[Last-Call] Secdir last call review of draft-ietf-tls-external-psk-guidance-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Rich Salz
Review result: Has Nits

I'm the SECDIR reviewer for this document. This is a TLS WG draft, so everyone
reading this should know what that means. If not, ask. :)

As the opening sentence says, "This document provides usage guidance for
external Pre-Shared Keys (PSKs) in Transport Layer Security (TLS) 1.3 as
defined in RFC 8446."

PSKs are useful and important for those who do not wish to deploy a PKI or for
whom symmetric trust is useful. I like section 4.1 which goes into detail about
the problems with sharing keys among more than two parties. Section 6 is a good
summary of use-cases with references. These sections should prove as valuable
as section 7, which is presumably the heart of the document.

Section 7.1 is not common for an IETF RFC, and shows evidence that the authors
have some scars from experiments or deployments.  It is nice to see.

Section 8 says "The unique identifier can, for example, be one of its MAC
addresses..."    I thought we are moving away from that and I would prefer to
see an explicit justification of why this is okay. I think this is a nit-level
issue, and the only one I found.

I also do suggest, however, that the draft be sent to the UTA working group and
ask for comments from them as they're more application-focused like this
document it.



-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux