[TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)
Éric Vyncke via Datatracker <noreply@ietf.org> Tue, 31 May 2022 09:52 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 985C1C14F738; Tue, 31 May 2022 02:52:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Éric Vyncke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-subcerts@ietf.org, tls-chairs@ietf.org, tls@ietf.org, Joseph Salowey <joe@salowey.net>, joe@salowey.net, Sean Turner <sean@sn3rd.com>
X-Test-IDTracker: no
X-IETF-IDTracker: 8.3.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Éric Vyncke <evyncke@cisco.com>
Message-ID: <165399077061.5793.17870357533836784689@ietfa.amsl.com>
Date: Tue, 31 May 2022 02:52:50 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2PdJtjvajrBZ4_pgeg7ww1w_n_0>
Subject: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2022 09:52:50 -0000
Éric Vyncke has entered the following ballot position for draft-ietf-tls-subcerts-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, review of # Éric Vyncke, INT AD, review of draft-ietf-tls-subcerts-14 Thank you for the work put into this document. It solves a common and important issue while keeping backward compatibility. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Joe Salowey for the shepherd's write-up including the WG consensus and the intended status. I hope that this helps to improve the document, Regards, -éric ## COMMENTS ### Section 1 ``` Furthermore, this mechanism allows the server to use modern signature algorithms such as Ed25519 [RFC8032] even if their CA does not support them. ``` Does it also mean that the signature algorithm could be weaker ? I found the use of `(D)TLS termination services`, `(D)TLS server`, `(D)TLS peer` a little confusing on whether they represent the same entity. ### Section 3.2 The small graphic in the text is really useful but: * should include a figure legend * the bottom part would be welcome in the introduction ## Section 4.2 Thanks to Sean Turner for providing the explanation about the use of Cloudflare OID into an IETF standard. ## Section 5.1 Unsure whether having such a short subsection is useful (albeit being harmless) especially when there is only one subsection. ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments
- [TLS] Éric Vyncke's No Objection on draft-ietf-tl… Éric Vyncke via Datatracker
- Re: [TLS] Éric Vyncke's No Objection on draft-iet… Nick Sullivan
- Re: [TLS] Éric Vyncke's No Objection on draft-iet… Eric Vyncke (evyncke)