Telechat Review of draft-ietf-dnssd-push-19
review-ietf-dnssd-push-19-secdir-telechat-xia-2019-05-17-00
Request | Review of | draft-ietf-dnssd-push |
---|---|---|
Requested revision | No specific revision (document currently at 25) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2019-06-02 | |
Requested | 2019-05-11 | |
Requested by | Éric Vyncke | |
Authors | Tom Pusateri , Stuart Cheshire | |
I-D last updated | 2019-05-17 | |
Completed reviews |
Secdir Telechat review of -19
by Liang Xia
(diff)
Tsvart Early review of -19 by Brian Trammell (diff) Secdir Last Call review of -20 by Liang Xia (diff) Genart Last Call review of -20 by Robert Sparks (diff) Genart Telechat review of -23 by Robert Sparks (diff) |
|
Assignment | Reviewer | Liang Xia |
State | Completed | |
Request | Telechat review on draft-ietf-dnssd-push by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/zHBrhCzkL3JJff-8wPjRFj3kz1w | |
Reviewed revision | 19 (document currently at 25) | |
Result | Has issues | |
Completed | 2019-05-17 |
review-ietf-dnssd-push-19-secdir-telechat-xia-2019-05-17-00
Nit: 1. Section 6.1, s/This connection is made to TCP port 853, the default port for DNS-over-TLS DNS over TLS [RFC7858]./This connection is made to TCP port 853, the default port for DNS-over-TLS [RFC7858]. 2. Table 2, RECONFIRM should be C-U TLV type. Comments: 1. why are UNSUBSCRIBE and RECONFIRM the client unidirectional message? 2. In UNSUBSCRIBE message, why do you choose to use SUBSCRIBE MESSAGE ID, not NAME+TYPE+CLASS? 3. In the section of Security Considerations: 1) you should also mention that TLS provides the anti-replay protection service for DNS Push; 2) maybe you need to consider the client authentication to achieve policy control and detect illegal client; 3) TLS WG are specifying the SNI encryption mechanism, will it influence your TLS name authentication?