Last Call Review of draft-ietf-tls-downgrade-scsv-03
review-ietf-tls-downgrade-scsv-03-genart-lc-housley-2015-01-19-00

Request Review of draft-ietf-tls-downgrade-scsv
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-01-23
Requested 2015-01-15
Draft last updated 2015-01-19
Completed reviews Genart Last Call review of -03 by Russ Housley (diff)
Secdir Last Call review of -03 by Yoav Nir (diff)
Opsdir Last Call review of -03 by Al Morton (diff)
Assignment Reviewer Russ Housley
State Completed
Review review-ietf-tls-downgrade-scsv-03-genart-lc-housley-2015-01-19
Reviewed rev. 03 (document currently at 05)
Review result Almost Ready
Review completed: 2015-01-19

Review
review-ietf-tls-downgrade-scsv-03-genart-lc-housley-2015-01-19

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

This review is in response to a request for early Gen-ART review.

Document: draft-ietf-tls-downgrade-scsv-03
Reviewer: Russ Housley
Review Date: 2015-01-19
IETF LC End Date: 2015-01-23
IESG Telechat date: unknown

Summary: Almost Ready.

Major Concerns:

None.

Minor Concerns:

The upper-right corner of the title page and the abstract disagree.  One
says that this document updates 3 RFCs, and the other says that it
updates 4 RFCs.  I think that both are wrong based on this text from the
introduction:

   This specification applies to implementations of TLS 1.0 [RFC2246],
   TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], and to implementations of
   DTLS 1.0 [RFC4347] and DTLS 1.2 [RFC6347].

Please correct the title page header and the abstract.


Other Comments:

In the introduction, I suggest the following editorial change to improve
clarity:

OLD:

   ... they can be particularly critical if they mean losing the
   TLS extension feature (when downgrading to SSL 3.0).

NEW:

   ... they can be particularly harmful when the result is loss of the
   TLS extension feature by downgrading to SSL 3.0.


Further down in the introduction, there is a missing word:

OLD:

   ... is not suitable substitute ...

NEW:

   ... is not a suitable substitute ...