[secdir] Secdir last call review of draft-ietf-lamps-rfc6844bis-06
Stefan Santesson via Datatracker <noreply@ietf.org> Thu, 30 May 2019 00:37 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0108112010F; Wed, 29 May 2019 17:37:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stefan Santesson via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: spasm@ietf.org, ietf@ietf.org, draft-ietf-lamps-rfc6844bis.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.97.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Stefan Santesson <stefan@aaa-sec.com>
Message-ID: <155917666691.9144.10382733252232760132@ietfa.amsl.com>
Date: Wed, 29 May 2019 17:37:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/yaK6za7pztDjnztZfeAkOYiGBp8>
Subject: [secdir] Secdir last call review of draft-ietf-lamps-rfc6844bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 00:37:47 -0000
Reviewer: Stefan Santesson Review result: Ready This document is well written and in general I do not have any comment on the content beyond the previous reviews. One thing do come to my mind though. A common aspect of standards documents is that they only are relevant to those who declare compliance to the standard. This document is different as it relies on that all parties (CA:s) are aware of this standard and performs the stipulated checks. In the end I assume that this may affect relying parties and how they determine wether a particular certificate is valid, even if that is not the intention of this standard. I sort of miss a discussion on this in the security considerations section. But that is nothing that should prevent this document from being accepted.
- [secdir] Secdir last call review of draft-ietf-la… Stefan Santesson via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Jacob Hoffman-Andrews
- Re: [secdir] Secdir last call review of draft-iet… Tim Hollebeek
- Re: [secdir] Secdir last call review of draft-iet… Stefan Santesson