Last Call Review of draft-ietf-uta-tls-attacks-04
review-ietf-uta-tls-attacks-04-genart-lc-shirazipour-2014-10-10-00

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq

.



Please resolve these comments along with any other Last Call comments you may
receive.



Document: draft-ietf-uta-tls-attacks-04

Reviewer: Meral Shirazipour

Review Date: 2014-10-10

IETF LC End Date:  2014-10-13

IESG Telechat date: 2014-10-16





Summary:

This draft is ready to be published as Informational RFC, but I have some
editorial comments .





Nits/editorial comments:

Nits:

-Abstract, please spell out Transport Layer Security (TLS) and Datagram
Transport Layer Security (DTLS), perhaps in Title too.

-Same comment for other acronyms, please spell out at first use: UTA work
group, SSL, NSA, Cipher Block Chaining (CBC),Message Authentication Code (MAC),
Cross-Site Request Forgery (CSRF),etc.



-[Page 5], Section 2.6

The below sentence was not clear-it would be good to add something about the
recommendation related to this statement.

"

For example, implementations of HTTP that use CSRF tokens

   will need to randomize them even when the recommendations of

   [I-D.ietf-uta-tls-bcp] are adopted.



"

-[Page 5], Section 2.10, please do not forget to add reference for TRIPLE-HS.



-[Page 6], Section 2.11, suggestion:

"other than originally intended"---->"other than the one originally intended"



-[Page 7], Section 3, suggestion

"adaptation of TLS for UDP datagrams."--->"adaptation of TLS for UDP"



Best Regards,

Meral

---

Meral Shirazipour

Ericsson

Research

www.ericsson.com