Skip to main content

Last Call Review of draft-ietf-uta-tls-attacks-04

Request Review of draft-ietf-uta-tls-attacks
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2014-10-13
Requested 2014-10-08
Authors Yaron Sheffer , Ralph Holz , Peter Saint-Andre
I-D last updated 2014-10-10
Completed reviews Genart Last Call review of -04 by Meral Shirazipour (diff)
Genart Last Call review of -04 by Meral Shirazipour (diff)
Secdir Telechat review of -05 by David Harrington
Opsdir Last Call review of -04 by David Harrington (diff)
Assignment Reviewer Meral Shirazipour
State Completed
Request Last Call review on draft-ietf-uta-tls-attacks by General Area Review Team (Gen-ART) Assigned
Reviewed revision 04 (document currently at 05)
Result Ready w/nits
Completed 2014-10-10

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at


Please resolve these comments along with any other Last Call comments you may

Document: draft-ietf-uta-tls-attacks-04

Reviewer: Meral Shirazipour

Review Date: 2014-10-10

IETF LC End Date:  2014-10-13

IESG Telechat date: 2014-10-16


This draft is ready to be published as Informational RFC, but I have some
editorial comments .

Nits/editorial comments:


-Abstract, please spell out Transport Layer Security (TLS) and Datagram
Transport Layer Security (DTLS), perhaps in Title too.

-Same comment for other acronyms, please spell out at first use: UTA work
group, SSL, NSA, Cipher Block Chaining (CBC),Message Authentication Code (MAC),
Cross-Site Request Forgery (CSRF),etc.

-[Page 5], Section 2.6

The below sentence was not clear-it would be good to add something about the
recommendation related to this statement.


For example, implementations of HTTP that use CSRF tokens

   will need to randomize them even when the recommendations of

   [I-D.ietf-uta-tls-bcp] are adopted.


-[Page 5], Section 2.10, please do not forget to add reference for TRIPLE-HS.

-[Page 6], Section 2.11, suggestion:

"other than originally intended"---->"other than the one originally intended"

-[Page 7], Section 3, suggestion

"adaptation of TLS for UDP datagrams."--->"adaptation of TLS for UDP"

Best Regards,



Meral Shirazipour