Early Review of draft-ietf-dance-architecture-06
review-ietf-dance-architecture-06-iotdir-early-robles-2024-07-17-00
Request | Review of | draft-ietf-dance-architecture-06 |
---|---|---|
Requested revision | 06 (document currently at 06) | |
Type | Early Review | |
Team | Internet of Things Directorate (iotdir) | |
Deadline | 2024-07-19 | |
Requested | 2024-06-19 | |
Requested by | Wes Hardaker | |
Authors | Ash Wilson , Shumon Huque , Olle E. Johansson , Michael Richardson | |
I-D last updated | 2024-07-17 | |
Completed reviews |
Dnsdir Early review of -06
by Vladimír Čunát
Secdir Early review of -06 by Magnus Nyström Iotdir Early review of -06 by Ines Robles |
|
Assignment | Reviewer | Ines Robles |
State | Completed | |
Request | Early review on draft-ietf-dance-architecture by Internet of Things Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/iot-directorate/mcigCp0rlT5BEpsEuCYBfj0pp70 | |
Reviewed revision | 06 | |
Result | Not ready | |
Completed | 2024-07-17 |
review-ietf-dance-architecture-06-iotdir-early-robles-2024-07-17-00
IoT directorate Review of draft-ietf-dance-architecture-06 Reviewer: Ines Robles Date: 17 July 2024 Summary: The document describes an architecture that defines terminology, interaction, and authentication patterns related to the use of DANE DNS records for TLS client and messaging peer identity within the context of existing object security and TLS-based protocols. I have some comments and questions as follows: 1- Section 2, How to Dance with Entity: "... delegates many details of how DANCE can be used..." -> It would be nice to add examples of which details, e.g. "...details such as protocol-specific configurations, security mechanisms, and interoperability considerations..." 2- Section 2, Identity provisioning: "... in some circumstances, a manufacturer..." -> Could examples of these circumstances be added? For instance, "examples include manufacturer-initiated key generation. 3- Section 2, Suggestion to complete what it seems to be an open topic: "Is the security domain defined by how broadly the identity is recognized, or by the breadth of the application or network access policy? 4- Section 4.1.1 and 4.1.1.1: Suggestion to complete the TBD values with further description where to find them. 5- Section 5.4: Suggestion to add further explanation where states: "Further work has do be done in this area". Is it related with the following comment of AW? 6- Section 5.4.1, Suggestion to Improve this section based on the comment of OEJ. 7- Question, Section 3: Does it make sense to add broadcasting as a communication pattern? 8- Question: What about to apply DANE DNS to Federated Identity Management? 9- Based on github, 11 issues are still open: https://github.com/ietf-wg-dance/draft-dance-architecture/issues Nits: - Section 4.1.9.1.: tbe --> the - The terms "Dance" and "DANCE" are used in the text. It would be preferable to use a consistent form throughout the document. Thanks for this document, Ines.