I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-anima-constrained-voucher-21
Reviewer: Russ Housley
Review Date: 2023-08-20
IETF LC End Date: unknown
IESG Telechat date: unknown

Summary: Almost Ready


Note:  I did not review Sections 9, 16, 17, and 18.  I did not
review the Appendices.


Major Concerns:

Section 6.2 says: "... and MUST NOT distinguish between them."  There
are many different contexts that one might "distinguish" that are fine.
I think you mean that the implementation MUST respond to the two in the
same manner.


Minor Concerns:

Section 4 says:
   "...  certain PKIX operations (such as certificate chain
   validation)."

I do not think that "PKIX operation" has any constructive meaning.  This
term is used in at least two paragraphs.  I suggest that discussing
certification path validation and revocation checking would be more
helpful to implementers.

Section 4 also talks about "PKIX-less operations" in several places.
Again, I do not think that this term has any constructive meaning.  I
suggest that you talk about the use of "raw" public keys.

Section 7.3.1 repeats information that is stated other places.  It is
odd to have a subsection that adds nothing new.  Note that this section
is referenced from Section 15.4, but Section 6.1.4 also contains the
information about EKU requirements.


Nits:

General: Pick one spelling: CoAPS or coaps.

Section 1, para 4:
  s/optional functions.  Appendix E illustrates this./
   /optional functions as illustrated in Appendix E./

Section 1, para 5:
  s/new COSE [RFC9052] signature format/COSE [RFC9052] signature/

Section 1, para 6:
   s/is to be protected/is protected/  (two places)

Section 4, para 4:
   s/vouchers, only the a new signature/vouchers; however, a signature/

Section 6.1.4, last para:
   s/have the E/contain the E/  (two places)

Section 6.4.1, para 6:
   s/fail anyway)/fail anyway.)/

Section 8.2, para after the numbered list:
   s/using less crypto operations/using fewer cryptographic operations/
   
Section 8.3, para 3:
   s/ PKIX format certificates/ PKIX certificates/

Section 8.4, para 4: s/arisews/arises/

Section 8.4, para 4: s/idevid-issuer/IDevID-issuer/

Section 15.1, first para s/idevid-issuer/IDevID-issuer/

Please review the output of ID-nits:
https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-anima-constrained-voucher-21.txt