Telechat Review of draft-ietf-dtn-tcpclv4-18
review-ietf-dtn-tcpclv4-18-secdir-telechat-wood-2020-02-13-00
Request | Review of | draft-ietf-dtn-tcpclv4 |
---|---|---|
Requested revision | No specific revision (document currently at 28) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2020-02-18 | |
Requested | 2020-02-12 | |
Authors | Brian Sipos , Michael Demmer , Joerg Ott , Simon Perreault | |
I-D last updated | 2020-02-13 | |
Completed reviews |
Secdir Last Call review of -15
by Christopher A. Wood
(diff)
Opsdir Last Call review of -15 by Mehmet Ersue (diff) Secdir Telechat review of -18 by Christopher A. Wood (diff) |
|
Assignment | Reviewer | Christopher A. Wood |
State | Completed | |
Request | Telechat review on draft-ietf-dtn-tcpclv4 by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/QdD1gb92Z2nm38QvjQjDmKaIaB8 | |
Reviewed revision | 18 (document currently at 28) | |
Result | Has nits | |
Completed | 2020-02-13 |
review-ietf-dtn-tcpclv4-18-secdir-telechat-wood-2020-02-13-00
Thanks for updating this document! All of my comments from the previous review have been addressed. It reads much better now. I only have some minor nits to note below: - Section 8.5: This section title references ciphersuite downgrade, yet the text refers to configured use of less-good ciphersuites. Perhaps the title should be, "Threat: Weak TLS Configurations"? - Section 8.6: I don't quite follow this section. Certainly, describing how one validates certificates is out of scope. However, the title suggests this is part of how one "uses" certificates? I might just scratch this section altogether, and instead reference RFC5280 where certificate-based authentication is first presented. - Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits." - Section 8.10.1: I would reference opportunistic security here, as an unauthenticated key exchange yields similar properties.