Last Call Review of draft-ietf-tls-external-psk-guidance-03
review-ietf-tls-external-psk-guidance-03-opsdir-lc-bradner-2021-11-15-00
| Request | Review of | draft-ietf-tls-external-psk-guidance |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Ops Directorate (opsdir) | |
| Deadline | 2021-11-19 | |
| Requested | 2021-10-29 | |
| Authors | Russ Housley , Jonathan Hoyland , Mohit Sethi , Christopher A. Wood | |
| Draft last updated | 2021-11-15 | |
| Completed reviews |
Opsdir Last Call review of -03
by
Scott O. Bradner
(diff)
Artart Last Call review of -03 by Martin Thomson (diff) Secdir Last Call review of -03 by Rich Salz (diff) Secdir Telechat review of -04 by Rich Salz (diff) |
|
| Assignment | Reviewer | Scott O. Bradner |
| State | Completed | |
| Review |
review-ietf-tls-external-psk-guidance-03-opsdir-lc-bradner-2021-11-15
|
|
| Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/P_CkkA4PLC93DFZUE_haEMDNTTY | |
| Reviewed revision | 03 (document currently at 06) | |
| Result | Has Nits | |
| Completed | 2021-11-15 |
review-ietf-tls-external-psk-guidance-03-opsdir-lc-bradner-2021-11-15-00
This is an OPS-DIR review of Guidance for External PSK Usage in TLS <draft-ietf-tls-external-psk-guidance>. As its title indicates, this ID provides guidance for the use of pre-shared keys with TLS. Guidance documents are inherently useful to operations community and this is no exception. I found the document well written, slightly repetitive as Rich noted, but not so much so as for it to be an issue for me. A few notes though. in section 4.2 the term PAKE is used without any definition – there is a reference to a document but it seems to be that at least expanding the term in this document would be useful. the document uses the term SHOULD in a number of places. (e.g. multiple places in section 7 and one in section 8) – for what its worth – I am not a fan of the use of this term unless the text also says when not doing what the SHOULD says to do is OK – i.e. since SHOULD is a MUST with an escape clause – I think it is useful to actually say what the escape clause is – i.e. explain why this is not a MUST. (also it does seem a bit funky to say (as section 7 does) “MUST adhere” to requirements which are SHOULDs )