Skip to main content

Early Review of draft-ietf-taps-interface-13

Request Review of draft-ietf-taps-interface
Requested revision No specific revision (document currently at 19)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2021-08-18
Requested 2021-07-30
Requested by Reese Enghardt
Authors Brian Trammell , Michael Welzl , Reese Enghardt , Gorry Fairhurst , Mirja Kühlewind , Colin Perkins , Philipp S. Tiesel , Tommy Pauly
I-D last updated 2021-10-19
Completed reviews Secdir Early review of -13 by Sean Turner (diff)
Artart Early review of -13 by Robert Sparks (diff)
This document is highly related to draft-ietf-taps-arch, for which we also request review.
Both documents are held until draft-ietf-taps-impl is finished as well, and the three docs are aligned.
Assignment Reviewer Sean Turner
State Completed
Review review-ietf-taps-interface-13-secdir-early-turner-2021-10-19
Posted at
Reviewed revision 13 (document currently at 19)
Result Has Issues
Completed 2021-10-19
This is an early sector review. Based on the ARTART early reviews of this I-D
and the -arch I-D, there is no doubt going to need to be another review after
the authors get done restructuring both I-Ds.

BTW: Theresa thank you for the heads up about that restructuring. It forced me
to read the -arch and -impl I-Ds, but that probably helped me not make silly
requests of the authors/WG.

tl;dr: I picked "has issues" knowing there is a rewrite on the way and I would
like to reserve final judgement until then.

I apologize upfront because I am going to ramble a bit before I get to the

The taps I-Ds are about “a protocol-independent Transport Services Application
Programming Interface (API).” I took a pretty liberal approach when reviewing
this I-D from a security perspective because these I-Ds are somewhat different
than the “normal” protocol I-Ds. As noted in the -arch I-D: these I-Ds do not
specify “specific protocols or algorithms” … gasp. But, that’s probably okay in
this context.

I wondered what you would say about an API:
- Apps need to use the API properly! check: see -arch I-D
- Implementation/Library needs to be from trust source! check: see -interface
I-D - Apps need to use the right keys at the right time! check: see -arch I-D -
Avoid fallback/downgrade to insecure protocols! check: see -arch I-D and -impl
I-D - Deal with 0-RTT! check: see -impl I-D - Address privacy aspects! check:
see -interface I-D

I mean maybe you could add something about:

- randomness for keys - but that better already be in the security protocol
specifications so I do not think it is absolutely needed here.

- following good programming techniques - but I am not sure where you would
point nor whether it really makes sense to do so.

I think I found what I was looking for is somewhere in the stack of I-Ds. Am I
worried somebody can implement this wrong. Sure. But, not any more than I would
be for any other protocol.

Now on to the specifics:

NOTE: I tried not repeat anything from the ARTART review.

0) s6: maybe this wording would be better?

For these two sentences are you trying to say that MUST else if?

OLD: At least one Local Endpoint MUST be specified if the Preconnection is
   used to Listen() for incoming Connections, but the list of Local
   Endpoints MAY be empty if the Preconnection is used to Initiate()

NEW: At least one Remote Endpoint MUST
   be specified if the Preconnection is used to Initiate() Connections,
   but the list of Remote Endpoints MAY be empty if the Preconnection is
   used to Listen() for incoming Connections

1) s6.3.1 I know this is an example, but can we replace:

SecurityParameters.Set(supported-group, "secp256k1")


SecurityParameters.Set(supported-group, "secp256r1")

r1 the current MTI for TLS. k1 is for bitcoin :)

Or, is this where I get a bitcoin because I caught the shiny object? :)

2) s6.3.2: Is this like checking the certificate status?

3) s8.1.1- I read this definition a bunch. Are there two special values? The
Type line says “Full Coverage” is special, but then the description says “0” is
special too. Maybe look at s91.3.6 for inspiration?

4) s8.1.2: Any reason it’s not called connPriority? Seems arbitrary to drop the
end of the word when connTimeout is even longer.

5) s8.1.2-should “Type” line also include (non-negative) like s8.1.1 and
s9.1.3.2 do?

6) s8.1.3/.4: The Numeric values specifies seconds, minutes, hours, or

7) s8.1.6: don’t you need to specify the Type? I guess Enumeration is what
you’re after?

8) s8.1.11.2/.3/.4: Are these sizes in bytes too like

9) s8.2.1: RFC 5482 allows granularity of minutes or seconds don’t you need to
say which it is here?

10) s8.2.2: Is there some reason it’s not called tcp.userTimeoutEnabled?

11) s8.2.3: Is there some reason it’s not called tcp.userTimeoutChangable?

12) s9.1.3.2: Why 100?

13) s9.1.3.2: Why shorten to msrPrio when msgOrdered is almost as long and
safelyReplayable is longer?

14) A.1: Could the caution about freeing memory be generalized?

15) What follows are the I-D nits references to check. Some of these might be
on purpose:

  == Outdated reference: A later version (-11) exists of

  ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981)

  == Outdated reference: A later version (-06) exists of

  == Outdated reference: A later version (-10) exists of

  -- Obsolete informational reference (is this intentional?): RFC 5245
     (Obsoleted by RFC 8445, RFC 8839)

  -- Obsolete informational reference (is this intentional?): RFC 5766
     (Obsoleted by RFC 8656)