Re: [dane] Gen-ART review of draft-ietf-dane-smtp-with-dane-16
Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 06 May 2015 15:23 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E99101AD0A6; Wed, 6 May 2015 08:23:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n2b_xvz8Xr75; Wed, 6 May 2015 08:23:37 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C380B1A00C7; Wed, 6 May 2015 08:23:07 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 92417283033; Wed, 6 May 2015 15:23:06 +0000 (UTC)
Date: Wed, 06 May 2015 15:23:06 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org, dane@ietf.org
Message-ID: <20150506152306.GW17272@mournblade.imrryr.org>
References: <9904FB1B0159DA42B0B887B7FA8119CA5CA24107@AZ-FFEXMB04.global.avaya.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <9904FB1B0159DA42B0B887B7FA8119CA5CA24107@AZ-FFEXMB04.global.avaya.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/sPbCfLH56VcaYDEUrGoGZ_d4Udc>
Cc: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
Subject: Re: [dane] Gen-ART review of draft-ietf-dane-smtp-with-dane-16
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 15:23:39 -0000
On Wed, May 06, 2015 at 02:58:42PM +0000, Romascanu, Dan (Dan) wrote:
> Ready with minor comments.
>
> I liked the operational considerations section and the security
> consideration section - very useful in putting this work in the context
> of other similar contributions.
Thanks.
> Minor issues:
>
> As the document uses heavily the term 'downgrade' (downgrade attack,
> downgrade-resistant) it would be nice to either explain or provide a
> reference for what it means in the context of this work.
In RFC 4949, at the bottom of page 112 we find:
downgrade attack
(I) A type of man-in-the-middle attack in which the attacker can
cause two parties, at the time they negotiate a security
association, to agree on a lower level of protection than the
highest level that could have been supported by both of them.
We could add "downgrade attack" to the terminology, and briefly
define "downgrade resistance" under the same heading. Alternatively,
since the primary downgrade at issue is stripping of STARTTLS, some
additional text could be added in 1.3.1 to introduce the terms.
Any advice on how to proceed?
> Nits/editorial comments:
>
> The last paragraph in section 2.2.1, page 15 has a comment marked twice
> by --. This may be an editorial left-over to be corrected.
That's what the RFC editor's xml2rfc does with "—". When I
run xml2rfc, it produces "richer" HTML output, in which the mdashes
remain as such. Should I avoid "—"?
--
Viktor.
- Re: [dane] Gen-ART review of draft-ietf-dane-smtp… Viktor Dukhovni
- Re: [dane] Gen-ART review of draft-ietf-dane-smtp… Romascanu, Dan (Dan)