Skip to main content

Last Call Review of draft-ietf-tls-ecdhe-psk-aead-03

Request Review of draft-ietf-tls-ecdhe-psk-aead
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2017-05-18
Requested 2017-05-04
Authors John Preuß Mattsson , Daniel Migault
I-D last updated 2017-05-15
Completed reviews Genart Last Call review of -03 by Dan Romascanu (diff)
Secdir Last Call review of -03 by Benjamin Kaduk (diff)
Genart Telechat review of -04 by Dan Romascanu (diff)
Assignment Reviewer Dan Romascanu
State Completed
Request Last Call review on draft-ietf-tls-ecdhe-psk-aead by General Area Review Team (Gen-ART) Assigned
Reviewed revision 03 (document currently at 05)
Result Ready w/issues
Completed 2017-05-15
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-tls-ecdhe-psk-aead-??
Reviewer: Dan Romascanu
Review Date: 2017-05-15
IETF LC End Date: 2017-05-18
IESG Telechat date: 2017-05-25


This is a straight-forward and clear document that defines several new cipher
suites for the Transport Layer Security (TLS) protocol version 1.2 and higher,
based on the Ephemeral Elliptic Curve Diffie-Hellman with Pre-Shared Key
(ECDHE_PSK) key exchange together with the Authenticated Encryption with
Associated Data (AEAD) algorithms AES-GCM and AES-CCM. The document is well
written and I appreciate the effort to clarify in the Introduction the context,
what was missing, and why the document is necessary. The document is Ready,
there is one issue about support for TLS version 1.3 and higher that may need
some text clarification.

Major issues:

Minor issues:

Section 4 ('Applicable TLS Versions') describes in details how the cipher
suites defined in the document make use of the authenticated encryption with
additional data (AEAD) defined in TLS 1.2 [RFC5246] and DTLS 1.2 [RFC6347].
About TLS 1.3 it just says:

' TLS 1.3 and above version, negotiate and support these cipher suites in a
different way.'

This may raise some concerns as 'in a different way' is ambiguous, especially
compared to the details included for TLS 1.2. Moreover, TLS 1.3 is still
work-in-progress, and I believe that this document when approved needs to wait
for TLS 1.3 to be approved for publication. Will anything change, or need to be
added? Some better clarification text would help IMO.

Nits/editorial comments: