[TLS] Martin Duke's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
Martin Duke via Datatracker <noreply@ietf.org> Tue, 20 April 2021 19:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C40943A14C4; Tue, 20 Apr 2021 12:46:53 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-dtls-connection-id@ietf.org, tls-chairs@ietf.org, tls@ietf.org, Joseph Salowey <joe@salowey.net>, joe@salowey.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.28.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <161894801377.8373.6532898944771346676@ietfa.amsl.com>
Date: Tue, 20 Apr 2021 12:46:53 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0hyoFBsJ_21mv2hUEPPQhmGOMes>
Subject: [TLS] Martin Duke's No Objection on draft-ietf-tls-dtls-connection-id-11: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2021 19:46:54 -0000
Martin Duke has entered the following ballot position for draft-ietf-tls-dtls-connection-id-11: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document. Section 9.3.3 of quic-transport, which deals with basically the same security model, also requires the receiving endpoint to probe the original address, not just the new one, to address a somewhat more difficult attack. It would be good to at least RECOMMEND this behavior for DTLS applications, and/or (repeat/informatively reference) the logic there.
- [TLS] Martin Duke's No Objection on draft-ietf-tl… Martin Duke via Datatracker
- Re: [TLS] Martin Duke's No Objection on draft-iet… Hannes Tschofenig
- Re: [TLS] Martin Duke's No Objection on draft-iet… Martin Duke
- Re: [TLS] Martin Duke's No Objection on draft-iet… Martin Thomson
- Re: [TLS] Martin Duke's No Objection on draft-iet… Achim Kraus
- Re: [TLS] Martin Duke's No Objection on draft-iet… Martin Thomson
- Re: [TLS] Martin Duke's No Objection on draft-iet… Achim Kraus