Last Call Review of draft-ietf-tls-rfc8446bis-11
review-ietf-tls-rfc8446bis-11-secdir-lc-nir-2024-10-31-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document is very much like RFC 8446 with some tightening of the
requirements. As far as security considerations, if follows the example of RFC
8446 in leaving the security considerations section blank, and discussing
security issues "throughout this memo," especially in three appendices.  Those
appendices are very much copied from RFC 8446, with relatively minor additions.

RRC 8446 was thorough and well done, and this is no different. To quote from
Rich Salz's review of the RFC 8446 draft,

    No, seriously, this protocol has been designed with the help of world-class
    cryptographers and academics. It has been analyzed with verification tools.
     It has been tweaked as necessary to get around middlebox ossification. It
    is available in two highly popular browsers and at least one widely-used
    open source toolkit.

    This document is READY.

I can't agree more, except to say that by now it's implemented in many more
browsers and all serious TLS libraries.