> On Nov 13, 2023, at 04:07, Tal Mizrahi <tal.mizrahi....@gmail.com> wrote: > > Hello > > I have been selected to do a routing directorate “early” review of this draft. > https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/
Hi! And, thanks for your review. I have created an issue to track this review: https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/issues/15 > The routing directorate will, on request from the working group chair, > perform an “early” review of a draft before it is submitted for > publication to the IESG. The early review can be performed at any time > during the draft’s lifetime as a working group document. > > For more information about the Routing Directorate, please see > https://wiki.ietf.org/en/group/rtg/RtgDir > > Document: draft-ietf-pce-pceps-tls13-02 > Reviewer: Tal Mizrahi > Review Date: Nov 13, 2023 > Intended Status: Standards Track > > Summary: > I have some concerns about this document that I think should be > resolved before it is submitted to the IESG. > > Comments: > The draft is clear and straightforward. There is one main comment that > needs to be addressed. > > Major comment: > The "Security Considerations" section needs to describe the security > considerations that are specific to the current document. For example, > the second note of Section 3, and perhaps some more text that explains > why this is important. The existing text in this section is not > helpful to the reader. The section cites 9 references with a brief > description of each reference, but without the description of the > security considerations of each reference. The last paragraph of the > section - is it relevant to the current document? It would be best to > stick with security considerations that are strictly relevant to the > current document, and not to PCE in general. Ah yes, I “fixed” the main body and ignored the Security Considerations. I tend to agree we should edit it. Since this I-D is essentially adding a couple of bullets to an existing RFC, we are adopting all of those considerations and the PCEP considerations. This I-D also addresses TLS 1.2 and TLS 1.3 protocols and recommendations for those protocols. So, that’s the 1st para. Note the WG asked to add more PCEP related security considerations; see: https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/pull/10/files I tend to think the 2nd and 3rd paragraph can be dropped entirely now. As for repeating/expanding on the 2nd NOTE in s3: if the text of this I-D was incorporated in a replacement for RFC 8253 and was 10 pages away from the security considerations. I could see repeating/expanding it. As it is right now, that bullet is immediately proceeds the Security Considerations. Further, that text is additionally incorporated by reference from TLS 1.3 and RFC 9325 so I tend to think it’s kind of covered and doesn’t need more text. Again, I could see repeating the bullet or moving that bullet, but because this document is so short it seems like overkill. I created a PR that incorporates these changes: https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/issues/15 >> https://www.ietf.org/archive/id/draft-ietf-pce-pceps-tls13-02.html#name-security-considerations >> ? >> >> As for expanding on the 2nd note, I think repeating the text is a bad idea - >> I’d rather refer there again as follows: >> >> As noted in Section 3, Section 2.3 of [I-D.ietf-tls-rfc8446bis] identifies >> that the security properties for early data are weaker than those for >> subsequent TLS-protected data. In particular, early data is not forward >> secret, and there is no protection against the replay of early data between >> connections. > Nits: > - "if a PCEPS supports more than one version" - the sentence is not > clear. Perhaps "if a PCEPS implementation supports more than one > version"? > - Section 4 - second paragraph - there is a missing period at the end > of the paragraph. Fixed these via: https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/pull/13 Cheers, spt _______________________________________________ Pce mailing list Pce@ietf.org https://www.ietf.org/mailman/listinfo/pce
