> On Nov 13, 2023, at 04:07, Tal Mizrahi wrote:
>
> Hello
>
> I have been selected to do a routing directorate “early” review of this draft.
> https://datatracker.ietf.org/doc/draft-ietf-pce-pceps-tls13/
Hi! And, thanks for your review. I have created an issue to track this review:
https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/issues/15
> The routing directorate will, on request from the working group chair,
> perform an “early” review of a draft before it is submitted for
> publication to the IESG. The early review can be performed at any time
> during the draft’s lifetime as a working group document.
>
> For more information about the Routing Directorate, please see
> https://wiki.ietf.org/en/group/rtg/RtgDir
>
> Document: draft-ietf-pce-pceps-tls13-02
> Reviewer: Tal Mizrahi
> Review Date: Nov 13, 2023
> Intended Status: Standards Track
>
> Summary:
> I have some concerns about this document that I think should be
> resolved before it is submitted to the IESG.
>
> Comments:
> The draft is clear and straightforward. There is one main comment that
> needs to be addressed.
>
> Major comment:
> The "Security Considerations" section needs to describe the security
> considerations that are specific to the current document. For example,
> the second note of Section 3, and perhaps some more text that explains
> why this is important. The existing text in this section is not
> helpful to the reader. The section cites 9 references with a brief
> description of each reference, but without the description of the
> security considerations of each reference. The last paragraph of the
> section - is it relevant to the current document? It would be best to
> stick with security considerations that are strictly relevant to the
> current document, and not to PCE in general.
Ah yes, I “fixed” the main body and ignored the Security Considerations. I tend
to agree we should edit it.
Since this I-D is essentially adding a couple of bullets to an existing RFC, we
are adopting all of those considerations and the PCEP considerations. This I-D
also addresses TLS 1.2 and TLS 1.3 protocols and recommendations for those
protocols. So, that’s the 1st para. Note the WG asked to add more PCEP related
security considerations; see:
https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/pull/10/files
I tend to think the 2nd and 3rd paragraph can be dropped entirely now.
As for repeating/expanding on the 2nd NOTE in s3: if the text of this I-D was
incorporated in a replacement for RFC 8253 and was 10 pages away from the
security considerations. I could see repeating/expanding it. As it is right
now, that bullet is immediately proceeds the Security Considerations. Further,
that text is additionally incorporated by reference from TLS 1.3 and RFC 9325
so I tend to think it’s kind of covered and doesn’t need more text. Again, I
could see repeating the bullet or moving that bullet, but because this document
is so short it seems like overkill.
I created a PR that incorporates these changes:
https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/issues/15
>> https://www.ietf.org/archive/id/draft-ietf-pce-pceps-tls13-02.html#name-security-considerations
>> ?
>>
>> As for expanding on the 2nd note, I think repeating the text is a bad idea -
>> I’d rather refer there again as follows:
>>
>> As noted in Section 3, Section 2.3 of [I-D.ietf-tls-rfc8446bis] identifies
>> that the security properties for early data are weaker than those for
>> subsequent TLS-protected data. In particular, early data is not forward
>> secret, and there is no protection against the replay of early data between
>> connections.
> Nits:
> - "if a PCEPS supports more than one version" - the sentence is not
> clear. Perhaps "if a PCEPS implementation supports more than one
> version"?
> - Section 4 - second paragraph - there is a missing period at the end
> of the paragraph.
Fixed these via:
https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/pull/13
Cheers,
spt
___
Pce mailing list
Pce@ietf.org
https://www.ietf.org/mailman/listinfo/pce
