[secdir] SecDir review of draft-ietf-tls-cached-info-20
"Matt Miller (mamille2)" <mamille2@cisco.com> Mon, 30 November 2015 23:28 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94F671B32FB; Mon, 30 Nov 2015 15:28:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTfPvAloPbi3; Mon, 30 Nov 2015 15:28:16 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EF801B32F9; Mon, 30 Nov 2015 15:28:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1779; q=dns/txt; s=iport; t=1448926096; x=1450135696; h=from:to:subject:date:message-id:mime-version; bh=OVgfIo2Kn/apTOFGzYweseFk7v00c8KbLfezt2TJcTw=; b=IYbJ9SUpLaHpc28yezi/1bsm5nJLTLv/qPvD3vfXKjtxi2yAhOZHcTgq Abul7Laq2AlI33zcUldUUEHe/2cDGOwQiR8GQKyov0saj45De29CR+TSg va7kndpTrh3C+kXenyzXEjWAE0pj+ehIiQsmGq1fxPoh9nGpI2jgV9WWO Y=;
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C5AgCd2lxW/49dJa1egzuBSL4qDoFmh0k4FAEBAQEBAQGBCoQ7gQsBgQAnBAEgiCC8FwEBAQEBAQEBAgEBAQEBAQETCYhkixKBFQWWVwGCXYFiiHicYAEfAUOEBIVcgQcBAQE
X-IronPort-AV: E=Sophos;i="5.20,366,1444694400"; d="asc'?scan'208";a="51399761"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Nov 2015 23:28:15 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tAUNSF0m000485 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 30 Nov 2015 23:28:15 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 30 Nov 2015 17:28:14 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.000; Mon, 30 Nov 2015 17:28:14 -0600
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-tls-cached-info.all@ietf.org" <draft-ietf-tls-cached-info.all@ietf.org>
Thread-Topic: SecDir review of draft-ietf-tls-cached-info-20
Thread-Index: AQHRK8bJqSQkCl+M1kuFG2MPQu2W7A==
Date: Mon, 30 Nov 2015 23:28:14 +0000
Message-ID: <01725C3B-D180-4DE8-8ED4-85CF30462FD7@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 2.6b2
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.129.24.61]
Content-Type: multipart/signed; boundary="Apple-Mail=_F4C45072-7EA2-4531-9F24-F972036645A6"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/FejFNEGjDhGoRVsC7NGkud6hOD4>
Subject: [secdir] SecDir review of draft-ietf-tls-cached-info-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 23:28:17 -0000
I have reviewed draft-ietf-tls-cached-info-20 as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a TLS extension that allows clients to indicate certificate information is cached, possibly (significantly) reducing the amount of data exchanged during the handshake. This document is ready for publication, but with one nit. The only nit I have is in Section 4, there is an extraneous "(" (or missing ")") in the phrase "attribute containing support for ('foo-bar'". -- - m&m Matt Miller Cisco Systems, Inc.
- [secdir] SecDir review of draft-ietf-tls-cached-i… Matt Miller (mamille2)
- Re: [secdir] SecDir review of draft-ietf-tls-cach… Hannes Tschofenig