Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Last Call Review of draft-ietf-mls-architecture-14
review-ietf-mls-architecture-14-secdir-lc-nir-2024-07-22-00

Versions:

Request	Review of	draft-ietf-mls-architecture
	Requested revision	No specific revision (document currently at 15)
	Type	IETF Last Call Review
	Team	Security Area Directorate (secdir)
	Deadline	2024-04-08
	Requested	2024-03-25
	Authors	Benjamin Beurdouche , Eric Rescorla , Emad Omara , Srinivas Inguva , Alan Duric
	I-D last updated	2025-04-22 (Latest revision 2024-08-03)
	Completed reviews	Artart IETF Last Call review of -13 by Valery Smyslov (diff) Secdir IETF Last Call review of -14 by Yoav Nir (diff) Secdir Early review of -09 by Yoav Nir (diff) Genart Early review of -09 by Meral Shirazipour (diff) Opsdir Early review of -09 by Tim Wicinski (diff) Artart Early review of -09 by Valery Smyslov (diff) Artart IETF Last Call review of -10 by Valery Smyslov (diff) Secdir IETF Last Call review of -10 by Yoav Nir (diff) Intdir Telechat review of -10 by Tatuya Jinmei (diff) Dnsdir Telechat review of -10 by David C Lawrence (diff) Secdir IETF Last Call review of -15 by Yoav Nir Artart IETF Last Call review of -15 by Valery Smyslov
Assignment	Reviewer	Yoav Nir
	State	Completed
	Request	IETF Last Call review on draft-ietf-mls-architecture by Security Area Directorate Assigned
	Posted at	https://mailarchive.ietf.org/arch/msg/secdir/aT87ZnhTdLjC6zot3JzxjDIj2J4
	Reviewed revision	14 (document currently at 15)
	Result	Has nits
	Completed	2024-07-22

review-ietf-mls-architecture-14-secdir-lc-nir-2024-07-22-00

I have previously done an early secdir review on this draft:
https://datatracker.ietf.org/doc/review-ietf-mls-architecture-09-secdir-early-nir-2022-10-08/

For the most part, I stand by what I wrote then.  The document is very well
written and provides a thorough analysis of security and privacy. It is now
section 8 rather than 7.

As for the nits:
* "MLSCiphertext" has been renamed to "PrivateMessage".  It is still used
without having previously been defined within the document. Still only a nit
because it is defined in RFC 9420. * Section 7.2.3 (now 8.2.3) still defines
"deniability" only to assert that MLS "does not make any claims with regard to
deniability", which is still strange. * The superlative language ("extremely",
"very") has been toned down. Thanks, although I still think that "clients have
the extremely important role" is a strange way of saying SHOULD.

Last Call Review of draft-ietf-mls-architecture-14 review-ietf-mls-architecture-14-secdir-lc-nir-2024-07-22-00

Last Call Review of draft-ietf-mls-architecture-14
review-ietf-mls-architecture-14-secdir-lc-nir-2024-07-22-00