Last Call Review of draft-hallambaker-tlsfeature-09

Request Review of draft-hallambaker-tlsfeature
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-05-12
Requested 2015-04-09
Authors Phillip Hallam-Baker
Draft last updated 2015-05-15
Completed reviews Genart Last Call review of -09 by Joel Halpern (diff)
Secdir Last Call review of -09 by Tina Tsou (diff)
Assignment Reviewer Tina Tsou
State Completed
Review review-hallambaker-tlsfeature-09-secdir-lc-tsou-2015-05-15
Reviewed rev. 09 (document currently at 10)
Review result Has Nits
Review completed: 2015-05-15


Dear all,  

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

In the intro, you refer to a number of attacks against TLS. Please provide references.

Section 1 and 2:
>    In order to avoid the confusion that would occur in attempting to 
>    describe an X.509 extension describing the use of TLS extensions, in 
>    this document the term 'extension' is reserved to refer to X.509v3 
>    extensions and the term 'feature' is used to refer to a TLS 
>    extension.
> 2. Purpose
>    The purpose of the TLS feature extension is to prevent downgrade 
>    attacks that are not otherwise prevented by the TLS protocol.

You should probably clarify in the terminology section what you mean by "TLS feature extension".

Section 3.3.1:

>    A CA SHOULD NOT issue certs with a TLS feature extension unless there
>    is an affirma

Please expand the acronym.

Thank you,