Last Call Review of draft-hallambaker-tlsfeature-09
review-hallambaker-tlsfeature-09-secdir-lc-tsou-2015-05-15-00
Request | Review of | draft-hallambaker-tlsfeature |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-05-12 | |
Requested | 2015-04-09 | |
Authors | Phillip Hallam-Baker | |
I-D last updated | 2015-05-15 | |
Completed reviews |
Genart Last Call review of -09
by Joel M. Halpern
(diff)
Secdir Last Call review of -09 by Tina Tsou (Ting ZOU) (diff) |
|
Assignment | Reviewer | Tina Tsou (Ting ZOU) |
State | Completed | |
Request | Last Call review on draft-hallambaker-tlsfeature by Security Area Directorate Assigned | |
Reviewed revision | 09 (document currently at 10) | |
Result | Has nits | |
Completed | 2015-05-15 |
review-hallambaker-tlsfeature-09-secdir-lc-tsou-2015-05-15-00
Dear all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. In the intro, you refer to a number of attacks against TLS. Please provide references. Section 1 and 2: > In order to avoid the confusion that would occur in attempting to > describe an X.509 extension describing the use of TLS extensions, in > this document the term 'extension' is reserved to refer to X.509v3 > extensions and the term 'feature' is used to refer to a TLS > extension. > > 2. Purpose > > The purpose of the TLS feature extension is to prevent downgrade > attacks that are not otherwise prevented by the TLS protocol. You should probably clarify in the terminology section what you mean by "TLS feature extension". Section 3.3.1: > A CA SHOULD NOT issue certs with a TLS feature extension unless there > is an affirma Please expand the acronym. Thank you, Tina