Re: [Gen-art] Genart last call review of draft-ietf-perc-dtls-tunnel-08

Mon, 07 Jun 2021 19:49:58 -0700 

Russ,
Thanks for the review. I have made changes as you (and Shawn) suggested. Please see this diff which contains a rewritten security considerations section. Please feel free to comment further since it's quite possible that I created more confusion. 


I also tried to address your question about the mutual authentication in 
the security considerations section.


https://github.com/percwg/perc-wg/compare/paulej_ietf_lc

Paul

------ Original Message ------
From: "Russ Housley via Datatracker" <nore...@ietf.org>
To: gen-art@ietf.org

Cc: draft-ietf-perc-dtls-tunnel....@ietf.org; last-c...@ietf.org; 
p...@ietf.org

Sent: 5/28/2021 11:16:06 AM
Subject: Genart last call review of draft-ietf-perc-dtls-tunnel-08


Reviewer: Russ Housley
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-perc-dtls-tunnel-08
Reviewer: Russ Housley
Review Date: 2021-05-28
IETF LC End Date: unknown
IESG Telechat date: unknown

Summary: Almost Ready


Major Concerns:

Section 9:  The document has two different types of keying material:
   (1) keys for hop-by-hop encryption and authentication; and
   (2) keys for end-to-end encryption and authentication.
The first two paragraphs of Section 9 talks about these two types of
keying material.  I think that the discussion should be expanded by a
sentence or two to explain the security consequences of disclosure of
each of theses keying material types.

In addition, a pointer to the very extensive Security Consideration in
RFC 8871 would he helpful.


Minor Concerns:

Section 5.4 says: "Each TLS tunnel established between the media
distributor and the key distributor MUST be mutually authenticated."
Is this a requirement to use DTLS client authentication?  If so,
please be explicit.  If not, what other mechanisms for authentication
are expected?


Nits:

Section 5.1, paragraph 2:   s/[!@RFC4566]/[RFC4566]/

Section 5.5, paragraph 1:
  s/MUST utilize the same version/MUST contain the same version/

Section 8, last paragraph:
   s/section 4.8 if [!@RFC8126]/Section 4.8 of [RFC8126]/

Section 9, paragraph 1:
  s/keying material This does/keying material. This does/



_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art






















					Reply via email to