Last Call Review of draft-ietf-dprive-dtls-and-tls-profiles-09
review-ietf-dprive-dtls-and-tls-profiles-09-secdir-lc-laurie-2017-05-11-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Status: not ready.

I am a little puzzled by this I-D. The title is "Authentication and
(D)TLS Profile for DNS-over-(D)TLS" and the intro says it specifies
profiles which "which define the security properties a user should
expect when using that profile to connect to the available DNS
servers", however, as far as I can see, no properties other than
server authentication are defined.

The document also appears to claim that a connection that is
authenticated and encrypted is "private" - that seems to stretch the
meaning of "private" quite considerably.

Other considerations surely exist, such as resistance against traffic
analysis, key sizes, algorithm choice.

As a result, claims like "Strict Privacy provides the strongest
privacy guarantees" are just plain wrong.

Given these large holes in scope, I have not attempted a more detailed analysis.