Last Call Review of draft-ietf-tls-oldversions-deprecate-09
review-ietf-tls-oldversions-deprecate-09-opsdir-lc-nainar-2020-11-30-00

Request Review of draft-ietf-tls-oldversions-deprecate
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2020-11-30
Requested 2020-11-09
Authors Kathleen Moriarty, Stephen Farrell
Draft last updated 2020-11-30
Completed reviews Secdir Last Call review of -09 by Adam Montville (diff)
Genart Last Call review of -09 by Mohit Sethi (diff)
Opsdir Last Call review of -09 by Nagendra Nainar (diff)
Assignment Reviewer Nagendra Nainar 
State Completed
Review review-ietf-tls-oldversions-deprecate-09-opsdir-lc-nainar-2020-11-30
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/7I9qi6BnknMH4SJxJZckUb09ATY
Reviewed rev. 09 (document currently at 11)
Review result Ready
Review completed: 2020-11-30

Review
review-ietf-tls-oldversions-deprecate-09-opsdir-lc-nainar-2020-11-30

Hi,

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts per guidelines in RFC5706.

Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Version: draft-ietf-tls-oldversions-deprecate-09


Overall Summary:

This draft is deprecating TLS v1.0 and TLSv1.1 to reduce the opportunity for misconfiguration or security attack.

The draft clarifies that these (to be obsoleted) versions of TLS must not be negotiated and further clarifies that the connection must be terminated upon receiving such version in the initial negotiation.

Overall this is a well-written document with clear clarification on any backward compatibility requirement.

I just noticed a couple of nits some of which were already mentioned in other reviews as well. I am including the same here for completeness:

1. s/waas defined/was defined
2. Some text appears to use DTLS while other use (D)TLS. I think it is better to use one common way of defining it.

Thanks,
Nagendra