[Ace] Opsdir last call review of draft-ietf-ace-dtls-authorize-12
Joel Jaeggli via Datatracker <noreply@ietf.org> Tue, 28 July 2020 18:00 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ace@ietf.org
Delivered-To: ace@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE193A0AA0; Tue, 28 Jul 2020 11:00:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joel Jaeggli via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: last-call@ietf.org, draft-ietf-ace-dtls-authorize.all@ietf.org, ace@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159595920908.22877.13039350127212126333@ietfa.amsl.com>
Reply-To: Joel Jaeggli <joelja@bogus.com>
Date: Tue, 28 Jul 2020 11:00:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/XLo1gs3RfLZvapDRlJc-R-R-794>
Subject: [Ace] Opsdir last call review of draft-ietf-ace-dtls-authorize-12
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 18:00:09 -0000
Reviewer: Joel Jaeggli Review result: Ready Greetings, I have reviewed draft-ietf-ace-dtls-authorize for operational considerations related to constrained authentication and authorization. While fall back to proxies becomes a bottleneck for passing security information to devices. The apprach described here appears to be comprehensive and probably the best that is achievable under the circumstances. the recognition of the limitations of some of the weaker cipher suites employed seem both well understood and adequately mitigated when used, they are still weaker then some of the alternatives that are enumerated where possible but seem adequate.
- [Ace] Opsdir last call review of draft-ietf-ace-d… Joel Jaeggli via Datatracker