Last Call Review of draft-ietf-anima-constrained-join-proxy-14
review-ietf-anima-constrained-join-proxy-14-secdir-lc-vucinic-2023-09-20-00
| Request | Review of | draft-ietf-anima-constrained-join-proxy-14 |
|---|---|---|
| Requested revision | 14 (document currently at 15) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2023-09-08 | |
| Requested | 2023-08-08 | |
| Requested by | Toerless Eckert | |
| Authors | Michael Richardson , Peter Van der Stok , Panos Kampanakis | |
| I-D last updated | 2023-09-20 | |
| Completed reviews |
Iotdir Last Call review of -14
by Russ Housley
(diff)
Secdir Last Call review of -14 by Mališa Vučinić (diff) Genart Last Call review of -14 by Ines Robles (diff) Opsdir Last Call review of -14 by Jürgen Schönwälder (diff) Iotdir Last Call review of -05 by Russ Housley (diff) Tsvart Last Call review of -10 by Spencer Dawkins (diff) Opsdir Last Call review of -09 by Jürgen Schönwälder (diff) Secdir Last Call review of -09 by Mališa Vučinić (diff) Genart Last Call review of -09 by Ines Robles (diff) Artart Last Call review of -10 by Rich Salz (diff) Opsdir Telechat review of -10 by Jürgen Schönwälder (diff) |
|
| Comments |
Requesting last-call review in preparation of finishing WGLC and to update/override the earlier review results, so as to accelerate following AD/IETF/IESG review. The authors confirmed that they resolved all issues raised in early reviews. If feasible, request to re-assign document to prior reviewers: OPSDIR: Jürgen Schönwälder GENART: Ines Robles SECDIR: Malisa Vucinic IOTDIR: Russ Housley |
|
| Assignment | Reviewer | Mališa Vučinić |
| State | Completed | |
| Request | Last Call review on draft-ietf-anima-constrained-join-proxy by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/SEhI6RngNbZ3KtoeRASb76VrsTY | |
| Reviewed revision | 14 (document currently at 15) | |
| Result | Has nits | |
| Completed | 2023-09-20 |
review-ietf-anima-constrained-join-proxy-14-secdir-lc-vucinic-2023-09-20-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other comments. I have previously reviewed this document at its -09 version. The document reads better now and I thank the authors for making the changes. I still have one discussion point to raise. Section 4.3 says "The Join Proxy SHOULD encrypt this context with a symmetric key known only to the Join Proxy. This key need not persist on a long term basis, and MAY be changed periodically. The considerations of Section 5.2 of [RFC8974] apply." Section 5.2 of RFC8974 recommends integrity and replay protection of the transported state. Security Considerations section of this document references this and recommends integrity and replay protection as well. However, the example in Section 4.3 talks about a single AES128 block being encrypted and transported as context. This is somewhat inconsistent. I would recommend discussing integrity and replay protection as part of the normative language in Section 4.3 and providing an example following that. Nits: - Section 4.2: Introduce acronym JPY upon first usage - Section 4.3.1: “The pledge_content field must be provided as input to a DTLS library”. Field name is “content”. - Section 7: “When the communication between JOIN Proxy...". s/JOIN/Join