Re: [secdir] Secdir last call review of draft-ietf-tls-dtls-connection-id-11
Benjamin Kaduk <kaduk@mit.edu> Sun, 02 May 2021 04:36 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 385A83A1C4B; Sat, 1 May 2021 21:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Mchy3hWfH9k; Sat, 1 May 2021 21:35:58 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85CC13A1C4C; Sat, 1 May 2021 21:35:58 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1424ZniJ028948 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 2 May 2021 00:35:54 -0400
Date: Sat, 01 May 2021 21:35:49 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Daniel Franke <dafranke@akamai.com>
Cc: secdir@ietf.org, draft-ietf-tls-dtls-connection-id.all@ietf.org
Message-ID: <20210502043549.GF79563@kduck.mit.edu>
References: <161910581603.10398.13918665853904033223@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <161910581603.10398.13918665853904033223@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/H8rXkJKzRrQ4N6JPlth6PxBi9RE>
Subject: Re: [secdir] Secdir last call review of draft-ietf-tls-dtls-connection-id-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2021 04:36:01 -0000
Hi Daniel, Thanks for the review. There was some effort towards a return-routability check at the DTLS layer, in draft-tschofenig-tls-dtls-rrc, but we seem to have failed to follow up after the adoption call was issued. I've pinged the chairs to check on its progress. -Ben On Thu, Apr 22, 2021 at 08:36:56AM -0700, Daniel Franke via Datatracker wrote: > Reviewer: Daniel Franke > Review result: Ready > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments just like any other > last call comments. > > Apologies for the absolute last-minute review; I overlooked until just now that > this had been assigned a telechat date. > > This document is Ready. I do have some concerns — in particular I think relying > on application-layer measures to prevent amplified reflection attacks is a bit > dubious — but these have been debated to death already, the issues are > well-captured in the document, and I don't think I have anything new to add. > >
- [secdir] Secdir last call review of draft-ietf-tl… Daniel Franke via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk
- Re: [secdir] Secdir last call review of draft-iet… Hannes Tschofenig