From: netconf <netconf-bounces@xxxxxxxx> on behalf of Watson Ladd via Datatracker <noreply@xxxxxxxx> Sent: 22 July 2021 06:54 Review is partially done. Another assignment may be needed to complete it. Reviewer: Watson Ladd Review result: Ready Dear readers, Forgive my completing this review almost a month late. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is ready, because I can't find anything wrong with it. Your comfort with this fact should be minimal. Benjamin Kaduk writes me to inform you that the issues with the PSK in TLS 1.3 are being worked on. And now on to my evaluation of the document. The problem is that I can't evaluate this in any substantive way: it is a whole bunch of YANG, a technology I am completely ignorant of. The few English sentences I saw looked fine, and I didn't spot anything wrong, but I likely wouldn't have. <tp> Watson, I am the one who has been stirring this, FUD mostly. One issue is the support for TLS1.0, TLS1.1 which originally was more comprehensive than that for TLS1.3 and in some respects still is, as in the examples. These versions are now deprecated in YANG; I would have omitted them entirely, but the WG consensus was otherwise. I take it you are ok with this. Of the TLS RFC, only RRC8446 is a Normative Reference. PSK and raw public keys were a late addition to the I-D. I had forgotten that the latter were a type of certificate and so likely has no issues with TLS1.3 but with PSK I see little resemblance to earlier versions of TLS. My sense is that the TLS WG really wants to have nothing to do with PSK (unless following a full handshake) even if there are two TLS I-D spelling out the consequences of using PSK alone . Together with changes in terminology and protocol for PSK, I think it challenging to produce a model for PSK for both TLS1.2 and TLS1.3. The I-D does tackle the TLS1,3 changes from ciphersuite but says nothing about the features it specifies for 3DES, GCM, ECC and their interaction with TLS1.3 (should it?) I am aware of the issues EMU have had with TLS1.3 and see some application I-D providing a profile for the use of TLS1.3 but overall doubt the feasibility of producing an I-D which covers both TLS1.2 and TLS1.3 without going into the sort of detail that uta-tls13-iot-profile does. My comfort is minimal! Tom Petch Sincerely, Watson Ladd _______________________________________________ netconf mailing list netconf@xxxxxxxx https://www.ietf.org/mailman/listinfo/netconf -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
