Skip to main content

Last Call Review of draft-hallambaker-tlsfeature-09

Request Review of draft-hallambaker-tlsfeature
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-05-12
Requested 2015-04-09
Authors Phillip Hallam-Baker
I-D last updated 2015-05-15
Completed reviews Genart Last Call review of -09 by Joel M. Halpern (diff)
Secdir Last Call review of -09 by Tina Tsou (Ting ZOU) (diff)
Assignment Reviewer Tina Tsou (Ting ZOU)
State Completed
Request Last Call review on draft-hallambaker-tlsfeature by Security Area Directorate Assigned
Reviewed revision 09 (document currently at 10)
Result Has nits
Completed 2015-05-15
Dear all,

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call

In the intro, you refer to a number of attacks against TLS. Please provide

Section 1 and 2:
>    In order to avoid the confusion that would occur in attempting to
>    describe an X.509 extension describing the use of TLS extensions, in
>    this document the term 'extension' is reserved to refer to X.509v3
>    extensions and the term 'feature' is used to refer to a TLS
>    extension.
> 2. Purpose
>    The purpose of the TLS feature extension is to prevent downgrade
>    attacks that are not otherwise prevented by the TLS protocol.

You should probably clarify in the terminology section what you mean by "TLS
feature extension".

Section 3.3.1:

>    A CA SHOULD NOT issue certs with a TLS feature extension unless there
>    is an affirma

Please expand the acronym.

Thank you,