[TLS] Secdir last call review of draft-ietf-tls-dtls-connection-id-11

Daniel Franke via Datatracker <noreply@ietf.org> Thu, 22 April 2021 15:36 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 13A0D3A14B9; Thu, 22 Apr 2021 08:36:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Daniel Franke via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-tls-dtls-connection-id.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.28.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <161910581603.10398.13918665853904033223@ietfa.amsl.com>
Reply-To: Daniel Franke <dafranke@akamai.com>
Date: Thu, 22 Apr 2021 08:36:56 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oMlt3hc5xBO_3YZSUBylDqQ6pNI>
Subject: [TLS] Secdir last call review of draft-ietf-tls-dtls-connection-id-11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 15:36:56 -0000

Reviewer: Daniel Franke
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

Apologies for the absolute last-minute review; I overlooked until just now that
this had been assigned a telechat date.

This document is Ready. I do have some concerns ā€” in particular I think relying
on application-layer measures to prevent amplified reflection attacks is a bit
dubious ā€” but these have been debated to death already, the issues are
well-captured in the document, and I don't think I have anything new to add.