RE: GenART LC review of draft-ietf-nea-pt-tls-05

Paul Sangster <> Wed, 13 June 2012 16:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 56E3521F8539; Wed, 13 Jun 2012 09:53:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id V+rP1tMCVig4; Wed, 13 Jun 2012 09:53:53 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id CA19421F858A; Wed, 13 Jun 2012 09:53:50 -0700 (PDT)
X-AuditID: a66201d2-b7f6b6d000005fd4-11-4fd8c599508c
Received: from ( []) by (Symantec Messaging Gateway) with SMTP id 76.B9.24532.995C8DF4; Wed, 13 Jun 2012 16:53:45 +0000 (GMT)
Received: from [] (helo=TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM) by with esmtp (Exim 4.76) (envelope-from <>) id 1SeqpF-0000L1-7p; Wed, 13 Jun 2012 16:53:45 +0000
Received: from TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM ([]) by TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM ([]) with mapi; Wed, 13 Jun 2012 09:53:44 -0700
From: Paul Sangster <>
To: Roni Even <>, "" <>
Date: Wed, 13 Jun 2012 09:55:55 -0700
Subject: RE: GenART LC review of draft-ietf-nea-pt-tls-05
Thread-Topic: GenART LC review of draft-ietf-nea-pt-tls-05
Thread-Index: Ac1Cl9xExNAkih6WSYeHA9SkXDOg7gG388dg
Message-ID: <6E79D623502C70419A9EAB18E4D274252B8B06102F@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_6E79D623502C70419A9EAB18E4D274252B8B06102FTUS1XCHEVSPIN_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKIsWRmVeSWpSXmKPExsXCZeB6Snfm0Rv+BofWaFjMvTiB3eLqq88s Fs82zmex+Py2wuJvO7MDq8fOWXfZPZYs+cnk8eXyZ7YA5igum5TUnMyy1CJ9uwSujOtPlQom vGCsWPL+InsD4/vTjF2MHBwSAiYSjbequxg5gUwxiQv31rN1MXJxCAm8ZJSYvH4FM0hCSOA1 o8SanekQiVWMEp+2zmUESbAJGEjsPHKKHSQhItDIKPF1yRywDmaBJInjMzawgNgsAqoSV483 sYPYwgKWElO+TwKLiwhYSSz9MJEJwjaSaL73EizOKxAl0f1rJyvEZmuJ/ZeWgi3jFLCR2Hfl OFicEejU76fWMEHsEpe49WQ+E8QLAhJL9pxnhrBFJV4+/gdVLypxp3092MfMAvkSU85aQqwS lDg58wnLBEaxWUgmzUKomoWkCqJER2LB7k9sELa2xLKFr5lh7DMHHjMhiy9gZF/FKJOanGOY W5KYX1pSkFphYKRXXJmbCIzaZL3k/NxNjMDIXZbEeGkH4/3DuocYBTgYlXh42ffd8BdiTSwD qjzEKMHBrCTCu3olUIg3JbGyKrUoP76oNCe1+BCjNAeLkjjvhV1b/YUE0hNLUrNTUwtSi2Cy TBycUg2M2aFnX/Mf7DSawXywW6Zo0ZxzPLenH77Ad0BTKyv6wv4NaWs6zktHSFusELd6Pkd2 XSlbpnqYynnXP/1eVf32k39oZxeuflK9d3vastca5gl3n81o+yyyT2+FRHbNz+r1psmyK9KW rMnTUWc69eWVVIeOswBX4xTe7s+rOphNbugp5BlKLL6pxFKckWioxVxUnAgAH0ARXtgCAAA=
X-Mailman-Approved-At: Thu, 14 Jun 2012 09:11:48 -0700
Cc: "" <>, "" <>, 'IETF' <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Jun 2012 16:53:57 -0000

Thanks for the detailed review, comments are in-lined...

From: Roni Even []
Sent: Monday, June 04, 2012 2:20 PM
Cc: 'IETF';
Subject: GenART LC review of draft-ietf-nea-pt-tls-05

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <>.

Please resolve these comments along with any other Last Call comments you may receive.

Document: draft-ietf-nea-pt-tls-05

Reviewer: Roni Even

Review Date:2012-6-4

IETF LC End Date: 2012-6-13

IESG Telechat date:

Summary: This draft is almost ready for publication as a standard track RFC.

Major issues:

Minor issues:

1.       In section 3.2 "Therefore, this specification requests the IANA reserve a TCP port number for use with the PT-TLS protocol upon publication of this specification as an Internet standard RFC." I think it will  be better to have here the assigned port number and instruct the RFC editor to put the correct value.

[PS:] Ok, we can reword this in hopes of getting a particular value (race condition with other upcoming RFCs).

2.       In section last paragraph you summarize the text from section 3.8 while in the paragraph above you provide the reference. Why do you need the last paragraph if 3.8 is referenced.

[PS:] The goal of this section is to introduce and summarize the different phases of PT-TLS.  We felt a brief discussion of the general message flow was helpful to the reader to understand what occurs during this phase (similar to what we did in the other sub-sections).  Your correct that this information is covered later in more detail.

3.       In various places you refer to SMI 0 as IETF SMI number while according to the table it is IANA SMI number.

[PS:] I presume this is about the PEN 0 being for the IETF.  Correct, it's the IETF's name space that administered by the IANA.  What text would you like to see to make this more clear?  Can we do it in one place, for example stating that the IETF name space is administered by the IANA?

4.       I assume that all implementations MUST support message type vendor ID 0. Is this mentioned?

[PS:] The purpose of this section was just to summarize and enumerate the message types for vendor id 0.   I don't think it's a general rule that any message type defined in the IETF (IANA :)) name space must (or should be) supported by all implementations.  It will vary depending on the purpose of the message so that normative language is included in the descriptions of the message.

5.       In section 3.5 and 6.1 you propose a policy of "Expert Review with Specification Required ". I think that according to RFC5226 expert review is implied if you select a specification required policy.

[PS:] I agree, it says "Specification Required also implies use of a Designated Expert".  The policy is just "Specification Required" so we could remove the "Expert Review with" and make it clear it's the Specification Required IANA policy.

6.       In section 3.6 on 9+ "Recipients of messages   of type 9 or higher that do not support the PT-TLS Message Type Vendor ID and PT-TLS Message Type of a received PT-TLS message MUST respond with a Type Not Supported PT-TLS error code in a PT-TLS Error message." I think this is true only for Message Type Vendor ID 0.

[PS:] Thanks will reword this section to make it more clear.

7.       In 3.7.1 for Max vers and prefs ver you say that they MUST be set to 1. I think it will be more correct here to say SHOULD since you explain afterwards that they may have other values.

[PS:] I think this is a MUST.  The next sentence just points out that this normative text might change in a future revision (which is not currently planned).

8.       In section 3.7.2 "the recipient SHOULD send". Why not make it a MUST here.

[PS:] I ok with making this change, let's see what others think ...

9.       In section 3.7.2 "The version selected MUST be within the Min Vers to Max Vers inclusive range sent in the Version Request   Message" I was expecting to see pref ver here.

[PS:] Perf is just an informational (hint) preference.

10.   In section 3.8.3 " The SASL client authentication starts when the NEA Server  enters the PT-TLS Negotiation phase and its policy indicates  that an authentication of the NEA Client is necessary but was not performed during the TLS handshake protocol " my read of  section 3.8 second paragraph is that it can be done even if was done in the TLS handshake so the last part of the sentence is not correct, if there is a policy you do it anyhow. This comment is also for the third paragraph.

[PS:] Thanks, this was supposed to be an example.  Will fix these.

11.   In section 3.9 I noticed that you propose to send the entire original message. Isn't it enough to send only the message identifier. This is based on the last sentence of this section.

[PS:] Not "the entire original message" as its at most the first 1024 bytes of the offending message.  This allows the recipient to either caches recently sent messages and/or message identifiers when determining what caused the error.  We thought this flexibility was useful and had very little cost.

12.   Most of the text in section 6.1 repeats RFC5226 but in your words. Are you trying to change some of RFC5226 text if not why write it in different words?

[PS:] We were hoping to emphasize the aspects of 5226 that are most important to this specification.  We weren't trying to change how the IANA policy was interpreted.  Did you think we did so?  Is there a portion of this text that is most troubling or was this just a question?

Nits/editorial comments: