[TLS] Opsdir last call review of draft-ietf-tls-tls13-cert-with-extern-psk-03

Scott Bradner via Datatracker <noreply@ietf.org> Sat, 30 November 2019 00:44 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B4AAB120133; Fri, 29 Nov 2019 16:44:53 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Scott Bradner via Datatracker <noreply@ietf.org>
To: <ops-dir@ietf.org>
Cc: last-call@ietf.org, tls@ietf.org, draft-ietf-tls-tls13-cert-with-extern-psk.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.111.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Scott Bradner <sob@sobco.com>
Message-ID: <157507469364.4754.18326307005747989728@ietfa.amsl.com>
Date: Fri, 29 Nov 2019 16:44:53 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/E1UwUXCF9Fm1IRZkczJwcB4g8BM>
Subject: [TLS] Opsdir last call review of draft-ietf-tls-tls13-cert-with-extern-psk-03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Nov 2019 00:44:54 -0000

Reviewer: Scott Bradner
Review result: Ready

This is an OPS-DIR review of TLS 1.3 Extension for Certificate-based
Authentication with an External Pre-Shared Key
(draft-ietf-tls-tls13-cert-with-extern-psk)

This ID proposes a TLS 3.1 extension to better prepare for the post quantum
computer crypto-armageddon world.

The document is very clearly written, as I expect from Russ.

I expect there will be some operational issues around hand holding users to get
the correct setup to make use of the extension but since this extension
basically enables the simultaneous use of existing TLS options any such issues
should be confined to sites using exclusively one or the other option and I do
not see any way to mitigate such situations.