Last Call Review of draft-ietf-tls-exported-authenticator-09

Request Review of draft-ietf-tls-exported-authenticator
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2019-07-16
Requested 2019-07-02
Authors Nick Sullivan
Draft last updated 2019-07-07
Completed reviews Genart Last Call review of -09 by Christer Holmberg (diff)
Secdir Last Call review of -09 by Yaron Sheffer (diff)
Assignment Reviewer Christer Holmberg
State Completed
Review review-ietf-tls-exported-authenticator-09-genart-lc-holmberg-2019-07-07
Posted at
Reviewed rev. 09 (document currently at 13)
Review result Ready with Issues
Review completed: 2019-07-07


I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-tls-exported-authenticator-09
Reviewer: Christer Holmberg
Review Date: 2019-07-07
IETF LC End Date: 2019-07-16
IESG Telechat date: Not scheduled for a telechat

Summary: The document is well written. However, I have found some issues that the author may want to consider clarifying in the document.

Major issues: N/A

Minor issues:

The last sentence of Section 1 says that the mechanism requires TLS version 1.2 or later. Would it be useful to state that in a dedicated Applicability section?

Can the mechanism be used also for DTLS?

The documents talk about additional certificates. If I only have one additional certificate, can I use that for multiple authenticators throughout the TLS session? 

Section 3 and 4 say that the authenticator request and authenticator SHOULD be sent using TLS, and Section 1 says that the proof of authentication can be sent out-of-band. I think it would be useful to clarify whether both the authenticator request and authenticator can be sent out-of-band ( i.e., not using the TLS connection that the additional authentication is associated with), and also to state whether it IS allowed to send the authenticator request and authenticator on the TLS connection they are associated with.

Section 5 talks about an endpoint sending an empty authenticator. But, what if the sender of the authenticator request does not receive anything?  Does it simply move on? Does it terminate the TLS session? Is the action based on local policy?

Related to MIN_5, I can't find text about how endpoints inform each other about the support of the mechanism, so maybe a few words about that would be useful. And some words about backward compatibility with endpoints that don't support the mechanism.

What happens if the validation of an authenticator fails? Does the requester simply move on? Does it terminate the TLS session? Is the action based on local policy?

Nits/editorial comments:

The document uses "session", "TLS connection" and "TLS communication" terminology. Is that intentional, or wouuld it be possible to use consistent terminology?

Section 3 says: "The authenticator request is a structured message that can be created..."
Section 4 says: "The authenticator is a structured message that can be exported..."

In the 2nd paragraph of Section 4 it is stated that "authenticator" is sent based on an "authenticator request". I wonder if that could be stated already in the beginning of Section 4, to further clarify the difference between them. E.g.,

"The authenticator is a structured message, triggered by an authenticator request, that can be exported from either party of a TLS connection."