I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written with the intent of improving the operational aspects of the IETF
drafts. Comments that are not addressed in last call may be included in AD
reviews during the IESG review. Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-ietf-ace-extend-dtls-authorize-06 - Extension of the CoAP-DTLS Profile for ACE to TLS
Reviewer: Yingzhen Qu
Review Date: 2023-02-09

Summary:
This document updates the CoAP-DTLS profile for ACE described in RFC 9202 to apply to TLS as well as DTLS.

The document is ready, but the following nits may be considered by the authors
before publication.

Nits:
General: This document is updating RFC 9202, so there are lots of abbreviations
from RFC 9202. I’m not an expert in this field, I’d suggest expanding some of these
 terms when they are used for the first time in the document, such as CoAP, ACE.

Question (line number from idnits):
114	   The ace_profile parameter indicates the use of the DTLS profile for
115	   ACE as defined in [RFC9202].  Therefore, the Client typically first
116	   tries using DTLS to connect to the Resource Server.  If this fails
117	   the Client MAY try to connect to the Resource Server via TLS.  The
118	   client can try TLS and DTLS in parallel to accelerate the connection
119	   setup.  It is up to the implementation to handle the case where the
120	   RS reponds to both connection requests.

In case both the client and server support both TLS and DTLS, it says here “It is up to the implementation to
handle”. However it also says “the client typically first tries using DTLS”, this seems to give priority to DTLS.
Please clarify.