[TLS] Comments on draft-santesson-tls-ume-04/draft-santesson-tls-supp-00

Eric Rescorla <ekr@networkresonance.com> Thu, 13 April 2006 05:12 UTC

Received: from [] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FTu7k-0001mA-06; Thu, 13 Apr 2006 01:12:08 -0400
Received: from [] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FTu7i-0001lv-5n; Thu, 13 Apr 2006 01:12:06 -0400
Received: from laser.networkresonance.com ([]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FTu7g-0006Du-Ru; Thu, 13 Apr 2006 01:12:06 -0400
Received: from networkresonance.com (raman.networkresonance.com []) by laser.networkresonance.com (Postfix) with ESMTP id D6B4322245C; Wed, 12 Apr 2006 22:17:57 -0700 (PDT)
To: iesg@ietf.org, tls@ietf.org
X-Mailer: MH-E 7.4.3; nmh 1.0.4; XEmacs 21.4 (patch 18)
Date: Wed, 12 Apr 2006 22:12:04 -0700
From: Eric Rescorla <ekr@networkresonance.com>
Message-Id: <20060413051757.D6B4322245C@laser.networkresonance.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Subject: [TLS] Comments on draft-santesson-tls-ume-04/draft-santesson-tls-supp-00
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

These drafts seem basically sound. Minor comments below.

You should state that only one SupplementalData field may 
be used per handshake.

Somewhere you should note that this data SHOULD NOT be 
processed by TLS but just passed up to the application.

Why is this draft going to Proposed? ISTM that it's pretty 
hard to interpret without a bunch of MS-proprietary 
information. There's no need for it to go to Proposed, since
both extensions and Supp-data allow code points to be 
issued via informational.

S 3: 
Should the UMDL type be 2^24-1 rather than 2^16-1.

S 4:
You can do the UPN hint extension exchange and then NOT
send supp_data? That seems wrong.

S 5:
I don't really understand this bit about "if the server 
belongs to a domain to which the client intends to
authenticate". What does that mean in practice? How
would you know?


TLS mailing list