Re: [TLS] WGLC for draft-ietf-tls-flags

Sun, 18 Jul 2021 16:27:21 -0700 

On 7/16/2021 7:55 PM, Christopher Wood wrote:

This is the second working group last call for the "A Flags Extension for TLS 
1.3" draft, available here:

     https://datatracker.ietf.org/doc/draft-ietf-tls-tlsflags/

Please review this document and send your comments to the list by July 30, 
2021. The GitHub repository for this draft is available here:

     https://github.com/tlswg/tls-flags

Thanks,
Chris, on behalf of the chairs

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Hi - I have not followed the discussion of this document on the mailing list so this review is only against the document itself. It's possible that these concerns have already been discussed.
Section 2 requires  (MUST) the generation of fatal illegal_parameter alert upon reception of a mal-encoded extension (e.g. any trailing zero bytes), but compare and contrast this with section 3 which is full of MUST and MUST NOT declarations but with no concrete actions to be taken.  E.g. if I (server or client) send 0x01 0x10, and receive 0x01 0x11 from the client or server, wouldn't that be an illegal value as I've added a bit not sent to me?   Should that cause the same fatal illegal_parameter alert? Alternately, "receiver MUST ignore received bits that weren't sent" language could clean this up.
Section 4 is a bit painful to read in that it took me three read-throughs to understand that what the document is asking for is a monolithic registry which requires "expert review" for all registrations, but where the experts are responsible for the sub range determinations.   Usually, that's not the way the IANA works.  If a registry has distinct set of ranges, each range normally has a specific registration procedure that the IANA follows before placing a parameter in that registry.
I'd strongly suggest reviewing RFC 8126 and chatting with the IANA to see if its possible to reform the registration process along more normal IANA lines.   E.g.: 

0-7 - Standards Action and Expert Request
8-31 - Standards Action
32 - 63 Specification Required or IETF Review (pick one)
64-79 Private Use
80-127 RFU or Expert Review
128-2039 First Come First Served
Absent these two points, the rest of the content looks good.  I'd recommend a draft pass to fix these two items. 


Later, Mike




_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to