[TLS] Opsdir last call review of draft-ietf-tls-oldversions-deprecate-09

Nagendra Nainar via Datatracker <noreply@ietf.org> Mon, 30 November 2020 21:21 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F1C3A11C7; Mon, 30 Nov 2020 13:21:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Nagendra Nainar via Datatracker <noreply@ietf.org>
To: <ops-dir@ietf.org>
Cc: tls@ietf.org, draft-ietf-tls-oldversions-deprecate.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160677130350.31916.13756509276111917722@ietfa.amsl.com>
Reply-To: Nagendra Nainar <naikumar@cisco.com>
Date: Mon, 30 Nov 2020 13:21:43 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qgcKYwfdEQA7Z3GHOvAQggmdbN0>
Subject: [TLS] Opsdir last call review of draft-ietf-tls-oldversions-deprecate-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 21:21:44 -0000

Reviewer: Nagendra Nainar
Review result: Ready


I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts per guidelines in RFC5706.

Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Version: draft-ietf-tls-oldversions-deprecate-09

Overall Summary:

This draft is deprecating TLS v1.0 and TLSv1.1 to reduce the opportunity for
misconfiguration or security attack.

The draft clarifies that these (to be obsoleted) versions of TLS must not be
negotiated and further clarifies that the connection must be terminated upon
receiving such version in the initial negotiation.

Overall this is a well-written document with clear clarification on any
backward compatibility requirement.

I just noticed a couple of nits some of which were already mentioned in other
reviews as well. I am including the same here for completeness:

1. s/waas defined/was defined
2. Some text appears to use DTLS while other use (D)TLS. I think it is better
to use one common way of defining it.