I have just quickly read the TAPS document on transport security and
have a few comments that may be useful for the next revision,
Gorry
---
“TCP-AO adds authenticity”
- should this be “TCP-AO adds authentication” our an authentication service?
“AH adds per-datagram authenticity”
- should this also be “authentication”.
- - -
Section 3:
“ This section contains descriptions of security protocols that
currently used to protect data being sent over a network.”
- is this /are currently used/.
- - -
“AEAD”
- please define when first used
- - -
Section 3.2.1.
“ DTLS is modified from TLS to account for packet loss, reordering, and
duplication that may occur when operating over UDP.”
- to account for doesn’t quite explain that these things happen and this
can work with them, first time I read I wondered whether this implied
some features to retransmit etc.
Is it clearer to say something like:
“ DTLS is modified from TLS to operate with the possibility of packet loss,
reordering, and
duplication that may occur when operating over UDP.
- - -
Similarly making this change is maybe(?) clearer:
“Since datagrams may be replayed, “
to
“Since datagrams can be replayed, “
- - -
Section 3.2.3
States a dependency on PMTU discovery. I think this dependency is on
choosing a datgarm size (which is true of any UDP usage - section 3.2 of
RFC8085).
—
Section 3.3 omits a reference to IETF QUIC.
- - -
Section 3.3.3,
QUIC also in the same way relies on a PMTU. (as in DTLS).
- in the same vein, I think gQUIC has chosen a fixed datgram size.
- - -
Section 3.4.1.2
“ESP Security Associations”
- I think you need to define SA here?
- - -
[RFC3545] - appears as text, rather than a reference.
- - -
Section 3.5.2
“(RFC5763) Mandatory mutually authenticated key exchange.”
- The brackets around the reference appear unusual.
- - -
Section 3.8.1
“These keys are used”
- The word /these/ reads odd, maybe:
- “The keys are used”
- - -
_______________________________________________
Taps mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/taps
