Last Call Review of draft-ietf-tls-downgrade-scsv-03
review-ietf-tls-downgrade-scsv-03-genart-lc-housley-2015-01-19-00
Request | Review of | draft-ietf-tls-downgrade-scsv |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2015-01-23 | |
Requested | 2015-01-15 | |
Authors | Bodo Moeller , Adam Langley | |
I-D last updated | 2015-01-19 | |
Completed reviews |
Genart Last Call review of -03
by Russ Housley
(diff)
Secdir Last Call review of -03 by Yoav Nir (diff) Opsdir Last Call review of -03 by Al Morton (diff) |
|
Assignment | Reviewer | Russ Housley |
State | Completed | |
Request | Last Call review on draft-ietf-tls-downgrade-scsv by General Area Review Team (Gen-ART) Assigned | |
Reviewed revision | 03 (document currently at 05) | |
Result | Almost ready | |
Completed | 2015-01-19 |
review-ietf-tls-downgrade-scsv-03-genart-lc-housley-2015-01-19-00
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. This review is in response to a request for early Gen-ART review. Document: draft-ietf-tls-downgrade-scsv-03 Reviewer: Russ Housley Review Date: 2015-01-19 IETF LC End Date: 2015-01-23 IESG Telechat date: unknown Summary: Almost Ready. Major Concerns: None. Minor Concerns: The upper-right corner of the title page and the abstract disagree. One says that this document updates 3 RFCs, and the other says that it updates 4 RFCs. I think that both are wrong based on this text from the introduction: This specification applies to implementations of TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], and to implementations of DTLS 1.0 [RFC4347] and DTLS 1.2 [RFC6347]. Please correct the title page header and the abstract. Other Comments: In the introduction, I suggest the following editorial change to improve clarity: OLD: ... they can be particularly critical if they mean losing the TLS extension feature (when downgrading to SSL 3.0). NEW: ... they can be particularly harmful when the result is loss of the TLS extension feature by downgrading to SSL 3.0. Further down in the introduction, there is a missing word: OLD: ... is not suitable substitute ... NEW: ... is not a suitable substitute ...