Telechat Review of draft-ietf-dtn-tcpclv4-18
review-ietf-dtn-tcpclv4-18-secdir-telechat-wood-2020-02-13-00

Request Review of draft-ietf-dtn-tcpclv4
Requested rev. no specific revision (document currently at 23)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2020-02-18
Requested 2020-02-12
Authors Brian Sipos, Michael Demmer, Joerg Ott, Simon Perreault
Draft last updated 2020-02-13
Completed reviews Secdir Last Call review of -15 by Christopher Wood (diff)
Opsdir Last Call review of -15 by Mehmet Ersue (diff)
Secdir Telechat review of -18 by Christopher Wood (diff)
Assignment Reviewer Christopher Wood 
State Completed
Review review-ietf-dtn-tcpclv4-18-secdir-telechat-wood-2020-02-13
Posted at https://mailarchive.ietf.org/arch/msg/secdir/QdD1gb92Z2nm38QvjQjDmKaIaB8
Reviewed rev. 18 (document currently at 23)
Review result Has Nits
Review completed: 2020-02-13

Review
review-ietf-dtn-tcpclv4-18-secdir-telechat-wood-2020-02-13

Thanks for updating this document! All of my comments from the previous review have been addressed. It reads much better now. I only have some minor nits to note below:

- Section 8.5: This section title references ciphersuite downgrade, yet the text refers to configured use of less-good ciphersuites. Perhaps the title should be, "Threat: Weak TLS Configurations"?
- Section 8.6: I don't quite follow this section. Certainly, describing how one validates certificates is out of scope. However, the title suggests this is part of how one "uses" certificates? I might just scratch this section altogether, and instead reference RFC5280 where certificate-based authentication is first presented. 
- Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits."
- Section 8.10.1: I would reference opportunistic security here, as an unauthenticated key exchange yields similar properties.