[art] Artart early review of draft-ietf-mls-protocol-16

Rich Salz via Datatracker <noreply@ietf.org> Wed, 28 September 2022 19:18 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rich Salz via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: draft-ietf-mls-protocol.all@ietf.org, mls@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166439271702.8492.5817498980343338518@ietfa.amsl.com>
Reply-To: Rich Salz <rsalz@akamai.com>
Date: Wed, 28 Sep 2022 12:18:37 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/cPgtxv10gxxU8_MXCai5iGHG8WE>
Subject: [art] Artart early review of draft-ietf-mls-protocol-16

Reviewer: Rich Salz
Review result: Ready with Nits

I reviewed this draft for ART. I did not review the cryptography as I am
unqualified, compared with the draft authors (and other participants). Overall:
I think references should be uppercase, as "[art]" should be "[ART]"

Abstract:
Nicely describes the problem. Is 'forward secrecy and post-compromise security'
redundant? If not, there should be definitions in the draft for both terms and
perhaps a forward link toe the terminology section.

Introduction.
"pairwise broadcast of individual messages" seems to go to far for terseness to
make the sentence grammatical. The section on common strategy should have a
reference or two to implementations. And do you mean "unilaterally broadcast
*A*symmetric keys"  Or is the common technique to allow everyone to impersonate
anyone?

Sec 2, Terminology.
Alphabetical order please.
Maybe mention that MSLPlaintext, MLSCiphertext are message formats described in
section 4.1; I wondered why they didn't appear in the terminology.  And when I
searched forward to find where they are defined, I noticed that elsewhere they
are rendered as `_MLSPlaintext_` for example, and here the underscores aren't
present.  Consistency is a virtue. The last paragraph starts by saying "keys
and secrets are used interchangeably" which is contradicted by the last
sentence.

Sec 2.1.2
I was consistently confused by the term "variable-size vector headers"  Suggest
replacing "Headers" with "Sizes" The parenthetical should not be parenthesized,
the difference is important and not an aside. The example vector should be
"StructWithVector" not plural, right? The examples are useful, but should be
more clear that they are sample encodings of the *length* bytes and mark the
length of the following vector in bytes.

Sec 3.
Short and understandable.

Sec 4.
Not short :) but understandable.

Sec 4.2 is very useful and have a nice use of the railroad diagrams. The
section title should be plural tho. "Executions" Is there any guidance to be
offered on access control policies?  How does A know whether or not Z can
remove B? Are messages NAK'd or ignored or something else? I guess a forward
link to 6.3 makes sense.

Sec 5
The worked examples are very useful.  I like figure 9

Sec 6.2, nit no underscores around first use of `MLSAuthenticatedContent`

I skimmed sec 7 and 8.  The end of 8.4 'where lp and np[i] represent" confused
me as I don't see those notations in the diagram that follows. Doing a
spot-check of these sections it seems that overall the text is clear.

-----

Sorry, I ran out of time do finish the document.  Holy cow, this is a large
document with a great deal of technical detail. I'll be surprised if you got
much early feedback.  More time, next time, please.

Table 5 says "LVL the security level"  Should mention "strengh in bits" maybe.

[art] Artart early review of draft-ietf-mls-proto… Rich Salz via Datatracker
Re: [art] Artart early review of draft-ietf-mls-p… Richard Barnes
Re: [art] Artart early review of draft-ietf-mls-p… Salz, Rich
Re: [art] Artart early review of draft-ietf-mls-p… Francesca Palombini