[Gen-art] Genart last call review of draft-ietf-perc-dtls-tunnel-08
Russ Housley via Datatracker <noreply@ietf.org> Fri, 28 May 2021 15:16 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A7C3A2C0C; Fri, 28 May 2021 08:16:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Housley via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: draft-ietf-perc-dtls-tunnel.all@ietf.org, last-call@ietf.org, perc@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.30.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <162221496687.14173.2319711463541729432@ietfa.amsl.com>
Reply-To: Russ Housley <housley@vigilsec.com>
Date: Fri, 28 May 2021 08:16:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/NJ_8wMbY0zgxKf7GShCcQgmsw6g>
Subject: [Gen-art] Genart last call review of draft-ietf-perc-dtls-tunnel-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 15:16:07 -0000
Reviewer: Russ Housley Review result: Almost Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-perc-dtls-tunnel-08 Reviewer: Russ Housley Review Date: 2021-05-28 IETF LC End Date: unknown IESG Telechat date: unknown Summary: Almost Ready Major Concerns: Section 9: The document has two different types of keying material: (1) keys for hop-by-hop encryption and authentication; and (2) keys for end-to-end encryption and authentication. The first two paragraphs of Section 9 talks about these two types of keying material. I think that the discussion should be expanded by a sentence or two to explain the security consequences of disclosure of each of theses keying material types. In addition, a pointer to the very extensive Security Consideration in RFC 8871 would he helpful. Minor Concerns: Section 5.4 says: "Each TLS tunnel established between the media distributor and the key distributor MUST be mutually authenticated." Is this a requirement to use DTLS client authentication? If so, please be explicit. If not, what other mechanisms for authentication are expected? Nits: Section 5.1, paragraph 2: s/[!@RFC4566]/[RFC4566]/ Section 5.5, paragraph 1: s/MUST utilize the same version/MUST contain the same version/ Section 8, last paragraph: s/section 4.8 if [!@RFC8126]/Section 4.8 of [RFC8126]/ Section 9, paragraph 1: s/keying material This does/keying material. This does/
- [Gen-art] Genart last call review of draft-ietf-p… Russ Housley via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Paul E. Jones