[ippm] Secdir early review of draft-ietf-ippm-encrypted-pdmv2-01

Adam Montville via Datatracker <noreply@ietf.org> Tue, 28 June 2022 21:07 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Adam Montville via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-ippm-encrypted-pdmv2.all@ietf.org, ippm@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <165645046783.27142.13270958883597547653@ietfa.amsl.com>
Reply-To: Adam Montville <adam.montville.sdo@gmail.com>
Date: Tue, 28 Jun 2022 14:07:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/cMDQL2yunDyhHBuJ76B07Qr-OLA>
Subject: [ippm] Secdir early review of draft-ietf-ippm-encrypted-pdmv2-01

Reviewer: Adam Montville
Review result: Not Ready

I apologize for missing the deadline for this early review.

I'm saying the draft is not yet ready primarily because it's early, and there
is a "TBD" in "5.3 Security Goals for Authentication". That said, I'm not sure
there's much to add here beyond the communicating parties being mutually
authenticated.

The security considerations section addresses authentication by stating, "the
Authentication and Authorization of Clients and Servers is thus delegated to
the respective Organizations." I would add that the selected encryption scheme
(HPKE incorporating KEM, KDF, and AEAD) should cover this requirement.

I'll also mention that authentication is mentioned in 5.3 but seemingly ignored
in the list of things PDMv3 DOH needs to consider (see the middle of page 12).

Otherwise, the security considerations section covers the relevant threat
scenarios reasonably well, and the document seems to provide a methodology to
provide delegated trust, as claimed.

[ippm] Secdir early review of draft-ietf-ippm-enc… Adam Montville via Datatracker
Re: [ippm] Secdir early review of draft-ietf-ippm… nalini.elkins@insidethestack.com