.1 and Appendices A.1.7, >>>>>>>>>>> A.2.2, A.2.3, B.2, and D during AUTH48, and let us know if you >>>>>>>>>>> approve. Please review the changes in this file: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html>. Note >>>>>>>>>>> that the authors provided comments for some of the changes in the >>>>>>>>>>> attached word document, if needed. >>>>>>>>>>> >>>>>>>>>>> —Files (please refresh)— >>>>>>>>>>> >>>>>>>>>>> The updated XML file is here: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.xml >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>>>>>>> >>>>>>>>>>> The updated output files are here: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.pdf >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>>>>>>> >>>>>>>>>>> These diff files show all changes made during AUTH48: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> >>>>>>>>>>> (side by side) >>>>>>>>>>> >>>>>>>>>>> These diff files show only the change made during the last editing >>>>>>>>>>> round: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> (side >>>>>>>>>>> by side) >>>>>>>>>>> >>>>>>>>>>> These diff files show all changes made to date: >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html >>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> (side by >>>>>>>>>>> side) >>>>>>>>>>> >>>>>>>>>>> Best regards, >>>>>>>>>>> RFC Editor/kc >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> On Feb 7, 2025, at 2:47 PM, Karen Moore >>>>>>>>>>>> <kmo...@staff.rfc-editor.org <mailto:kmo...@staff.rfc-editor.org>> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hi Carl, >>>>>>>>>>>> >>>>>>>>>>>> Thank you for the catch. We have updated "$EAT-CBOR-Tagged-Token” >>>>>>>>>>>> to "$CBOR-Tagged-Token” in Section 3. >>>>>>>>>>>> >>>>>>>>>>>> —Files (please refresh)— >>>>>>>>>>>> >>>>>>>>>>>> The updated XML file is here: >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.xml >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>>>>>>>> >>>>>>>>>>>> The updated output files are here: >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.pdf >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>>>>>>>> >>>>>>>>>>>> These diff files show all changes made during AUTH48: >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> >>>>>>>>>>>> (side by side) >>>>>>>>>>>> >>>>>>>>>>>> These diff files show only the change made during the last editing >>>>>>>>>>>> round: >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> >>>>>>>>>>>> (side by side) >>>>>>>>>>>> >>>>>>>>>>>> These diff files show all changes made to date: >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html >>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> (side by >>>>>>>>>>>> side) >>>>>>>>>>>> >>>>>>>>>>>> Best regards, >>>>>>>>>>>> RFC Editor/kc >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> On Feb 7, 2025, at 2:33 PM, Carl Wallace >>>>>>>>>>>>> <c...@redhoundsoftware.com <mailto:c...@redhoundsoftware.com>> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> There is a stray $EAT-CBOR-Tagged-Token in Section 3. It should >>>>>>>>>>>>> be $CBOR-Tagged-Token (as appears in section 7.3.2). Sorry for >>>>>>>>>>>>> not catching this sooner. >>>>>>>>>>>>> >>>>>>>>>>>>> On 2/7/25, 5:22 PM, "Karen Moore" <kmo...@staff.rfc-editor.org >>>>>>>>>>>>> <mailto:kmo...@staff.rfc-editor.org> >>>>>>>>>>>>> <mailto:kmo...@staff.rfc-editor.org >>>>>>>>>>>>> <mailto:kmo...@staff.rfc-editor.org>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Dear Giri and *Roman (AD), >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thank you for providing the document that outlines Round 4 of the >>>>>>>>>>>>> suggested changes. We have updated our files accordingly. Please >>>>>>>>>>>>> review, especially the formatting/spacing in Section 4.2.3.3, and >>>>>>>>>>>>> let us know if any further changes are desired or if you approve >>>>>>>>>>>>> the document in its current form (the new formatting/spacing is >>>>>>>>>>>>> best viewed in this file: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt>>). >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> *Roman, please review the updates that were made to Sections 3, >>>>>>>>>>>>> 4.1, 4.2.3.2, 4.2.3.3, 4.2.10, 4.2.18, 5, 7.3, 7.3.1, 7.3.2, and >>>>>>>>>>>>> 9.1 and Appendices A.1.7, A.2.2, A.2.3, B.2, and D during AUTH48, >>>>>>>>>>>>> and let us know if you approve. Please review the changes in this >>>>>>>>>>>>> file: https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html>>. >>>>>>>>>>>>> Note that the authors provided comments for some of the changes >>>>>>>>>>>>> in the attached word document, if needed. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> —Files (please refresh)— >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> The updated XML file is here: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.xml >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.xml>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> The updated output files are here: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.txt >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.txt>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.pdf >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.pdf>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711.html>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> These diff files show all changes made during AUTH48: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48diff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48diff.html>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-auth48rfcdiff.html>> >>>>>>>>>>>>> (side by side) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> These diff files show only the change made during the last >>>>>>>>>>>>> editing round: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastdiff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastdiff.html>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-lastrfcdiff.html>> >>>>>>>>>>>>> (side by side) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> These diff files show all changes made to date: >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-diff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-diff.html>> >>>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html> >>>>>>>>>>>>> <https://www.rfc-editor.org/authors/rfc9711-rfcdiff.html>> >>>>>>>>>>>>> (side by side) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Best regards, >>>>>>>>>>>>> RFC Editor/kc >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> On Feb 7, 2025, at 7:37 AM, Giridhar Mandyam >>>>>>>>>>>>>> <giridhar.mand...@gmail.com <mailto:giridhar.mand...@gmail.com> >>>>>>>>>>>>>> <mailto:giridhar.mand...@gmail.com >>>>>>>>>>>>>> <mailto:giridhar.mand...@gmail.com>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Dear RFC Ed, >>>>>>>>>>>>>> Enclosed are the editors' latest responses. We think we are >>>>>>>>>>>>>> ready to publish after the enclosed changes are made. Thanks for >>>>>>>>>>>>>> all of your patience, and your efforts in getting this document >>>>>>>>>>>>>> together. >>>>>>>>>>>>>> >>>>>>>>>>>>>> -Giri >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Feb 5, 2025 at 2:08 PM Karen Moore >>>>>>>>>>>>>> <kmo...@staff.rfc-editor.org >>>>>>>>>>>>>> <mailto:kmo...@staff.rfc-editor.org> >>>>>>>>>>>>>> <mailto:kmo...@staff.rfc-editor.org >>>>>>>>>>>>>> <mailto:kmo...@staff.rfc-editor.org>>> wrote: >>>>>>>>>>>>>> Dear Giri, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thank you for providing the document that outlines Round 3 of >>>>>>>>>>>>>> the authors’ suggested changes. These updates are now reflected >>>>>>>>>>>>>> in our files. Please review carefully (especially changes to the >>>>>>>>>>>>>> JSON examples), and let us know if any further changes are >>>>>>>>>>>>>> needed. We have some additional questions. >>>>>>>>>>>>>> >>>>>>>>>>>>>> 1) We have not heard back from you yet regarding the following. >>>>>>>>>>>>>> Please confirm if we may remove the quote marks from the terms >>>>>>>>>>>>>> listed in the JWT Claim Name fields in Section 10.2 per IANA’s >>>>>>>>>>>>>> preference. If you have any questions for IANA about this >>>>>>>>>>>>>> change, please let us know (as we have now removed IANA from >>>>>>>>>>>>>> this thread). >>>>>>>>>>>>>> >>>>>>>>>>>>>>> 1) Based on discussion with IANA, they prefer that the document >>>>>>>>>>>>>>> match the "CBOR Web Token (CWT) Claims" registry (i.e., no >>>>>>>>>>>>>>> quotation marks in the JWT Claim Name fields in Section 10.2; >>>>>>>>>>>>>>> see the registry at <https://www.iana.org/assignments/cwt> >>>>>>>>>>>>>>> <https://www.iana.org/assignments/cwt>> >>>>>>>>>>>>>>> <https://www.iana.org/assignments/cwt>> >>>>>>>>>>>>>>> <https://www.iana.org/assignments/cwt&gt;>>). We are >>>>>>>>>>>>>>> CCing IANA on this thread in case you have questions. If none, >>>>>>>>>>>>>>> we will update Section 10.2 per their preference. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> b) Section 10.2. May we remove all quote marks from the JWT >>>>>>>>>>>>>>>> Claim Name >>>>>>>>>>>>>>>> fields? We note that quote marks are not used in the "CBOR Web >>>>>>>>>>>>>>>> Token >>>>>>>>>>>>>>>> (CWT) Claims" registry <https://www.iana.org/assignments/cwt> >>>>>>>>>>>>>>>> <https://www.iana.org/assignments/cwt>> >>>>>>>>>>>>>>>> <https://www.iana.org/assignments/cwt>> >>>>>>>>>>>>>>>> <https://www.iana.org/assignments/cwt&gt;>>. >>>>>>>>>>>>>>>> For example: >>>>>>>>>>>>>>>> OLD: JWT Claim Name: "eat_nonce" >>>>>>>>>>>>>>>> NEW: JWT Claim Name: eat_nonce >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> EDITORS’ RESPONSE: Original text should not be changed. Please >>>>>>>>>>>>>>>> revert. >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2) Regarding the pointer to the EAT WG GitHub repository, we >>>>>>>>>>>>>> changed the link to a citation per guidance in our online style >>>>>>>>>>>>>> guide (see "Referencing Web-Based Public Code Repositories >>>>>>>>>>>>>> (e.g., GitHub)” at >>>>>>>>>>>>>> <https://www.rfc-editor.org/styleguide/part2/> >>>>>>>>>>>>>> <https://www.rfc-editor.org/styleguide/part2/>> >>>>>>>>>>>>>> <https://www.rfc-editor.org/styleguide/part2/>> >>>>>>>>>>>>>> <https://www.rfc-editor.org/styleguide/part2/&gt;>>). >>>>>>>>>>>>>> Please let us know if any additional updates are needed. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Original: >>>>>>>>>>>>>> See https://github.com/ietf-rats-wg/eat >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat> >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat> >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat>> for additional >>>>>>>>>>>>>> information and stub files, when >>>>>>>>>>>>>> using the CDDL presented in this section to validate EAT protocol >>>>>>>>>>>>>> messages. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Current: >>>>>>>>>>>>>> See [EAT-GitHub] for additional information and stub files, when >>>>>>>>>>>>>> using the CDDL presented in this section to validate EAT protocol >>>>>>>>>>>>>> messages. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Informative References Entry: >>>>>>>>>>>>>> [EAT-GitHub] >>>>>>>>>>>>>> "Entity Attestation Token IETF Draft Standard", >>>>>>>>>>>>>> commit 62c726b, January 2024, >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat> >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat>> >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat>> >>>>>>>>>>>>>> <https://github.com/ietf-rats-wg/eat&gt;>>. >>>>>>>>>>>>>> >>>>>>>>>>>>>> —Files (please refresh)— >>>>>>>>>>>>>> >>>>>>>>>>>>>> The updated XML file is here: >>>>>>>>>> >> > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
