Early Review of draft-ietf-dance-architecture-06
review-ietf-dance-architecture-06-secdir-early-nystrom-2024-07-24-00
Request | Review of | draft-ietf-dance-architecture-06 |
---|---|---|
Requested revision | 06 (document currently at 06) | |
Type | Early Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-07-19 | |
Requested | 2024-06-19 | |
Requested by | Wes Hardaker | |
Authors | Ash Wilson , Shumon Huque , Olle E. Johansson , Michael Richardson | |
I-D last updated | 2024-07-24 | |
Completed reviews |
Dnsdir Early review of -06
by Vladimír Čunát
Secdir Early review of -06 by Magnus Nyström Iotdir Early review of -06 by Ines Robles |
|
Assignment | Reviewer | Magnus Nyström |
State | Completed | |
Request | Early review on draft-ietf-dance-architecture by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/lHux6MAzlngW2iNDsa565XBboLo | |
Reviewed revision | 06 | |
Result | Not ready | |
Completed | 2024-07-24 |
review-ietf-dance-architecture-06-secdir-early-nystrom-2024-07-24-00
Like Ines Robles, I find this document not ready for publication, given several open questions still remaining in the document itself, as well as, apparently, externally recorded issues. As such, my review here is more an attempt to provide feedback to the authors. - The approach is interesting but, to my knowledge, similar attempts to leverage DNS has been proposed earlier (see e.g., https://hal.science/hal-03798465/ - not sure if this document builds on that work) and it could be interesting to compare with earlier proposals and why this one would stand a better chance of succeeding. - As mentioned in the document, requesting a TLS server to perform DNS lookup actions based on an unauthenticated request seems prone to dDoS attacks, and it would be good if the document could describe in some more detail how DANCE-enabled TLS servers could protect against this. - The document touches on aspects of lifecycle management for these certificates (e.g., "revocation is performed by simply removing a DNS record,' or complexities when a device manufacturer no longer supports or maintains the DNS entries). Would it make sense to have a fuller discussion around lifecycle management of certificates in the context of DANCE? I look forward to future revisions of this document.