Re: [art] Artart telechat review of draft-ietf-tram-stunbis-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Marc,

So I kept the text there, followed by the following paragraph,
in addition of moving the original last paragraph in the Security
Consideration section:

" These recommendations are just a part of the the recommendations in
   [RFC7525] that implementations and deployments of a STUN usage using
   TLS or DTLS SHOULD follow."


I would instead suggest that we do something like Section 2 of RFC 7590
for XMPP:

    The best current practices documented in the "Recommendations for
    Secure Use of TLS and DTLS" [RFC7525] are included here by reference.
    Instead of repeating those recommendations here, this document mostly
    provides supplementary information regarding secure implementation
    and deployment of XMPP technologies.

Here's the rationale: RFC 7525 is likely to be updated/replaced more
quickly than STUNbis. If STUNbis recommends a particular cipher suite
that 7525bis stops recommending, in the absence of STUNter will STUN
implementations keep following STUNbis or will they upgrade to whatever
7525bis recommends? I suggest it will be the former, which is not what
we want.


All right, makes sense.  I'll add something like this on my next
round of reviews, most likely this Friday.
If you're going to add some wording about including TLS best current practices, maybe you could re-use what we came up with during final RFC edition of RFC 8143 <https://tools.ietf.org/html/rfc8143>: 

3.  Recommendations

   The best current practices documented in [BCP195] apply here.
   Therefore, NNTP implementations and deployments compliant with this
   document are REQUIRED to comply with [BCP195] as well.

   Instead of repeating those recommendations here, this document mostly
   provides supplementary information regarding secure implementation
   and deployment of NNTP technologies.
Notably, the RFC Editor prefers referencing RFC 7525 as BCP 195 even though there currently is only one RFC in this BCP series. As other RFCs may be added in BCP 195, and we want to follow all best practices that apply, the reference should be the BCP series. 

--
Julien ÉLIE

« – C'est joli cette avenue le long de la mer… Ça s'appelle
    comment ?
  – La promenade des Bretons. » (Astérix)
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux