IoT directorate Review of draft-ietf-dance-architecture-06
Reviewer: Ines Robles
Date: 17 July 2024

Summary:

The document describes an architecture that defines terminology, interaction, and authentication patterns related to the use of DANE DNS records for TLS client and messaging peer identity within the context of existing object security and TLS-based protocols.

I have some comments and questions as follows:

1- Section 2, How to Dance with Entity: "... delegates many details of how DANCE can be used..."  -> It would be nice to add examples of which details, e.g. "...details such as protocol-specific configurations, security mechanisms, and interoperability considerations..."

2- Section 2, Identity provisioning: "... in some circumstances, a manufacturer..."  -> Could examples of these circumstances be added? For instance, "examples include manufacturer-initiated key generation. 

3- Section 2, Suggestion to complete what it seems to be an open topic: "Is the security domain defined by how broadly the identity is recognized, or by the breadth of the application or network access policy?

4- Section 4.1.1 and 4.1.1.1: Suggestion to complete the TBD values with further description where to find them. 

5- Section 5.4: Suggestion to add further explanation where states: "Further work has do be done in this area". Is it related with the following comment of AW?

6- Section 5.4.1, Suggestion to Improve this section based on the comment of OEJ.

7- Question, Section 3: Does it make sense to add broadcasting as a communication pattern? 

8- Question: What about to apply DANE DNS to Federated Identity Management?

9- Based on github, 11 issues are still open: https://github.com/ietf-wg-dance/draft-dance-architecture/issues

Nits:

- Section 4.1.9.1.: tbe --> the

- The terms "Dance" and "DANCE" are used in the text. It would be preferable to use a consistent form throughout the document.


Thanks for this document,

Ines.