Last Call Review of draft-ietf-dnsop-server-cookies-04
review-ietf-dnsop-server-cookies-04-secdir-lc-farrell-2020-12-02-00
| Request | Review of | draft-ietf-dnsop-server-cookies |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2020-12-04 | |
| Requested | 2020-11-20 | |
| Authors | Ondřej Surý , Willem Toorop , Donald E. Eastlake 3rd , Mark P. Andrews | |
| I-D last updated | 2020-12-02 | |
| Completed reviews |
Genart Last Call review of -04
by Meral Shirazipour
(diff)
Secdir Last Call review of -04 by Stephen Farrell (diff) |
|
| Assignment | Reviewer | Stephen Farrell |
| State | Completed | |
| Request | Last Call review on draft-ietf-dnsop-server-cookies by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/TV4Qw2ionRmJ8skKzgUWzRTeDtw | |
| Reviewed revision | 04 (document currently at 05) | |
| Result | Has issues | |
| Completed | 2020-12-02 |
review-ietf-dnsop-server-cookies-04-secdir-lc-farrell-2020-12-02-00
I see two issues here worth checking: 1. I don't recall SipHash being used as a MAC in any IETF standard before. We normally use HMAC, even if truncated. Why make this change and was that checked with e.g. CFRG? (And the URL given in the reference gets me a 404.) 2. Is it really a good idea to use a 32 bit seconds since 1970-01-01 in 2020? I'd have thought that e.g. a timestamp in hours since then or seconds since some date in 2020 would be better. Here's a couple of nits too: - section 1: what's a "strong cookie"? - "gallimaufry" - cute! but not sure it'll help readers to learn that word.