Skip to main content

Early Review of draft-ietf-dance-architecture-06
review-ietf-dance-architecture-06-iotdir-early-robles-2024-07-17-00

Request Review of draft-ietf-dance-architecture-06
Requested revision 06 (document currently at 06)
Type Early Review
Team Internet of Things Directorate (iotdir)
Deadline 2024-07-19
Requested 2024-06-19
Requested by Wes Hardaker
Authors Ash Wilson , Shumon Huque , Olle E. Johansson , Michael Richardson
I-D last updated 2024-07-17
Completed reviews Dnsdir Early review of -06 by Vladimír Čunát
Secdir Early review of -06 by Magnus Nyström
Iotdir Early review of -06 by Ines Robles
Assignment Reviewer Ines Robles
State Completed
Request Early review on draft-ietf-dance-architecture by Internet of Things Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/iot-directorate/mcigCp0rlT5BEpsEuCYBfj0pp70
Reviewed revision 06
Result Not ready
Completed 2024-07-17
review-ietf-dance-architecture-06-iotdir-early-robles-2024-07-17-00
IoT directorate Review of draft-ietf-dance-architecture-06
Reviewer: Ines Robles
Date: 17 July 2024

Summary:

The document describes an architecture that defines terminology, interaction,
and authentication patterns related to the use of DANE DNS records for TLS
client and messaging peer identity within the context of existing object
security and TLS-based protocols.

I have some comments and questions as follows:

1- Section 2, How to Dance with Entity: "... delegates many details of how
DANCE can be used..."  -> It would be nice to add examples of which details,
e.g. "...details such as protocol-specific configurations, security mechanisms,
and interoperability considerations..."

2- Section 2, Identity provisioning: "... in some circumstances, a
manufacturer..."  -> Could examples of these circumstances be added? For
instance, "examples include manufacturer-initiated key generation.

3- Section 2, Suggestion to complete what it seems to be an open topic: "Is the
security domain defined by how broadly the identity is recognized, or by the
breadth of the application or network access policy?

4- Section 4.1.1 and 4.1.1.1: Suggestion to complete the TBD values with
further description where to find them.

5- Section 5.4: Suggestion to add further explanation where states: "Further
work has do be done in this area". Is it related with the following comment of
AW?

6- Section 5.4.1, Suggestion to Improve this section based on the comment of
OEJ.

7- Question, Section 3: Does it make sense to add broadcasting as a
communication pattern?

8- Question: What about to apply DANE DNS to Federated Identity Management?

9- Based on github, 11 issues are still open:
https://github.com/ietf-wg-dance/draft-dance-architecture/issues

Nits:

- Section 4.1.9.1.: tbe --> the

- The terms "Dance" and "DANCE" are used in the text. It would be preferable to
use a consistent form throughout the document.

Thanks for this document,

Ines.