IETF Logo Mail Archive

Re: [Gen-art] [Last-Call] Genart last call review of draft-ietf-pce-pceps-tls13-02

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 11 December 2023 10:53 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5815CC14F5E2; Mon, 11 Dec 2023 02:53:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cD4-656f92po; Mon, 11 Dec 2023 02:53:47 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2078.outbound.protection.outlook.com [40.107.7.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 393C9C14F5E0; Mon, 11 Dec 2023 02:53:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JoW0a1lG2N2xyp9WNvQ1JoARabfFTqSrO/fKI5jWe1kCp43n3NZaZex0kpc708SwgwAjCbuhq5RhUK6qbPbM78iTBdtR9CtJGBkdXPQKwlLzTpivRVUPfOTxZCPmwjKDnjI/7oSe06Z/WTmqCYFDzeL+3ItfGhRyhqNak7DmDgfZOfaQHVGrgXtf7SDd0ibZEs2NAPK9/kmhykhgSzM5NYaZJiW89vsCHVtcvk6PR8Bx8F/auhrrIOTalSzvYVUGEuCPkxYzQhVudEwwdd3EO/uju38NKbMtbqcX2Mv138cfADQeFMrNTu30XrN/ufRHH00p6iV3/1fYdaC2HaFIig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SUsi/XkKpuYebqYx9HXPD4O5DVdz/c9SVoeaZPnZxvg=; b=Le4du2/7l2Vstw7rA51sYaWLljnBoIiFC6k3pIGTCK1woJOoa8iiT6zngunV2T+jK0eN7Io/0K4gYGkKihpgYZQ2VB8pRzQo2m8/LVJAa6lJZFkUI6xLjp7dFcoAvx7sapkT86aTlB6viAhRpGfj1oDghQPilhCjUpa96by4uhF4NZ6j7mSOCDN5QbKWvEMOBADXaYOoz5F1gtCrLrV/3oKGOgvfix8+ta+xXpFm6S2Tb+2aWX9XnzsoX50A/27WSqkZqzY1icfcPA5ZvLXYVoDd0k1Hjh/xmAV6HXq/wm6D/bEjZKxwYmyP+gkN4agX4kzWPvFjBNATOb1NytFFZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SUsi/XkKpuYebqYx9HXPD4O5DVdz/c9SVoeaZPnZxvg=; b=SRJwY6nSTWPuKq1s04HT+lq2bHYZw8lCTN7vQ9RrspGAItcnnE+gl8IqFMixmbgMNgjQ45IbeLlXxKoA7BFLkGB664OZIxBdVNK/Dg2ZlsdGF3GdDWwf51ooCwDTwZsTLaxrkZsLZb54RTvqlJpWcSqYRiksN9m4WzFCb09nevYYigAeAJL1RLQq1pBlNsTXGGEMG9Yb5bM0/LD1AShvlD7qR+amDHEUfL485XyVIr/TstEB0zvGPOJzLuF7+B26y4LqMJEUjThUgtjPdZ54lb0A12oXTOjBtlWxpgnL8WtG0XZfDU2eCA1mktDupPYPXbHd8CfZ8+jNIlMoZ8kcAA==
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com (2603:10a6:7:9f::27) by AM7PR07MB7010.eurprd07.prod.outlook.com (2603:10a6:20b:1bf::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.32; Mon, 11 Dec 2023 10:53:40 +0000
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::3d66:e435:8600:e27f]) by HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::3d66:e435:8600:e27f%4]) with mapi id 15.20.7068.031; Mon, 11 Dec 2023 10:53:40 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Russ Housley <housley@vigilsec.com>
CC: IETF Gen-ART <gen-art@ietf.org>, "draft-ietf-pce-pceps-tls13.all@ietf.org" <draft-ietf-pce-pceps-tls13.all@ietf.org>, Last Call <last-call@ietf.org>, "pce@ietf.org" <pce@ietf.org>
Thread-Topic: [Last-Call] Genart last call review of draft-ietf-pce-pceps-tls13-02
Thread-Index: AQHaKet3hnuvU8+51EunOqBXUOvjYLCj6uvA
Date: Mon, 11 Dec 2023 10:53:40 +0000
Message-ID: <HE1PR07MB4441EEDA5501B8B5C1500893938FA@HE1PR07MB4441.eurprd07.prod.outlook.com>
References: <170203631643.25271.3343940506201552538@ietfa.amsl.com> <0CCFDFF7-BA6A-4DE3-939F-CD82F2FDD9E0@vigilsec.com>
In-Reply-To: <0CCFDFF7-BA6A-4DE3-939F-CD82F2FDD9E0@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR07MB4441:EE_|AM7PR07MB7010:EE_
x-ms-office365-filtering-correlation-id: 17ecd31e-2f89-44a4-2372-08dbfa376f71
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HPtaVk9iUEXeCeSVZFds2PXl7ExuPj5/Z9cYMLEIh3V+0X0I5WQRYZnJnoWVAo3Fbu+UIda4zEFXwlTpqbA8kPy3wUXdxgfDzJAJXsk/BDJGSunEyRa1NIeMlI+Q4Tfus6Q5Z3PZKnvQ01KKwx7cvUpxq/U55X74iCNo8PguIPaM9PN7R7yFBqKb5+/xRrujnPddVc/DJLciTevDZo+bERX44GYwqzpXBlJQyRBQFvS6PiRq4QFYbJgONH0sCEWeh8LmgAbWHx7F8NqIq8aoUvkPFAYpvJyYV07Zo+f37lIMgJ8x8jU4I6bmHW0hHMdOVt4U6HyaCIpnxQNcXedRteksd1/iDSZqGONTr2K2WgBTkUAkhElMbT50T6US3uWktdcPwgkqGs3ENusxO3JVTRvigG390XfxyQAU6/9Tto/xGG5GB+RgBEJpwftvTAYSsq6DE23WMU9OeAE1pCwqQuWcQSK7nk7YY9/gaMU6c3Xxawvz/b1wrf+FhIKSlIRFJRdLct4OYgSjgN7kRPsIX/Bl1tK6EcBwj8ms1fGHZVX3Q88QYx76tXVKaJ7273flLMNoRGYlhhZod0LtNkoY2ih4EGMJdhCMAi5hNGpS8P9Rc19FnwmixzWKjhhVmpHTF9rJWLlkBg0IuL4Brh2jrpYdsEkYgSn2wTjssAoq0MY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4441.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(346002)(136003)(396003)(366004)(376002)(230922051799003)(1800799012)(451199024)(64100799003)(186009)(52536014)(9686003)(6506007)(53546011)(5660300002)(26005)(44832011)(33656002)(99936003)(55016003)(38070700009)(4001150100001)(64756008)(66946007)(76116006)(6916009)(54906003)(66446008)(66476007)(66556008)(966005)(66574015)(2906002)(83380400001)(82960400001)(41300700001)(478600001)(7696005)(86362001)(8676002)(8936002)(4326008)(122000001)(316002)(38100700002)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FpT4aPaRAp6Ok9WpxswDwiv/Q0J5ZYXbrKlOvkwlp9tTiE0HnA4xbbfv/KkKGgpCv0l/Do/HgNoJeyRKHHQpZnPsDGqD1ayIJulIqzbWJvgsabzYv7CiKp0vKjOgf3UVKTq31p2R9Da1/f5vTruznlqpXtEq6XzEvz/Psa9u6eSBEwzarFn0KSxVblOfRiD7lBmbqlK3jzJd6/M+iGdQMebQz8XPpHJwzOOW+b6O8lAx4GT4bwOyLmmslA+mlI7S1HYvupmCN7qUfAl+R5D9/5andeP1qg+mhTFdhlJvfTEU1SfZfrw9q5R875BaMSFsb9/a1ARq5zhDeBpf8YTnDjAW95Q0pLVfrqmld+WU4/EIf3XY+PjdMVzU8xA5l2N2oxEUdqIjBWXbAaSHK2EK+j0cYV5GTdyhdiHRhbk2qxaxtN3TxAfSh/ugsueIquTCCJ0spdaZhhcagyziM8LP+X32BxEB9b/u9DyFXDlNWdVJXOGT1ds8Y5pg8OiZf5nuu/I6rnquIlLoSNH9cqGQ4m6BIwF3FwVvhqZj6hUjQyTWXG6USQhTYKu3/NWxZU0N7ejbfZ12b2IPpR8KIwKsSQTB7NMbhOZ0psukp/Z2rPsbHE4RwOkz99DFtqPUESsT+ZostaysOa77BYsALo9icmQYH3d3pvB3p2Iyy3sfWIMbeh1Op+1fLp+Dvt/BzF00gmb+IcWL/jxSAWR6XAySlpAIPXcuOjSVHUO5dcEHqpeeY+zmSgYrwFO6wqf2jx1rG393oeQvtqFUTB18ZOn2d++Tk7nCaOTWHsd09+eQ5wP7TjmTcdfxYXz2kfJHZukeckgnhmSOza38WRdrxEMAWe9SiQ8+r1uVAxg+/K1iEzjeBS4P7k0L29H6jv1inLvAuC+P4e5jjQpcqy17fNO1rKldTPjBJ2piM/yMfs7n3C11KVfnuwU1PvpRUT52QiAey9tGu88WrmU1QRXxTd3VnuBjBQ/9MW5Puu6f2yhuj6rfcAmpuDAFZUUcUC8xrHbiEapyThqDKmRq/9r+PjY8xaeo3zwn+5e80JBwXc2FCz8OSOoq3RLmQSMZ/UFCyeNpr4XllCuFTUxmi2XUq7SFl2ViAtg4l/5KwG2BKMj03TLLpUCyWqcJa8JhD8rtLQa0/lkRGfUHKBWyX1v+h4zY+Ql6cyaXcFifzD3//8pNRvYhG8Z/qoFKjKQJV1wHPj6ahBSdObNpFGyHfu4oHGckG3gJkT1p0fs2vYI719cV/l6mEyctd0xm5oZFFXpcj456MdbJ2g+neFB9p0AiXQVulgHGR9Vn9skctIDgSGNortur3T2BE+TKMjcAoFbU8TvYkkeVVZxGkThic2hDPzsYKzBmKXYxgmWCYpqm0nzCYfkuvMJ7GTpgqV2PTUWjcVV8Vk7eGXa+vKgU94ZrApNiib281ZQ3cmkXRih8EqcPuXQsi487ymqOBvRIQ8KXRkU1dR36L/c3OM1bU5+/LtVlm/bp38CACPjl7gOnMRmFZgqWAWZow7FwDRdrVLKkw4Iu5bT5b8UXLaeuQBMNBjlry7YIKoyu2Xom2aozpWFJNUTSIse5sCwrgNisRx4KzPcUxoXQ7uQDIvKCPBGtjjhRHg==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0080_01DA2C31.0F84C4F0"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4441.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 17ecd31e-2f89-44a4-2372-08dbfa376f71
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2023 10:53:40.2465 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2aHrPgIaQa0jXGh+Bcu+LqdhrZiXAXupqFmkkwJDRZnCRIIK84zIP3/xZDrji0pBhJMIST3E8xqLiN4ssekcj0/3/3HH8YeZEJmmaj5aHKY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB7010
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/dsqmW_aAF8xy0Jfe8c26hBQphXI>
Subject: Re: [Gen-art] [Last-Call] Genart last call review of draft-ietf-pce-pceps-tls13-02
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2023 10:53:51 -0000

Hi Russ,

>Section 2.3 of RFC 8446 explains that the security provided to early data is 
>weaker than
>the security provided to other kinds of TLS data.  This is the reason that 
>PCEPS MUST NOT
>make use of early data.  Will a note with a pointer to this text (or a 
>pointer to the same part
>of draft-ietf-tls-rfc8446bis) resolve this minor issue?

The second Note already points to the text in Section 2.3 of 8446. My issue is 
not the fact that early data security is weaker, but why that is an issues for 
PCEPS. Is there some specific property of requirement for PCEPS behind the 
MUST NOT?

Regards,

Christer


> On Dec 8, 2023, at 6:51 AM, Christer Holmberg via Datatracker 
> <noreply@ietf.org> wrote:
>
> Reviewer: Christer Holmberg
> Review result: Almost Ready
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed by
> the IESG for the IETF Chair.  Please treat these comments just like
> any other last call comments.
>
> For more information, please see the FAQ at
>
> <https://wiki.ietf.org/en/group/gen/GenArtFAQ>.
>
> Document: draft-ietf-pce-pceps-tls13-02
> Reviewer: Christer Holmberg
> Review Date: 2023-12-08
> IETF LC End Date: 2023-12-19
> IESG Telechat date: Not scheduled for a telechat
>
> Summary: The document is well written, and easy to understand. I do
> have one Minor issue/question and a few Editorial issues/questions
> that I would like the authors to address.
>
> Major issues: N/A
>
> Minor issues:
>
> Q1:Section 3 adds text saying that PCEPS implementations MUST NOT use
> early data, and there are a couple of notes about what early data is.
> However, I cannot find text which explains the "MUST NOT use". If the
> case where early media is permitted does not apply to PCEPS it would
> be good to add text which explains it. It would also be good to
> explain the reason in the Introduction of this document.
>
> Nits/editorial comments:
>
> Q2:In a few places the text says "TLS protocol", and in other places "TLS".
> Would it be possible to use "TLS" everywhere?
>
> Q3: Section 6 indicates that there are no known implementations when
> version
> -02 of the draft was posted. If that is still the case when the RFC is
> published, could the whole section be removed?
>
> Q4: Related to Q3, if the section remains (e.g., because there are
> known implementations), I suggest to say "time of publishing this
> document" instead of "time of posting of this Internet-Draft".
>
>
> --
> last-call mailing list
> last-call@ietf.org
> https://www.ietf.org/mailman/listinfo/last-call

v2.23.0 | Report a Bug | By Email