[secdir] Secdir last call review of draft-ietf-dnsop-server-cookies-04
Stephen Farrell via Datatracker <noreply@ietf.org> Wed, 02 December 2020 17:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CD8703A14FA; Wed, 2 Dec 2020 09:46:58 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: last-call@ietf.org, draft-ietf-dnsop-server-cookies.all@ietf.org, dnsop@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160693121881.9413.5642470305677631145@ietfa.amsl.com>
Reply-To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 02 Dec 2020 09:46:58 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/TV4Qw2ionRmJ8skKzgUWzRTeDtw>
Subject: [secdir] Secdir last call review of draft-ietf-dnsop-server-cookies-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 17:46:59 -0000
Reviewer: Stephen Farrell Review result: Has Issues I see two issues here worth checking: 1. I don't recall SipHash being used as a MAC in any IETF standard before. We normally use HMAC, even if truncated. Why make this change and was that checked with e.g. CFRG? (And the URL given in the reference gets me a 404.) 2. Is it really a good idea to use a 32 bit seconds since 1970-01-01 in 2020? I'd have thought that e.g. a timestamp in hours since then or seconds since some date in 2020 would be better. Here's a couple of nits too: - section 1: what's a "strong cookie"? - "gallimaufry" - cute! but not sure it'll help readers to learn that word.
- [secdir] Secdir last call review of draft-ietf-dn… Stephen Farrell via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Ondřej Surý
- Re: [secdir] [DNSOP] Secdir last call review of d… Stephen Farrell
- Re: [secdir] Secdir last call review of draft-iet… Eric Rescorla
- Re: [secdir] [DNSOP] Secdir last call review of d… Willem Toorop
- Re: [secdir] [DNSOP] Secdir last call review of d… Stephen Farrell
- Re: [secdir] [DNSOP] Secdir last call review of d… Willem Toorop
- Re: [secdir] Secdir last call review of draft-iet… Ondřej Surý
- Re: [secdir] [DNSOP] Secdir last call review of d… Brian Dickson
- Re: [secdir] [Last-Call] [DNSOP] Secdir last call… Stephen Farrell
- Re: [secdir] [Last-Call] [DNSOP] Secdir last call… Willem Toorop
- Re: [secdir] [DNSOP] [Last-Call] Secdir last call… Eric Rescorla
- Re: [secdir] [Last-Call] [DNSOP] Secdir last call… Salz, Rich
- Re: [secdir] [Last-Call] [DNSOP] Secdir last call… Eric Rescorla
- Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk
- Re: [secdir] Secdir last call review of draft-iet… Ondřej Surý
- Re: [secdir] [DNSOP] Secdir last call review of d… Brian Dickson
- Re: [secdir] [Last-Call] Secdir last call review … Salz, Rich
- Re: [secdir] [DNSOP] [Last-Call] Secdir last call… Stephen Farrell
- Re: [secdir] [DNSOP] [Last-Call] Secdir last call… Salz, Rich
- Re: [secdir] [DNSOP] [Last-Call] Secdir last call… Eric Rescorla
- Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk
- Re: [secdir] [DNSOP] Secdir last call review of d… Stephen Farrell