Telechat Review of draft-ietf-tls-exported-authenticator-14
review-ietf-tls-exported-authenticator-14-secdir-telechat-sheffer-2021-04-02-00

Request Review of draft-ietf-tls-exported-authenticator
Requested rev. no specific revision (document currently at 14)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2021-04-06
Requested 2021-03-30
Authors Nick Sullivan
Draft last updated 2021-04-02
Completed reviews Genart Last Call review of -09 by Christer Holmberg (diff)
Secdir Last Call review of -09 by Yaron Sheffer (diff)
Secdir Last Call review of -13 by Yaron Sheffer (diff)
Genart Last Call review of -13 by Christer Holmberg (diff)
Secdir Telechat review of -14 by Yaron Sheffer
Assignment Reviewer Yaron Sheffer 
State Completed
Review review-ietf-tls-exported-authenticator-14-secdir-telechat-sheffer-2021-04-02
Posted at https://mailarchive.ietf.org/arch/msg/secdir/8SW62r6jdFCj6HbmWrYnufmnbUM
Reviewed rev. 14
Review result Has Issues
Review completed: 2021-04-02

Review
review-ietf-tls-exported-authenticator-14-secdir-telechat-sheffer-2021-04-02

After a bit of back and forth over my *two* previous SecDir requests, I'm afraid that my original comment has not yet been fully addressed. The IANA considerations section (Sec. 8.1) adds server_name as a possible extension for CertificateRequest. This would be a non-backward compatible change to TLS.

IMO what we needed to do is both to clarify the allowed extensions for what Nick called "the CR-like structure" (almost done in Sec. 4, though the last sentence should by changed to include CertificateRequest) and undo the change to the TLS ExtensionType registry (not done, would require to remove Sec. 8.1).

* Nit: this sentence is repeated almost verbatim in Sec. 4 and Sec. 5, and in both cases is mangled.

Old:

The application layer protocol used to send the authenticator request SHOULD use a secure with equivalent security to TLS, such as QUIC [QUIC-TLS], as its as its underlying transport to keep the request confidential.

New:

The application layer protocol used to send the authenticator request SHOULD use a secure *channel* with equivalent security to TLS, such as QUIC [QUIC-TLS], as its ~~as its~~ underlying transport to keep the request confidential.