Last Call Review of draft-ietf-ace-dtls-authorize-12
review-ietf-ace-dtls-authorize-12-opsdir-lc-jaeggli-2020-07-28-00

Request Review of draft-ietf-ace-dtls-authorize
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2020-07-20
Requested 2020-07-06
Authors Stefanie Gerdes, Olaf Bergmann, Carsten Bormann, Göran Selander, Ludwig Seitz
Draft last updated 2020-07-28
Completed reviews Genart Last Call review of -12 by Paul Kyzivat (diff)
Secdir Last Call review of -14 by Russ Mundy (diff)
Opsdir Last Call review of -12 by Joel Jaeggli (diff)
Secdir Telechat review of -16 by Russ Mundy
Genart Telechat review of -16 by Paul Kyzivat
Assignment Reviewer Joel Jaeggli 
State Completed
Review review-ietf-ace-dtls-authorize-12-opsdir-lc-jaeggli-2020-07-28
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/DNgfkGAas8RHKyCr2rnPJrIPumc
Reviewed rev. 12 (document currently at 16)
Review result Ready
Review completed: 2020-07-28

Review
review-ietf-ace-dtls-authorize-12-opsdir-lc-jaeggli-2020-07-28

Greetings, 

I have reviewed  draft-ietf-ace-dtls-authorize for operational considerations related to constrained authentication and authorization. 

While fall back to proxies becomes a bottleneck for passing security information to devices. The apprach described here appears to be comprehensive and probably the best that is achievable under the circumstances. the recognition of the limitations of some of the weaker cipher suites employed seem both well understood and adequately mitigated when used, they are still weaker then some of the alternatives that are enumerated where possible but seem adequate.