OPSDIR Review

[yogeshbdeshpande]

Hi,

I have been selected as the Operational Directorate (opsdir) reviewer for this
Internet-Draft.

The Operational Directorate reviews all operational and management-related
Internet-Drafts to ensure alignment with operational best practices and that
adequate operational considerations are covered.

A complete set of "Guidelines for Considering Operations and Management in
IETF Specifications" can be found at
https://datatracker.ietf.org/doc/draft-opsarea-rfc5706bis/.

While these comments are primarily for the Operations and Management Area
Directors (Ops ADs), the authors should consider them alongside other feedback
received.

• Document: draft-ietf-rats-corim-09

• Reviewer: Giuseppe Fioccola

• Review Date: 2026-01-09

• Intended Status: Standards Track

---

Summary

• Has Issues: I have some minor concerns about this document that I think
  should be resolved before publication.

General Operational Comments Alignment with RFC 5706bis

This document specifies CoRIM (Concise Reference Integrity Manifest). It is a
data model which is used to realize a CBOR encoding suitable for cryptographic
operations and transmission over computer networks. Section 10 reports the
implementation status.

The Operational Considerations section is missing and should be included,
according to draft-ietf-opsawg-rfc5706bis. In particular, it would be good to
add a description of how CoRIM is going to be deployed and managed, including
potential backward compatibility issues.

Major Issues

From an OPSDIR point of view, the addition of an Operational Considerations
section is recommended.

---

Minor Issues

Since Section 8 describes the appraisal of CoRIM-based inputs, it clarifies
the CoRIM usage and it is quite relevant. I think Section 8 (or part of it) can
be moved earlier in the document (e.g before Section 4) in order to allow the
reader to better understand the mechanism from the beginning.

---

Nits

In Section 2, it is mentioned that the document defines the ACS but I would
add a pointer to Section 9 where ACS and ARS are further detailed.

I would also change the description of Table 1 in Section 2.2 in order to
explain how is it related with the ACS and ARS.

In Section 3, Table 2 introduces the naming conventions but I suggest to
provide context for the reader. Maybe a reference to RFC 8610 is needed to
understand the types.

Considering that the document also specifies CoMID tags in Section 5 and CoTL
tags in Section 6, I suggest to better highlight this point in the
Introduction. Maybe, since the document is quite long, a description of the
structure of document would be needed in the Introduction.

Out of curiosity, did you consider to move the entire Section 9 to a separate
draft?

[steven-bellock]

Out of curiosity, did you consider to move the entire Section 9 to a separate draft?

@giuseppefioccola Yes, but we have had many back-and-forths regarding this issue. Currently the plan of record is that it stay part of the document.

[yogeshbdeshpande]

Yes, given the RATS Chairs and AD feedback, the intent is to retain it as a single document, so we will not be working on this specific comment, but any other comment, that improves overall quality of the single document.

[yogeshbdeshpande]

@giuseppefioccola Most of the main points raised by you are now covered under PR #531

The remainder has been worked upon using other Pull Requests, which will be evident

[yogeshbdeshpande]

@giuseppefioccola we decided not to insert operational consideration as CoRIM is a data model and not a protocol.

We will incorporate other Nits and suggestions from this issue