[MLS] Roman Danyliw's No Objection on draft-ietf-mls-architecture-11: (with COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Thu, 31 August 2023 15:35 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: mls@ietf.org
Delivered-To: mls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 761ABC14E515; Thu, 31 Aug 2023 08:35:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-mls-architecture@ietf.org, mls-chairs@ietf.org, mls@ietf.org, me@katriel.co.uk, cremers@cispa.de, tjvdmerwe@gmail.com, jmillican@meta.com, ietf@raphaelrobert.com, sean@sn3rd.com, sean@sn3rd.com
X-Test-IDTracker: no
X-IETF-IDTracker: 11.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <169349611046.30567.9644018440461795438@ietfa.amsl.com>
Date: Thu, 31 Aug 2023 08:35:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/bpz5E2bKekIaf3ITJ8sIjRZlxPI>
X-Mailman-Approved-At: Thu, 07 Sep 2023 08:29:56 -0700
Subject: [MLS] Roman Danyliw's No Objection on draft-ietf-mls-architecture-11: (with COMMENT)
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2023 15:35:10 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-mls-architecture-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-mls-architecture/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank to Yoav Nir for the SECDIR review. Thanks for addressing my DISCUSS and COMMENT feedback == ** Section 7.4.2.1. Please provide a reference for “mixnet”. ** Section 7.4.3.1. Please provide a reference for “CRLite”. ** Section 7.5. (a) Section 7.5. *RECOMMENDATION:* Additional steps should be taken to protect the device and the MLS clients from physical compromise. In such settings, HSMs and secure enclaves can be used to protect signature keys. (b) Section 7.3.4 RECOMMENDATION: Signature private keys should be compartmentalized from other secrets and preferably protected by an HSM or dedicated hardware features to allow recovery of the authentication for future messages after a compromise. Why is the use of HSM to protect keys repeated twice?
- [MLS] Roman Danyliw's No Objection on draft-ietf-… Roman Danyliw via Datatracker