Updates for PCEPS: TLS Connection Establishment Restrictions
draft-ietf-pce-pceps-tls13-04
Yes
(Erik Kline)
(John Scudder)
(Martin Duke)
No Objection
Jim Guichard
Roman Danyliw
(Andrew Alston)
Note: This ballot was opened for revision 02 and is now closed.
Éric Vyncke
No Objection
Comment
(2024-01-02 for -03)
Sent for earlier
# Éric Vyncke, INT AD, comments for draft-ietf-pce-pceps-tls13-03 Thank you for the work put into this document. It was an easy and simple read for my first document review in 2024! Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Andrew Stone for the shepherd's detailed write-up including the WG consensus and the justification of the intended status. I hope that this review helps to improve the document, Regards, -éric # COMMENTS (non-blocking) ## Section 1 Is it a `Editor's Note:` or a "Note to the IESG" or a "Note to the RFC Editor" ? ## Section 3 `MUST prefer to negotiate the latest version` is of course the preferred behavior for the initiator, but should the document clearly specify that the responser "MUST select the latest version" ? (please bear with me as English is not my primary language). ## Section 6 I wonder about the usefulness of an implementation section having `there are no known implementations of this mechanism.`
Jim Guichard
No Objection
Roman Danyliw
No Objection
Erik Kline Former IESG member
Yes
Yes
(for -03)
Not sent
John Scudder Former IESG member
Yes
Yes
(for -02)
Unknown
Martin Duke Former IESG member
Yes
Yes
(for -03)
Not sent
Paul Wouters Former IESG member
Yes
Yes
(2024-01-03 for -03)
Sent
Implementations that support multiple versions of the TLS protocol MUST prefer to negotiate the latest version of the TLS protocol. I'm a little confused why this needs to be stated as an update, as this is a general requirement of TLS (or any versioned protocol really) It might be useful to point to https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.1 that deals with how to negotiate allowing TLS 1.2 when also supporting and preferring TLS 1.3.
Robert Wilton Former IESG member
Yes
Yes
(2024-01-02 for -03)
Sent
Thank you for this document.
Andrew Alston Former IESG member
No Objection
No Objection
(for -03)
Not sent
Murray Kucherawy Former IESG member
No Objection
No Objection
(2024-01-03 for -03)
Sent
Further to Eric's comment, I'm completely confused by question #4 of the shepherd writeup. While the document claims there are no implementations known, the shepherd writeup says there's at least one (and it was easy), and makes another "Yes" remark that I don't understand. Forwarding a comment from Orie Steele, incoming ART Area Director: Noting the comment on 0-RTT / early data regarding secrecy, and the comment on https://datatracker.ietf.org/doc/html/rfc8253#section-3.4 * Negotiation of a ciphersuite providing for confidentiality is RECOMMENDED. I'm not an expert on PCEPS, but I wonder why the need for the note at all given PCEPs only recommends confidentiality, and the requirement above states early data is forbidden.