[TLS] Éric Vyncke's No Record on draft-ietf-tls-external-psk-guidance-04: (with COMMENT)
Éric Vyncke via Datatracker <noreply@ietf.org> Fri, 10 December 2021 12:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B303A0BFC; Fri, 10 Dec 2021 04:46:28 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Éric Vyncke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-external-psk-guidance@ietf.org, tls-chairs@ietf.org, tls@ietf.org, sean@sn3rd.com, sean@sn3rd.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.40.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Éric Vyncke <evyncke@cisco.com>
Message-ID: <163914038830.17260.7485056311363357423@ietfa.amsl.com>
Date: Fri, 10 Dec 2021 04:46:28 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8BQq2_IuBQ-aZr9Zeh51wqJEbzE>
Subject: [TLS] Éric Vyncke's No Record on draft-ietf-tls-external-psk-guidance-04: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2021 12:46:29 -0000
Éric Vyncke has entered the following ballot position for draft-ietf-tls-external-psk-guidance-04: No Record When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for the work put into this document. The document offers good guidances and is easy to read. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Sean Turner for the shepherd's write-up including the section about the WG consensus. I hope that this helps to improve the document, Regards, -éric == COMMENTS == -- Section 4.1 -- A wild guess (as I do not know the details of TLS 1.3), but if a group member is compromised and no ephemeral keys were used, then isn't the attacker able to read even the past/recorded traffic ? -- Section 5.1 -- Suggest to expand "PoP". Also wonder about the German eID use case... While the BSI specification allows for using PSK, it does not appear as the recommended mode by BSI. I.e., does this reference help the case for this I-D ? Suggest to remove it. I also wonder why quantum resistance is not at the top ;-) -- Section 5.2 -- About the IoT "UI", I would assume that some USB ports could also be used. Or are USB/bluetooth/... considered as UI ? -- Section 5.3 -- "each pair of nodes has a unique key pair" is puzzling as PSK usually consist of a unique key and not a key pair. What am I missing ? == NITS == Section 5.2 "among several node is" (plural ?) Section 8 "extend beynond proper identification"
- [TLS] Éric Vyncke's No Record on draft-ietf-tls-e… Éric Vyncke via Datatracker