[TLS] Opsdir last call review of draft-ietf-tls-external-psk-importer-05

Al Morton via Datatracker <noreply@ietf.org> Sat, 10 October 2020 23:23 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 428783A0BAC; Sat, 10 Oct 2020 16:23:08 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Al Morton via Datatracker <noreply@ietf.org>
To: <ops-dir@ietf.org>
Cc: draft-ietf-tls-external-psk-importer.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.19.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160237218822.14726.2550828780205540820@ietfa.amsl.com>
Reply-To: Al Morton <acmorton@att.com>
Date: Sat, 10 Oct 2020 16:23:08 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JDVV1gwwumQeHrsWWV_M3-AVulo>
Subject: [TLS] Opsdir last call review of draft-ietf-tls-external-psk-importer-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Oct 2020 23:23:08 -0000

Reviewer: Al Morton
Review result: Has Nits

OPS-DIR Review of:
Importing External PSKs for TLS
draft-ietf-tls-external-psk-importer-05

Note that Brian Carpenter provided a useful review for GEN-ART, far beyond
general questions. Brian's comments on Section 6, Incremental Deployment, are
relevant to operational considerations, which are the focus of this review.

The draft provides a useful capability and considers possible issues stemming
from interaction with (D)TLS 1.2. There are some implementations and other
parties are interested.

Nits:

Intro:not expanded on first use
PRF
KDF

3.1 Terminology: one-too-many "and" in:
...
   *  Imported PSK (IPSK): A PSK derived from an EPSK, External
      Identity, optional context string, and target protocol and KDF.