[TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Éric Vyncke via Datatracker <noreply@ietf.org> Tue, 31 May 2022 09:52 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Éric Vyncke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-subcerts@ietf.org, tls-chairs@ietf.org, tls@ietf.org, Joseph Salowey <joe@salowey.net>, joe@salowey.net, Sean Turner <sean@sn3rd.com>
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Éric Vyncke <evyncke@cisco.com>
Message-ID: <165399077061.5793.17870357533836784689@ietfa.amsl.com>
Date: Tue, 31 May 2022 02:52:50 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2PdJtjvajrBZ4_pgeg7ww1w_n_0>
Subject: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Éric Vyncke has entered the following ballot position for
draft-ietf-tls-subcerts-14: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# Éric Vyncke, INT AD, review of # Éric Vyncke, INT AD, review of
draft-ietf-tls-subcerts-14

Thank you for the work put into this document. It solves a common and important
issue while keeping backward compatibility.

Please find below some non-blocking COMMENT points (but replies would be
appreciated even if only for my own education).

Special thanks to Joe Salowey for the shepherd's write-up including the WG
consensus and the intended status.

I hope that this helps to improve the document,

Regards,

-éric

## COMMENTS

### Section 1

```
   Furthermore, this mechanism allows the server to use modern signature
   algorithms such as Ed25519 [RFC8032] even if their CA does not
   support them.
```
Does it also mean that the signature algorithm could be weaker ?

I found the use of `(D)TLS termination services`, `(D)TLS server`, `(D)TLS
peer` a little confusing on whether they represent the same entity.

### Section 3.2

The small graphic in the text is really useful but:

* should include a figure legend
* the bottom part would be welcome in the introduction

## Section 4.2

Thanks to Sean Turner for providing the explanation about the use of Cloudflare
OID into an IETF standard.

## Section 5.1

Unsure whether having such a short subsection is useful (albeit being harmless)
especially when there is only one subsection.

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues.

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments

[TLS] Éric Vyncke's No Objection on draft-ietf-tl… Éric Vyncke via Datatracker
Re: [TLS] Éric Vyncke's No Objection on draft-iet… Nick Sullivan
Re: [TLS] Éric Vyncke's No Objection on draft-iet… Eric Vyncke (evyncke)