[Last-Call] Secdir telechat review of draft-ietf-uta-rfc7525bis-09

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Benjamin Kaduk
Review result: Ready

I looked over the updates from -07 to -09, and they all look good.
I recognize that not all of my previous comments resulted in any text
changes, and appreciate that they were given consideration and the
conscious choice made to not act.  I'd also like to thank the editors
for their efforts to proactively tag me in the github discussion that my
earlier review triggered, and I apologize for not keeping up with that
traffic as it came in.

I do have one comment on the new text:

Section 3.9

Thanks for adding the section on mulit-server deployment, that's a great
addition!  In the (first) "multiple services" case, we might also want
to mention that the protection of credentials (certificate private keys)
is a shared attack surface across services, so when we say "provide
equivalent levels of security" we might clarify that we consider both
the TLS configuration and the protections against server compromise as
being relevant.  (Even if the two services do not share
credentials/keys, which would itself be best practice, since they are on
the same domain name the credentials for one are likely to be usable for
impersonating the other.  Only if technologies like X.509 EKUs and/or
certificate extensions are used to restrict both certificates'
applicability does this risk disappear, and I'm reluctant to propose
adding extensive discussion of these topics to the draft at this stage
in the process.)


I'll also repeat one comment from my earlier review to make it more visible
to the ADs.  I acknowledge that the authors already responded to it and
that the same reply continues to apply; I do not expect that repeating my
statement will be any more convincing than it was the first time.

Section 3.1.1

   *  Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
      negotiate TLS version 1.2 over earlier versions of TLS.
      [...]
   *  Implementations SHOULD support TLS 1.3 [RFC8446] and, if
      implemented, MUST prefer to negotiate TLS 1.3 over earlier
      versions of TLS.

It's very disappointing to me to see that we label a TLS 1.3-only
implementation as non-compliant with the BCP for TLS usage; such an
implementation is more secure than a joint 1.2+1.3 implementation.
That said, I assume that the WG discussed this topic extensively and
it seems somewhat unlikely that I have any new contributions to that
discussion.


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux