Hi Chris,
Thanks you very much for your valuable comments, I agree with them. We’ll incorporate them asap, with only one minor change - RFC 9250 is "DNS over Dedicated QUIC Connections”, so I guess you meant 8250 :)
Cheers,
T.
On 15 Jan 2024, at 16:11, Chris Lonvick via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Chris Lonvick Review result: Ready
Hi,
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
The summary of the review is Ready.
The document explains the use of a lightweight handshake and encryption protocol for the PDM destination option. I found it to be readable and to explain how to use the protocol.
I found a few nits that the authors may wish to review.
Second paragraph in Section 1 Current: a timing attack MAY be launched against Proposed: a timing attack may be launched against (This isn't a directive in the protocol so doesn't fall under BCP 14.)
Second paragraph of Section 5.4 Current: Our choice is to use the HPKE framework that incorporates key encapsulation mechanism (KEM), key derivation function (KDF) and authenticated encryption with associated data (AEAD). These multiple schemes are more robust and significantly efficient than the traditional schemes and thus lead to our choice of this framework. We recommend default encryption algorithm for HPKE AEAD as AES- 128-GCM, however this is an implementation choice and can be negotiated between the communicating parties. Proposed: It is RECOMMENDED to use the HPKE framework that incorporates key encapsulation mechanism (KEM), key derivation function (KDF) and authenticated encryption with associated data (AEAD). These multiple schemes are more robust and significantly more efficient than other schemes. While the schemes may be negotiated between communicating parties, it is RECOMMENDED to use default encryption algorithm for HPKE AEAD as AES-128-GCM.
Somewhere in Section 6.3 Current: This field is also used in the Encrypted PDMv2 as the encryption nonce. Proposed: This field is also used in the Encrypted PDMv2 as the encryption nonce. The nonce MUST NOT be reused in different sessions.
New paragraph in the Security Considerations section Proposed: Security considerations about HPKE are addressed in RFC 9180. Security considerations about PDM are addressed in RFC 9250. Security considerations about destination objects are addressed in RFC 8200.
--------------------------------------------------------------
``... anyone can do any amount of work, provided it isn't the work he is supposed to be doing at that moment.'' -- Robert Benchley, in Chips off the Old Benchley, 1949
--------------------------------------------------------------
Tommaso Pecorella - Ph.D.
Associate professor Dpt. Ingegneria dell'Informazione Università di Firenze
CNIT - Università di Firenze Unit
via di S. Marta 3 50139, Firenze ITALY
email: tommaso.pecorella@xxxxxxxx tommaso.pecorella@xxxxxxx
phone : +39-055-2758540 mobile: +39-320-4379803 fax : +39-055-2758570
|
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call