Skip to main content

Last Call Review of draft-ietf-mls-architecture-15
review-ietf-mls-architecture-15-secdir-lc-nir-2024-08-23-00

Request Review of draft-ietf-mls-architecture
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-08-27
Requested 2024-08-13
Authors Benjamin Beurdouche , Eric Rescorla , Emad Omara , Srinivas Inguva , Alan Duric
I-D last updated 2024-08-23
Completed reviews Artart Last Call review of -13 by Valery Smyslov (diff)
Secdir Last Call review of -14 by Yoav Nir (diff)
Secdir Early review of -09 by Yoav Nir (diff)
Genart Early review of -09 by Meral Shirazipour (diff)
Opsdir Early review of -09 by Tim Wicinski (diff)
Artart Early review of -09 by Valery Smyslov (diff)
Artart Last Call review of -10 by Valery Smyslov (diff)
Secdir Last Call review of -10 by Yoav Nir (diff)
Intdir Telechat review of -10 by Tatuya Jinmei (diff)
Dnsdir Telechat review of -10 by David C Lawrence (diff)
Secdir Last Call review of -15 by Yoav Nir
Artart Last Call review of -15 by Valery Smyslov
Assignment Reviewer Yoav Nir
State Completed
Request Last Call review on draft-ietf-mls-architecture by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/hfYEuB5y2L9yEfzLn0xVvofzsYk
Reviewed revision 15
Result Has nits
Completed 2024-08-23
review-ietf-mls-architecture-15-secdir-lc-nir-2024-08-23-00
This is the fourth time I've been asked to review this draft.

Anyway, what I said in my previous review still applies:
https://datatracker.ietf.org/doc/review-ietf-mls-architecture-14-secdir-lc-nir-2024-07-22/

The document is very well written and provides a thorough analysis of security
and privacy. That part is now in section 8 rather than 7.

As for the nits:
* "MLSCiphertext" has been renamed to "PrivateMessage".  It is still used
without having previously been defined within the document. Still only a nit
because it is defined in RFC 9420. EKR has replied to my previous review that
there is an inline definition in section 2.1, but I see it as just a remark on
the content rather than a definition.

* Section 7.2.3 (now 8.2.3) still defines "deniability" only to assert that MLS
"does not make any claims with regard to deniability", which is still strange.

* The superlative language ("extremely","very") has been toned down. Thanks.