On Wed, 2018-11-07 at 14:39 +0700, Joseph Salowey wrote: > This is the working group last call for the "Connection Identifiers > for DTLS 1.2" draft available at > https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/. > Please review the document and send your comments to the list by 2359 > UTC on 30 November 2018. >
Hi, It is a very good document, I support its publication. Some editorial comments follow. I think the paragraph of the section 3 that starts: "This is effectively the simplest possible design that will work." looks like unnecessary; why would previous designs be mentioned unless there is a challenge for this protocol and in that case an appendix may be more suitable. What about replacing with: "The design is kept simple to ease implementation and deployment" In security considerations the following two paragraphs seem to be part of a single one, that is separated by a However? (i.e., replace Importantly with However), or do I missread it? With multi-homing, an adversary is able to correlate the communication interaction over the two paths, which adds further privacy concerns. Importantly, the sequence number makes it possible for a passive attacker to correlate packets across CID changes. Thus, even if a client/server pair do a rehandshake to change CID, that does not provide much privacy benefit. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
