The last sentence in 2.2: is this meant to be limited to OSCORE or all uses of
DTLS? I found the inner/outer text confusing, and that a diagram might
actually help.
That sentence is merely illustrating the corner case exception, I'm
confident we can enhance readability here a bit by not referring to
DTLS. (It is general to DTLS in that in DTLS all proxies always see the
CoAP options; it says something about OSCORE is that (DTLS or not),
proxies see the outer options only).
On the general inner/outer diagram ... hm, we could add something
for sure, but I'd be worried that it'd distract by putting focus on a
topic that really belongs to OSCORE. I'll leave an issue open in the
authors' tracker to revisit this when more reviews have come in.
I think the sentence will read easier if it's more like "Outer options are visible to proxies, and to other parties up to the point of encryption on any lower layer". I don't think we'll need an illustration, but if we do, it could be tied to the text (rather than showing generic OSCORE stuff) by having an outer Echo option that "verifies aliveness of the proxy", and an inner option that "provides synchronization of the authenticated peer".
From Eliot's review:
I think the sentence will read easier if it's more like "Outer options are visible to proxies, and to other parties up to the point of encryption on any lower layer". I don't think we'll need an illustration, but if we do, it could be tied to the text (rather than showing generic OSCORE stuff) by having an outer Echo option that "verifies aliveness of the proxy", and an inner option that "provides synchronization of the authenticated peer".