[secdir] Secdir last call review of draft-ietf-tls-dtls-connection-id-11

Daniel Franke via Datatracker <noreply@ietf.org> Thu, 22 April 2021 15:36 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Daniel Franke via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-tls-dtls-connection-id.all@ietf.org, last-call@ietf.org, tls@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161910581603.10398.13918665853904033223@ietfa.amsl.com>
Reply-To: Daniel Franke <dafranke@akamai.com>
Date: Thu, 22 Apr 2021 08:36:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/VWDKypN7ptlYRvCh3N5wJb9SAwI>
Subject: [secdir] Secdir last call review of draft-ietf-tls-dtls-connection-id-11

Reviewer: Daniel Franke
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

Apologies for the absolute last-minute review; I overlooked until just now that
this had been assigned a telechat date.

This document is Ready. I do have some concerns — in particular I think relying
on application-layer measures to prevent amplified reflection attacks is a bit
dubious — but these have been debated to death already, the issues are
well-captured in the document, and I don't think I have anything new to add.

[secdir] Secdir last call review of draft-ietf-tl… Daniel Franke via Datatracker
Re: [secdir] Secdir last call review of draft-iet… Benjamin Kaduk
Re: [secdir] Secdir last call review of draft-iet… Hannes Tschofenig