Last Call Review of draft-ietf-uta-tls-attacks-04
review-ietf-uta-tls-attacks-04-genart-lc-shirazipour-2014-10-10-00
Request | Review of | draft-ietf-uta-tls-attacks |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2014-10-13 | |
Requested | 2014-10-08 | |
Authors | Yaron Sheffer , Ralph Holz , Peter Saint-Andre | |
I-D last updated | 2014-10-10 | |
Completed reviews |
Genart Last Call review of -04
by Meral Shirazipour
(diff)
Genart Last Call review of -04 by Meral Shirazipour (diff) Secdir Telechat review of -05 by David Harrington Opsdir Last Call review of -04 by David Harrington (diff) |
|
Assignment | Reviewer | Meral Shirazipour |
State | Completed | |
Request | Last Call review on draft-ietf-uta-tls-attacks by General Area Review Team (Gen-ART) Assigned | |
Reviewed revision | 04 (document currently at 05) | |
Result | Ready w/nits | |
Completed | 2014-10-10 |
review-ietf-uta-tls-attacks-04-genart-lc-shirazipour-2014-10-10-00
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq . Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-uta-tls-attacks-04 Reviewer: Meral Shirazipour Review Date: 2014-10-10 IETF LC End Date: 2014-10-13 IESG Telechat date: 2014-10-16 Summary: This draft is ready to be published as Informational RFC, but I have some editorial comments . Nits/editorial comments: Nits: -Abstract, please spell out Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), perhaps in Title too. -Same comment for other acronyms, please spell out at first use: UTA work group, SSL, NSA, Cipher Block Chaining (CBC),Message Authentication Code (MAC), Cross-Site Request Forgery (CSRF),etc. -[Page 5], Section 2.6 The below sentence was not clear-it would be good to add something about the recommendation related to this statement. " For example, implementations of HTTP that use CSRF tokens will need to randomize them even when the recommendations of [I-D.ietf-uta-tls-bcp] are adopted. " -[Page 5], Section 2.10, please do not forget to add reference for TRIPLE-HS. -[Page 6], Section 2.11, suggestion: "other than originally intended"---->"other than the one originally intended" -[Page 7], Section 3, suggestion "adaptation of TLS for UDP datagrams."--->"adaptation of TLS for UDP" Best Regards, Meral --- Meral Shirazipour Ericsson Research www.ericsson.com