Re: [Pce] [Last-Call] Genart last call review of draft-ietf-pce-pceps-tls13-02
Russ Housley <housley@vigilsec.com> Fri, 08 December 2023 15:30 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B83BC403987; Fri, 8 Dec 2023 07:30:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqcDOf6apdxC; Fri, 8 Dec 2023 07:30:13 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59A0AC045A37; Fri, 8 Dec 2023 07:30:13 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 5B3EA1190DB; Fri, 8 Dec 2023 10:30:12 -0500 (EST)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 45053118B6A; Fri, 8 Dec 2023 10:30:12 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <170203631643.25271.3343940506201552538@ietfa.amsl.com>
Date: Fri, 08 Dec 2023 10:30:02 -0500
Cc: IETF Gen-ART <gen-art@ietf.org>, draft-ietf-pce-pceps-tls13.all@ietf.org, Last Call <last-call@ietf.org>, pce@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0CCFDFF7-BA6A-4DE3-939F-CD82F2FDD9E0@vigilsec.com>
References: <170203631643.25271.3343940506201552538@ietfa.amsl.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
X-Mailer: Apple Mail (2.3731.700.6)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/VvwqvdpFW7TTPP783eJ7_XTimSE>
Subject: Re: [Pce] [Last-Call] Genart last call review of draft-ietf-pce-pceps-tls13-02
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2023 15:30:15 -0000
Christer: Thanks for the review. Section 2.3 of RFC 8446 explains that the security provided to early data is weaker than the security provided to other kinds of TLS data. This is the reason that PCEPS MUST NOT make use of early data. Will a note with a pointer to this text (or a pointer to the same part of draft-ietf-tls-rfc8446bis) resolve this minor issue? Russ > On Dec 8, 2023, at 6:51 AM, Christer Holmberg via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Christer Holmberg > Review result: Almost Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. > > Document: draft-ietf-pce-pceps-tls13-02 > Reviewer: Christer Holmberg > Review Date: 2023-12-08 > IETF LC End Date: 2023-12-19 > IESG Telechat date: Not scheduled for a telechat > > Summary: The document is well written, and easy to understand. I do have one > Minor issue/question and a few Editorial issues/questions that I would like the > authors to address. > > Major issues: N/A > > Minor issues: > > Q1:Section 3 adds text saying that PCEPS implementations MUST NOT use early > data, and there are a couple of notes about what early data is. However, I > cannot find text which explains the "MUST NOT use". If the case where early > media is permitted does not apply to PCEPS it would be good to add text which > explains it. It would also be good to explain the reason in the Introduction of > this document. > > Nits/editorial comments: > > Q2:In a few places the text says "TLS protocol", and in other places "TLS". > Would it be possible to use "TLS" everywhere? > > Q3: Section 6 indicates that there are no known implementations when version > -02 of the draft was posted. If that is still the case when the RFC is > published, could the whole section be removed? > > Q4: Related to Q3, if the section remains (e.g., because there are known > implementations), I suggest to say "time of publishing this document" instead > of "time of posting of this Internet-Draft". > > > -- > last-call mailing list > last-call@ietf.org > https://www.ietf.org/mailman/listinfo/last-call
- [Pce] Genart last call review of draft-ietf-pce-p… Christer Holmberg via Datatracker
- Re: [Pce] [Last-Call] Genart last call review of … Russ Housley
- Re: [Pce] [Last-Call] Genart last call review of … Christer Holmberg
- Re: [Pce] [Last-Call] Genart last call review of … Russ Housley
- Re: [Pce] [Last-Call] Genart last call review of … Dhruv Dhody
- Re: [Pce] [Last-Call] Genart last call review of … Christer Holmberg