Hi Chris,
Thanks you very much for your valuable comments, I agree with them. We’ll incorporate them asap, with only one minor change - RFC 9250 is "DNS over Dedicated QUIC Connections”, so I guess you meant 8250 :)
Cheers,
T.
On 15 Jan 2024, at 16:11, Chris Lonvick via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Chris Lonvick
Review result: Ready
Hi,
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.
The summary of the review is Ready.
The document explains the use of a lightweight handshake and encryption
protocol for the PDM destination option. I found it to be readable and to
explain how to use the protocol.
I found a few nits that the authors may wish to review.
Second paragraph in Section 1
Current: a timing attack MAY be launched against
Proposed: a timing attack may be launched against
(This isn't a directive in the protocol so doesn't fall under BCP 14.)
Second paragraph of Section 5.4
Current:
Our choice is to use the HPKE framework that incorporates key
encapsulation mechanism (KEM), key derivation function (KDF) and
authenticated encryption with associated data (AEAD). These multiple
schemes are more robust and significantly efficient than the
traditional schemes and thus lead to our choice of this framework.
We recommend default encryption algorithm for HPKE AEAD as AES-
128-GCM, however this is an implementation choice and can be
negotiated between the communicating parties.
Proposed:
It is RECOMMENDED to use the HPKE framework that incorporates key
encapsulation mechanism (KEM), key derivation function (KDF) and
authenticated encryption with associated data (AEAD). These multiple
schemes are more robust and significantly more efficient than other
schemes. While the schemes may be negotiated between communicating
parties, it is RECOMMENDED to use default encryption algorithm for
HPKE AEAD as AES-128-GCM.
Somewhere in Section 6.3
Current:
This field is also used in the Encrypted PDMv2 as the encryption
nonce.
Proposed:
This field is also used in the Encrypted PDMv2 as the encryption
nonce. The nonce MUST NOT be reused in different sessions.
New paragraph in the Security Considerations section
Proposed:
Security considerations about HPKE are addressed in RFC 9180. Security
considerations about PDM are addressed in RFC 9250. Security considerations
about destination objects are addressed in RFC 8200.
--------------------------------------------------------------
``... anyone can do any amount of work, provided it isn't the work he is supposed to be doing at that moment.'' -- Robert Benchley, in Chips off the Old Benchley, 1949
--------------------------------------------------------------
Tommaso Pecorella - Ph.D.
Associate professor Dpt. Ingegneria dell'Informazione Università di Firenze
CNIT - Università di Firenze Unit
via di S. Marta 3 50139, Firenze ITALY
email: tommaso.pecorella@xxxxxxxx tommaso.pecorella@xxxxxxx
phone : +39-055-2758540 mobile: +39-320-4379803 fax : +39-055-2758570
|
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
