Telechat Review of draft-ietf-core-oscore-edhoc-10
review-ietf-core-oscore-edhoc-10-iotdir-telechat-baccelli-2024-03-27-00

Hello,

I've been selected as the IoT Directorate for a review of this draft.

The document is very clearly structured, and very well written.

I have a few minor nits and optional suggestions, listed below.

# Overall:

What *might* add marginal value is a small subsection somewhere upfront,
which summarizes crisply the applicability / limits of the EDHOC+OSCORE request
which are for now scattered in the doc (second paragraph of section 3.
and last paragraph of section 3.2.2., if I did not miss something).

# Section 1:

"Without this optimization, it is not possible, not even in theory, to..."
=> Suggestion: just simplify to "Without this optimization, it is not possible
to..."

# Section 2:

In Fig. 1 the caption ends by the mention "... without which that message needs
no payload." => Suggestion: this mention is difficult to parse at first, and
does not related obviously with the accompanying text. What about just removing
this mention, or alternatively, rephrase?

# Section 6:

"It would be convenient to ..."
"It would be convenient that ..."
=> Suggestion: fells a little convoluted. Is there an opportunity to simplify
the text here, and make it more direct like "In order to enable XYZ, we specify
ABC"?

"While a client may become aware of the application profile through several
means..." => Suggestion: why not give an concrete example here.

# Section 7:

"[...] a minimum of 128-bit security [...] is achieved"
=> Suggestion: A naive question that arises here is (caveat: I am not a
cryptographer, as most readers aren't ;)  does this 128-bit level hold
post-quantum, as far as we can tell. If yes, mention that and maybe point to
https://datatracker.ietf.org/doc/html/rfc9528#name-post-quantum-considerations ?