[manet] Alexey Melnikov's Discuss on draft-ietf-manet-dlep-27: (with DISCUSS and COMMENT)

"Alexey Melnikov" <aamelnikov@fastmail.fm> Sun, 12 February 2017 19:22 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: manet@ietf.org
Delivered-To: manet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 01A31129AAD; Sun, 12 Feb 2017 11:22:59 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Alexey Melnikov" <aamelnikov@fastmail.fm>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.43.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148692737899.6211.5674368789340482960.idtracker@ietfa.amsl.com>
Date: Sun, 12 Feb 2017 11:22:58 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/manet/zBjqJ3bsEDhYiQUWdFX_4bDfuEk>
Cc: manet@ietf.org, draft-ietf-manet-dlep@ietf.org, manet-chairs@ietf.org
Subject: [manet] Alexey Melnikov's Discuss on draft-ietf-manet-dlep-27: (with DISCUSS and COMMENT)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2017 19:22:59 -0000

Alexey Melnikov has entered the following ballot position for
draft-ietf-manet-dlep-27: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-manet-dlep/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

This is generally a well written document and I enjoyed reading it.

I have one remaining question which I would like to quickly discuss
before recommending approval of this document:

Section 14 (Security Considerations) now says:

   When TLS is in use, each peer SHOULD check the validity of
   credentials presented by the other peer during TLS session
   establishment.  Mobile implementations MAY need to consider use of
   pre-shared keys for credentials; implementations following the
   "networked deployment" model described in Implementation Scenarios
   SHOULD refer to [RFC7525] for additional details.

RFC 7525 that you are referencing contains recommendations on version of
TLS and ciphersuites to use.
Section 6.1 of RFC 7525 talks about "Host Name Validation". I don't think
this section applies to DLEP. So can you elaborate on how server identity
is going to be verified using pre-shared keys and which parts of RFC 7525
do you think apply to DLEP?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for addressing my earlier DISCUSS points.

13.  DLEP Data Items

   Following is the list of core Data Items that MUST be recognized by
a
   DLEP compliant implementation.  As mentioned before, not all Data
   Items need be used during a session, but an implementation MUST
   correctly process these Data Items when correctly associated with a
   Signal or Message.

Is "skip over or ignore" a valid way to "correctly process"? I think so,
but
this might not be obvious from the text as written.