Skip to main content

Early Review of draft-ietf-ippm-encrypted-pdmv2-01
review-ietf-ippm-encrypted-pdmv2-01-secdir-early-montville-2022-06-28-00

Request Review of draft-ietf-ippm-encrypted-pdmv2
Requested revision No specific revision (document currently at 06)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2022-06-24
Requested 2022-05-24
Requested by Tommy Pauly
Authors Nalini Elkins , michael ackermann , Ameya Deshpande , Tommaso Pecorella , Adnan Rashid
I-D last updated 2022-06-28
Completed reviews Secdir Early review of -04 by Chris M. Lonvick (diff)
Secdir Last Call review of -05 by Chris M. Lonvick (diff)
Secdir Early review of -01 by Adam W. Montville (diff)
Comments
Authors have requested an early review to validate the security mechanisms being added.
Assignment Reviewer Adam W. Montville
State Completed
Request Early review on draft-ietf-ippm-encrypted-pdmv2 by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/a2f5TP8f6cK60d1S7IKJrrd5j40
Reviewed revision 01 (document currently at 06)
Result Not ready
Completed 2022-06-28
review-ietf-ippm-encrypted-pdmv2-01-secdir-early-montville-2022-06-28-00
I apologize for missing the deadline for this early review.

I'm saying the draft is not yet ready primarily because it's early, and there
is a "TBD" in "5.3 Security Goals for Authentication". That said, I'm not sure
there's much to add here beyond the communicating parties being mutually
authenticated.

The security considerations section addresses authentication by stating, "the
Authentication and Authorization of Clients and Servers is thus delegated to
the respective Organizations." I would add that the selected encryption scheme
(HPKE incorporating KEM, KDF, and AEAD) should cover this requirement.

I'll also mention that authentication is mentioned in 5.3 but seemingly ignored
in the list of things PDMv3 DOH needs to consider (see the middle of page 12).

Otherwise, the security considerations section covers the relevant threat
scenarios reasonably well, and the document seems to provide a methodology to
provide delegated trust, as claimed.