Skip to main content

Shepherd writeup
draft-ietf-core-object-security

HTML format at
http://jaimejim.github.io/temp/draft-ietf-core-object-security.html

## Shepherd Writeup

###Summary

* Document Shepherd: Jaime Jiménez, <jaime.jimenez@ericsson.com>
* Area Director: Alexey Melnikov, <aamelnikov@fastmail.fm>

This document defines Object Security for Constrained RESTful Environments
(OSCORE), a method for application-layer protection of the Constrained
Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE).
OSCORE provides end-to-end protection between endpoints communicating using
CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and
networks supporting a range of proxy operations, including translation between
different transport protocols.

The document is intended as a Standards Track document.

###Review and Consensus

The document has gone through multiple expert reviews and has been discussed on
multiple IETF meetings. Before the last IETF the WGLC was completed.

###Intellectual Property

Each author has stated that they do not have direct, personal knowledge of any
IPR related to this document. I am not aware of any IPR discussion about this
document on the CoRE WG.

###Other Points
There are RFC Editor comments that need to be edited out "note to RFC Editor".
There have been multiple (informal) interops that have been instrumental in
improving the document. There are some available implementations at: - Java
(Californium): https://bitbucket.org/lseitz/oscoap_californium - C (Contiki,
Erbium): https://github.com/Gunzter/contiki-oscoap - Python (aiocoap):
https://github.com/chrysn/aiocoap - C# (CoAP-CSharp):
https://github.com/Com-AugustCellars/CoAP-CSharp - Python (CoAP for openwsn):
https://github.com/openwsn-berkeley/coap - C (openwsn-fw):
https://github.com/openwsn-berkeley/openwsn-fw

###Checklist

* [x] Does the shepherd stand behind the document and think the document is
ready for publication? * [x] Is the correct RFC type indicated in the title
page header? * [x] Is the abstract both brief and sufficient, and does it stand
alone as a brief summary? * [x] Is the intent of the document accurately and
adequately explained in the introduction? * [x] Have all required formal
reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed? *
[x] Has the shepherd performed automated checks -- idnits (see
http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of
BNF rules, XML code and schemas, MIB definitions, and so on -- and determined
that the document passes the tests? * [x] Has each author stated that their
direct, personal knowledge of any IPR related to this document has already been
disclosed, in conformance with BCPs 78 and 79? * [x] Have all references within
this document been identified as either normative or informative, and does the
shepherd agree with how they have been classified? * [x] Are all normative
references made to documents that are ready for advancement and are otherwise
in a clear state? * [x] If publication of this document changes the status of
any existing RFCs, are those RFCs listed on the title page header, and are the
changes listed in the abstract and discussed (explained, not just mentioned) in
the introduction? `Does not apply` * [x] If this is a "bis" document, have all
of the errata been considered? `Does not apply`

**IANA** Considerations:

```
IANA shall add 'kid context' to the COSE Header Parameters Registry.
A new CoAP Option is created.
a new CoAP Signaling Option is created.
a new Header Field is added to the Message Headers registry.
```

* [x] Are the IANA Considerations clear and complete? Remember that IANA have
to understand unambiguously what's being requested, so they can perform the
required actions. * [x] Are all protocol extensions that the document makes
associated with the appropriate reservations in IANA registries? * [x] Are all
IANA registries referred to by their exact names (check them in
http://www.iana.org/protocols/ to be sure)? * [x] Have you checked that any
registrations made by this document correctly follow the policies and
procedures for the appropriate registries? * [x] For registrations that require
expert review (policies of Expert Review or Specification Required), have you
or the working group had any early review done, to make sure the requests are
ready for last call? * [x] For any new registries that this document creates,
has the working group actively chosen the allocation procedures and policies
and discussed the alternatives? * [x] Have reasonable registry names been
chosen (that will not be confused with those of other registries), and have the
initial contents and valid value ranges been clearly specified?
Back