[dtn] Secdir telechat review of draft-ietf-dtn-tcpclv4-18

Christopher Wood via Datatracker <noreply@ietf.org> Fri, 14 February 2020 02:54 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christopher Wood via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: last-call@ietf.org, draft-ietf-dtn-tcpclv4.all@ietf.org, dtn@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Christopher Wood <caw@heapingbits.net>
Message-ID: <158164888774.20556.7623938203569597994@ietfa.amsl.com>
Date: Thu, 13 Feb 2020 18:54:47 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/5Gvccjyk0uX_1O2KnvdPoh9K8us>
Subject: [dtn] Secdir telechat review of draft-ietf-dtn-tcpclv4-18

Reviewer: Christopher Wood
Review result: Has Nits

Thanks for updating this document! All of my comments from the previous review
have been addressed. It reads much better now. I only have some minor nits to
note below:

- Section 8.5: This section title references ciphersuite downgrade, yet the
text refers to configured use of less-good ciphersuites. Perhaps the title
should be, "Threat: Weak TLS Configurations"? - Section 8.6: I don't quite
follow this section. Certainly, describing how one validates certificates is
out of scope. However, the title suggests this is part of how one "uses"
certificates? I might just scratch this section altogether, and instead
reference RFC5280 where certificate-based authentication is first presented. -
Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits." -
Section 8.10.1: I would reference opportunistic security here, as an
unauthenticated key exchange yields similar properties.

[dtn] Secdir telechat review of draft-ietf-dtn-tc… Christopher Wood via Datatracker