[secdir] SecDir review of draft-ietf-tls-cached-info-20

"Matt Miller (mamille2)" <mamille2@cisco.com> Mon, 30 November 2015 23:28 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94F671B32FB; Mon, 30 Nov 2015 15:28:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTfPvAloPbi3; Mon, 30 Nov 2015 15:28:16 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EF801B32F9; Mon, 30 Nov 2015 15:28:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1779; q=dns/txt; s=iport; t=1448926096; x=1450135696; h=from:to:subject:date:message-id:mime-version; bh=OVgfIo2Kn/apTOFGzYweseFk7v00c8KbLfezt2TJcTw=; b=IYbJ9SUpLaHpc28yezi/1bsm5nJLTLv/qPvD3vfXKjtxi2yAhOZHcTgq Abul7Laq2AlI33zcUldUUEHe/2cDGOwQiR8GQKyov0saj45De29CR+TSg va7kndpTrh3C+kXenyzXEjWAE0pj+ehIiQsmGq1fxPoh9nGpI2jgV9WWO Y=;
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C5AgCd2lxW/49dJa1egzuBSL4qDoFmh0k4FAEBAQEBAQGBCoQ7gQsBgQAnBAEgiCC8FwEBAQEBAQEBAgEBAQEBAQETCYhkixKBFQWWVwGCXYFiiHicYAEfAUOEBIVcgQcBAQE
X-IronPort-AV: E=Sophos;i="5.20,366,1444694400"; d="asc'?scan'208";a="51399761"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Nov 2015 23:28:15 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id tAUNSF0m000485 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 30 Nov 2015 23:28:15 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 30 Nov 2015 17:28:14 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.000; Mon, 30 Nov 2015 17:28:14 -0600
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-tls-cached-info.all@ietf.org" <draft-ietf-tls-cached-info.all@ietf.org>
Thread-Topic: SecDir review of draft-ietf-tls-cached-info-20
Thread-Index: AQHRK8bJqSQkCl+M1kuFG2MPQu2W7A==
Date: Mon, 30 Nov 2015 23:28:14 +0000
Message-ID: <01725C3B-D180-4DE8-8ED4-85CF30462FD7@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 2.6b2
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.129.24.61]
Content-Type: multipart/signed; boundary="Apple-Mail=_F4C45072-7EA2-4531-9F24-F972036645A6"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/FejFNEGjDhGoRVsC7NGkud6hOD4>
Subject: [secdir] SecDir review of draft-ietf-tls-cached-info-20
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 23:28:17 -0000

I have reviewed draft-ietf-tls-cached-info-20 as part of the security
directorate's  ongoing effort to review all IETF documents being
processed by the IESG.  These comments were written primarily for the
benefit of the  security area directors.  Document editors and WG
chairs should treat these comments just like any other last call
comments.

This document defines a TLS extension that allows clients to indicate
certificate information is cached, possibly (significantly) reducing
the amount of data exchanged during the handshake.

This document is ready for publication, but with one nit.

The only nit I have is in Section 4, there is an extraneous "(" (or
missing ")") in the phrase "attribute containing support for
('foo-bar'".


--
- m&m

Matt Miller
Cisco Systems, Inc.