Éric Vyncke has entered the following ballot position for draft-ietf-tls-external-psk-guidance-04: No Record
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for the work put into this document. The document offers good guidances and is easy to read. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. Special thanks to Sean Turner for the shepherd's write-up including the section about the WG consensus. I hope that this helps to improve the document, Regards, -éric == COMMENTS == -- Section 4.1 -- A wild guess (as I do not know the details of TLS 1.3), but if a group member is compromised and no ephemeral keys were used, then isn't the attacker able to read even the past/recorded traffic ? -- Section 5.1 -- Suggest to expand "PoP". Also wonder about the German eID use case... While the BSI specification allows for using PSK, it does not appear as the recommended mode by BSI. I.e., does this reference help the case for this I-D ? Suggest to remove it. I also wonder why quantum resistance is not at the top ;-) -- Section 5.2 -- About the IoT "UI", I would assume that some USB ports could also be used. Or are USB/bluetooth/... considered as UI ? -- Section 5.3 -- "each pair of nodes has a unique key pair" is puzzling as PSK usually consist of a unique key and not a key pair. What am I missing ? == NITS == Section 5.2 "among several node is" (plural ?) Section 8 "extend beynond proper identification" _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
