[babel] Secdir early review of draft-ietf-babel-dtls-03

Sean Turner <sean@sn3rd.com> Wed, 30 January 2019 02:03 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: babel@ietf.org
Delivered-To: babel@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51FF71310D4; Tue, 29 Jan 2019 18:03:19 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Sean Turner <sean@sn3rd.com>
To: <secdir@ietf.org>
Cc: draft-ietf-babel-dtls.all@ietf.org, ietf@ietf.org, babel@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.90.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154881379920.7794.15439486195773911279@ietfa.amsl.com>
Date: Tue, 29 Jan 2019 18:03:19 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/1i3PTpCYZ5uXgNxIsWR8Ken3Tnw>
Subject: [babel] Secdir early review of draft-ietf-babel-dtls-03
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2019 02:03:19 -0000

Reviewer: Sean Turner
Review result: Has Nits

Hi,

David wanted to make it really easy on me and get as much early input as he
could get by sending a msg to the TLS list asking for comments [0].  Version
-02 addressed those comments.

I'm no babel expert, but I did take the time to read/skim the base protocol
document to get more familiar with it as well as re-read the babel-tls draft. 
The tl;dr here is that babel is multicast but DTLS is not so changes to babel
are needed.

Here are my comments in no particular order.  No show stoppers here.

0) Since DTLS is in the RFC Editor's Abbreviations List - I think you can get
away with: Babel Routing Protocol over DTLS But, that's up to you.

1) (IEGS food fight alert) I see that the updates header updates 6126bis.  Not
sure how this will fly in the face of the draft IESG Statement [1].

2) (This might just be document organization) The applicability section kind of
jumped out at me because there's also an applicability draft.  Further, it and
6126bis says the HMAC mechanism is preferred.  I'd just drop the entire section
;)

3) s2.1 - maybe add a pointer to the IANA considerations section.

4) s2.1 - Because you're doing client authentication do you need say anything
about the type of cert, whether certificate_authorities,
signature_algorithms_cert, signature_algorithms should be sent (for 1.3
connections)?

5) s4 - add that IANA is requested to point to this specification for the
reference.

6) AppA - I think you might need to tweak the last sentence in light 1.3?

Cheers,
spt

[0] https://mailarchive.ietf.org/arch/msg/tls/tIaK0rgm5zCVuYmLm5qsCIvKXKw
[1] https://mailarchive.ietf.org/arch/msg/ietf/-1u_1-peHKAmUDuLyGAJYu0fPCE