[TLS] Alexey Melnikov's No Objection on draft-ietf-tls-rfc4492bis-15: (with COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 16 March 2017 12:54 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EC5A0129464; Thu, 16 Mar 2017 05:54:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-tls-rfc4492bis@ietf.org, Sean Turner <sean@sn3rd.com>, tls-chairs@ietf.org, sean@sn3rd.com, tls@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.47.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148966887696.14121.6360719147485530250.idtracker@ietfa.amsl.com>
Date: Thu, 16 Mar 2017 05:54:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MFs8aGEZsr-1P7o4_CB-VjxXRg0>
Subject: [TLS] Alexey Melnikov's No Objection on draft-ietf-tls-rfc4492bis-15: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 12:54:37 -0000

Alexey Melnikov has entered the following ballot position for
draft-ietf-tls-rfc4492bis-15: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I would like to vote Yes on this document, but there are some minor
issues with this document which prevent me from doing so:

0) There is some general awkwardness in text talking about allowed points
formats, considering that only uncompressed form is now allowed. I don't
have recommendations about improving text, other than the following:

If no future formats are expected, it feels almost better to recommend
against inclusion of the Point formats extension, as lack of it means
uncompressed format anyway.

1) In Section 2.3, last paragraph: Does this paragraph apply only to 2.3
or does it also apply to 2.1 and 2.2? If the latter, then it needs to be
moved to section 2.

2) In Section 6:

   Server implementations SHOULD support all of the following cipher
   suites, and client implementations SHOULD support at least one of
   them:

   o  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   o  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   o  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   o  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

GCM ciphers are not listed in the table earlier in the same section. They
are defined in RFC 5289. This document doesn't have any reference to RFC
5289 and GCM ciphers are not discussed anywhere else in the document.