Last Call Review of draft-ietf-dprive-dtls-and-tls-profiles-09

Request Review of draft-ietf-dprive-dtls-and-tls-profiles
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-03-02
Requested 2017-02-16
Authors Sara Dickinson, Daniel Gillmor, Tirumaleswar Reddy.K
Draft last updated 2017-05-11
Completed reviews Tsvart Last Call review of -08 by Colin Perkins (diff)
Opsdir Last Call review of -09 by √Čric Vyncke (diff)
Secdir Last Call review of -09 by Ben Laurie (diff)
Genart Telechat review of -09 by Francis Dupont (diff)
Assignment Reviewer Ben Laurie
State Completed
Review review-ietf-dprive-dtls-and-tls-profiles-09-secdir-lc-laurie-2017-05-11
Reviewed rev. 09 (document currently at 11)
Review result Not Ready
Review completed: 2017-05-11


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Status: not ready.

I am a little puzzled by this I-D. The title is "Authentication and
(D)TLS Profile for DNS-over-(D)TLS" and the intro says it specifies
profiles which "which define the security properties a user should
expect when using that profile to connect to the available DNS
servers", however, as far as I can see, no properties other than
server authentication are defined.

The document also appears to claim that a connection that is
authenticated and encrypted is "private" - that seems to stretch the
meaning of "private" quite considerably.

Other considerations surely exist, such as resistance against traffic
analysis, key sizes, algorithm choice.

As a result, claims like "Strict Privacy provides the strongest
privacy guarantees" are just plain wrong.

Given these large holes in scope, I have not attempted a more detailed analysis.