[Gen-art] Gen-art last call review of draft-ietf-tls-multiple-cert-status-extension-04
Elwyn Davies <elwynd@dial.pipex.com> Fri, 22 March 2013 00:42 UTC
Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BCE21F8C3E for <gen-art@ietfa.amsl.com>; Thu, 21 Mar 2013 17:42:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hnV8L-kNPvEU for <gen-art@ietfa.amsl.com>; Thu, 21 Mar 2013 17:42:01 -0700 (PDT)
Received: from mk-outboundfilter-2.mail.uk.tiscali.com (mk-outboundfilter-2.mail.uk.tiscali.com [212.74.114.38]) by ietfa.amsl.com (Postfix) with ESMTP id A4D1521F8B4C for <gen-art@ietf.org>; Thu, 21 Mar 2013 17:42:00 -0700 (PDT)
X-Trace: 672190467/mk-outboundfilter-2.mail.uk.tiscali.com/PIPEX/$OFF_NET_AUTH_ACCEPTED/None/81.187.254.249/None/elwynd@dial.pipex.com
X-SBRS: None
X-RemoteIP: 81.187.254.249
X-IP-MAIL-FROM: elwynd@dial.pipex.com
X-SMTP-AUTH: elwynd@dial.pipex.com
X-Originating-Country: GB/UNITED KINGDOM
X-MUA: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArMEAOCnS1FRu/75/2dsb2JhbAA5Co4ArwQBiFWBcoQXAS8NFhgDAgECAUsNAQcBAYgUCMIhjVeBKRGDRwOTHoNGgR+ES4sYgwo
X-IronPort-AV: E=Sophos; i="4.84,889,1355097600"; d="scan'208,217"; a="672190467"
X-IP-Direction: OUT
Received: from weee-pc2.folly.org.uk (HELO [81.187.254.249]) ([81.187.254.249]) by smtp.pipex.tiscali.co.uk with ESMTP; 22 Mar 2013 00:41:49 +0000
Message-ID: <514BA8CC.5000700@dial.pipex.com>
Date: Fri, 22 Mar 2013 00:41:48 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1
MIME-Version: 1.0
To: General Area Review Team <gen-art@ietf.org>
Content-Type: multipart/alternative; boundary="------------010806090208010708010301"
Cc: draft-ietf-tls-multiple-cert-status-extension.all@tools.ietf.org
Subject: [Gen-art] Gen-art last call review of draft-ietf-tls-multiple-cert-status-extension-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2013 00:42:02 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-tls-multiple-cert-status-extension-04.txt Reviewer: Elwyn Davies Review Date: 22 March 2013 IETF LC End Date: 29 March 2013 IESG Telechat date: (if known) - Summary: Almost ready for IESG - one possible minor issue relating to the alleged criterion for ordering CertificateStatusRequestItems plus a number of nits that are mainly missing cross references and notes for clarity about updates of RFC 6066 items. Major issues: None Minor issues: s2.2: > The list of CertificateStatusRequestItem entries MUST be in order of > preference. Having thought a bit about this, I cannot identify what the preference criterion is - this may be because I don't understand the problem, but I think you need to explain what the criterion is if there really is one. If there *is* a criterion, it must be clear whether the order is most preferred first or least preferred first. Since I don't know what the criterion is, I can't tell if there are any security implications from the ordering: no chance of downgrade attacks? Nits/editorial comments: s2: The presentation format used should be referenced back to s4 of RFC 5246. s2.1: A reference to s1.1 of RFC 6066 where extension_type is defined is needed, and it should be made more clear that this an expansion of the existing type. s2.2: A reference to s7.4.1.4 of RFC 5246 where extension_data is defined is needed. s2.2, page 4: Might be good to be more explicit that the definition of CertificateStatusRequest is an extension of the definition in RFC 6066. Also the definition of OSCPStatusRequest duplicates the one in RFC 6066 and should be noted as such. It would also be more appropriate if it came before CertificateStatusRequest as it is used in CertificateStatusRequest. s2.2, para 4 on page 5: > In the case of the "id-pkix-ocsp-nonce" OCSP extension, [RFC2560 <http://tools.ietf.org/html/rfc2560>] is > unclear about its encoding; for clarification,..... This probably needs to be flagged up in the IANA considerations so that an additional reference is added to the registry. ALSO I subsequently noted that this same caveat is already in RFC 6066. Consider referring to the caveat there rather than duplicating it. s2.2, para 5 on page 5: s/A server that receive a client hello/A server that receives a client hello/ s2.2, page 5/6: Might be good to be more explicit that the definition of CertificateStatus is an extension of the definition in RFC 6066. Also the definition of OSCPResponse duplicates the one in RFC 6066 and should be noted as such. It would also be more appropriate if it came before CertificateStatus as it is used in CertificateStatus. s2.2, page 6: The definition of OCSPResponseList should come before the redefinition of CertificateStatus as it is used in CertificateStatus. s2.2, para 2 after structure definitions on page 6: A reference to s7.4.2 of RFC 5246 for the Certificate list would be helpful.
- [Gen-art] Gen-art last call review of draft-ietf-… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Yngve N. Pettersen