IETF Last Call Review of draft-ietf-dance-tls-clientid-07
review-ietf-dance-tls-clientid-07-secdir-lc-orman-2025-12-21-00

Request Review of draft-ietf-dance-tls-clientid
Requested revision No specific revision (document currently at 07)
Type IETF Last Call Review
Team Security Area Directorate (secdir)
Deadline 2025-12-23
Requested 2025-12-09
Authors Shumon Huque , Viktor Dukhovni
I-D last updated 2026-01-14 (Latest revision 2025-09-17)
Completed reviews Dnsdir IETF Last Call review of -07 by Di Ma
Genart IETF Last Call review of -07 by Behcet Sarikaya
Secdir IETF Last Call review of -07 by Hilarie Orman
Artart IETF Last Call review of -07 by Claudio Allocchio
Assignment Reviewer Hilarie Orman
State Completed
Request IETF Last Call review on draft-ietf-dance-tls-clientid by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/RV0m0AfricT8hs6BUi8XNRqR1Rw
Reviewed revision 07
Result Ready
Completed 2025-12-21
review-ietf-dance-tls-clientid-07-secdir-lc-orman-2025-12-21-00
       	       	    	 Security review of 
		TLS Extension for DANE Client Identity
		   draft-ietf-dance-tls-clientid-07

Do not be alarmed.  I generated this review of this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.  These comments were written
with the intent of improving security requirements and considerations
in IETF drafts.  Comments not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last call comments.

The document defines an extension to TLS that allows a client to send its
DNS identity to the server as part of the connection setup.
The server can find the associated certificate or raw public key
for that exact identity.  In TLS 1.3, the identity is encrypted.

The document is written clearly and explains a useful extension for
extending the security and efficiency of TLS, especially that of TLS 1.3.

Hilarie