Murray Kucherawy has entered the following ballot position for draft-ietf-tls-external-psk-guidance-04: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Martin Thomson for his ARTART review. A stylistic point: The Abstract is made up of five sentences all of which start "This document". It's a bit of a rigid read. Maybe something like this? This document provides usage guidance for external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. It lists TLS security properties provided by PSKs under certain assumptions, and then demonstrates how violations of these assumptions lead to attacks. It also discusses PSK use cases and provisioning processes. Advice for applications to help meet these assumptions is provided. Finally, it lists the privacy and security properties that are not provided by TLS 1.3 when external PSKs are used. Section 4.1 contains this, which I can't quite parse: To illustrate the rerouting attack, consider the group of peers who know the PSK be A, B, and C. Should there be a "to" after "PSK"? In Section 8: Each endpoint SHOULD know the identifier of the other endpoint with which its wants to connect and SHOULD compare it with the other s/its/it/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
