Skip to main content

Telechat Review of draft-ietf-dnssd-push-19
review-ietf-dnssd-push-19-secdir-telechat-xia-2019-05-17-00

Request Review of draft-ietf-dnssd-push
Requested revision No specific revision (document currently at 25)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2019-06-02
Requested 2019-05-11
Requested by Éric Vyncke
Authors Tom Pusateri , Stuart Cheshire
I-D last updated 2019-05-17
Completed reviews Secdir Telechat review of -19 by Liang Xia (diff)
Tsvart Early review of -19 by Brian Trammell (diff)
Secdir Last Call review of -20 by Liang Xia (diff)
Genart Last Call review of -20 by Robert Sparks (diff)
Genart Telechat review of -23 by Robert Sparks (diff)
Assignment Reviewer Liang Xia
State Completed
Request Telechat review on draft-ietf-dnssd-push by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/zHBrhCzkL3JJff-8wPjRFj3kz1w
Reviewed revision 19 (document currently at 25)
Result Has issues
Completed 2019-05-17
review-ietf-dnssd-push-19-secdir-telechat-xia-2019-05-17-00
Nit:
1. Section 6.1, s/This connection is made to TCP port 853, the default port for
DNS-over-TLS DNS over TLS [RFC7858]./This connection is made to TCP port 853,
the default port for DNS-over-TLS [RFC7858]. 2. Table 2, RECONFIRM should be
C-U TLV type.

Comments:
1. why are UNSUBSCRIBE and RECONFIRM the client unidirectional message?
2. In UNSUBSCRIBE message, why do you choose to use SUBSCRIBE MESSAGE ID, not
NAME+TYPE+CLASS? 3. In the section of Security Considerations:
    1) you should also mention that TLS provides the anti-replay protection
    service for DNS Push; 2) maybe you need to consider the client
    authentication to achieve policy control and detect illegal client; 3) TLS
    WG are specifying the SNI encryption mechanism, will it influence your TLS
    name authentication?