Hello Joe, Hello List, with the issues https://github.com/tlswg/dtls-conn-id/issues/64 reported by Thomas Fossati, and the mail from Hannes Tschofenig (see http://ietf.10.n7.nabble.com/draft-tschofenig-tls-dtls-rrc-00-DTLS-Return-Routability-Check-RRC-td599108.html), I’m not sure, what the intended scope of "draft-ietf-tls-dtls-connection-id-06.txt" according this issues should be.
I would prefer to have the basic advice, to apply some kind of filter against modified replay attacks (either the DTLS 1.2 Anti-Replay protection, https://tools.ietf.org/html/rfc6347#section-4.1.2.6, or other means, see proposal https://github.com/tlswg/dtls-conn-id/issues/69 ) in the "draft-ietf-tls-dtls-connection-id", instead of including that to an additional RFC together with the more complex "on-path adversary" scenario. "An on-path adversary can also black-hole traffic or create a reflection attack against third parties because a DTLS peer has no means to distinguish a genuine address update event (for example, due to a NAT rebinding) from one that is malicious. This attack is of concern when there is a large asymmetry of request/response message sizes." I would prefer either to remove the "black-hole traffic", because that is not related to DTLS 1.2 CID, or extend it into a more general statement, which clarifies, that it's not related to CID. Mit freundlichen Grüßen / Best regards Achim Kraus Engineering Cloud Services 4 Bosch IoT Hub (INST/ECS4) Von: TLS <tls-boun...@ietf.org> Im Auftrag von Joseph Salowey Gesendet: Montag, 15. Juli 2019 19:19 An: <tls@ietf.org> <tls@ietf.org> Betreff: [TLS] WGLC for draft-ietf-tls-dtls-connection-id-06 This the working group last call for draft-ietf-tls-dtls-connection-id-06. The diff between the version that was last called (-03) and the current version can be found here: https://tools.ietf.org/rfcdiff?url2=draft-ietf-tls-dtls-connection-id-06.txt&url1=draft-ietf-tls-dtls-connection-id-03 Please focus your review on the changes since the previous last call and send comments to the list by July 22, 2019. Thanks, C,S & J _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
