Last Call Review of draft-ietf-core-oscore-edhoc-09
review-ietf-core-oscore-edhoc-09-genart-lc-halpern-2023-11-12-00
review-ietf-core-oscore-edhoc-09-genart-lc-halpern-2023-11-12-00
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-core-oscore-edhoc-09 Reviewer: Joel Halpern Review Date: 2023-11-12 IETF LC End Date: 2023-11-13 IESG Telechat date: Not scheduled for a telechat Summary: This document is ready for publication as a proposed standard reviewer note: I did not attempt to verify that the description here of the underlying security protocols is correct. I leave that to the WG and the security reviewers. Major issues: N/A Minor issues: In reading the first part of section 3, I found myself confused in two regards. First, the diagram shows the third message as containing EDHOC message_3 + OSCORE-protected data. But the text refers to it as also containing C_R which is not apparently part of EDHOC message 3. I think this is explained in step 4 of section 3.2, but it is at best jarring at this stage. (Maybe just call it OSCORE option C_R? Or note at this point,as you do later, in the text that the EDHOC C_R and the OSCORE C_R are identical?) Second, the description here is worded in a way that leads the reader to understand that the EDHOC message is part of the OSCOR content. The processing order and protection structure is spelled out in section 3.2. Maybe just add something like "This structure can be processed in order due to the construction rules in section 3.2? Nits/editorial comments:
