Early Review of draft-ietf-anima-constrained-voucher-23
review-ietf-anima-constrained-voucher-23-secdir-early-moriarty-2024-01-18-00
Request | Review of | draft-ietf-anima-constrained-voucher |
---|---|---|
Requested revision | No specific revision (document currently at 24) | |
Type | Early Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2023-09-08 | |
Requested | 2023-08-19 | |
Requested by | Tero Kivinen | |
Authors | Michael Richardson , Peter Van der Stok , Panos Kampanakis , Esko Dijk | |
I-D last updated | 2024-01-18 | |
Completed reviews |
Iotdir Early review of -21
by Henk Birkholz
(diff)
Genart Last Call review of -21 by Russ Housley (diff) Yangdoctors Last Call review of -21 by Xufeng Liu (diff) Secdir Early review of -23 by Kathleen Moriarty (diff) Yangdoctors Early review of -00 by Carl Moberg (diff) Secdir Early review of -11 by Daniel Fox Franke (diff) Genart Early review of -10 by Russ Housley (diff) Iotdir Early review of -12 by Henk Birkholz (diff) |
|
Comments |
Requesting last-call reviews (given how the document is in WGLC) to help finish up the WGLC of this document and to help convert the not-ready early reviews from earlier to make it easier for following AD/IETF/IESG review. |
|
Assignment | Reviewer | Kathleen Moriarty |
State | Completed | |
Request | Early review on draft-ietf-anima-constrained-voucher by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/YUquIafpEMtNmeswO-278-XYRE8 | |
Reviewed revision | 23 (document currently at 24) | |
Result | Ready | |
Completed | 2024-01-18 |
review-ietf-anima-constrained-voucher-23-secdir-early-moriarty-2024-01-18-00
The updates contained in draft-ietf-anima-constrained-voucher are important for both security and to align with other protocols updates and trends (e.g. SNI in TLS). The security considerations in section 15 are well detailed covering identity, root of trust and allowances for looser restrictions are justified for a self-signed certificate, UDP/DTLS, use of a localized protocol to limit the scope of response to the immediate network, and justification for a constrained protocol (CoAP) for communication is well considered. The work builds on several other protocols and represents some important and well considered updates. Best regards, Kathleen