IETF Logo Mail Archive

[Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08

Qin Wu via Datatracker <noreply@ietf.org> Fri, 16 December 2022 11:09 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: uta@ietf.org
Delivered-To: uta@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D4DC1877A7; Fri, 16 Dec 2022 03:09:41 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Qin Wu via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: draft-ietf-uta-rfc6125bis.all@ietf.org, uta@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.3.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <167118898179.47169.9284386753511380472@ietfa.amsl.com>
Reply-To: Qin Wu <bill.wu@huawei.com>
Date: Fri, 16 Dec 2022 03:09:41 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/PybBEjGBcYEH42v4dHABs3xBgq8>
Subject: [Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2022 11:09:41 -0000

Reviewer: Qin Wu
Review result: Has Nits

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written with the intent of improving the operational aspects of the IETF
drafts. Comments that are not addressed in last call may be included in AD
reviews during the IESG review.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document specifies procedures for representing and verifying the
application services identity in TLS interaction with PKI X.509 certificates.

I believe this document is well written and ready for publication.

Major issue:
No

Minor issues:
1.Section 1.2 Applicability
s/ cetrificate/certificate

2. Delegated domain definition
“ For example, a server at mail.example.net could be a delegated domain for
connecting to an IMAP server hosting an email address of user@example.net. ” I
can not parse this sentence, is the server a delegated domain? Which domain is
the source domain? Which domain is delegated domain ? please make this clear in
the example. 3.Section 2 Identifying Application Service What is meaning
difference between _direct_ and direct or _indirect_ and indirect? In section
2, sometimes _direct_/_indirect_ is used, sometimes direct/indirect is used.

4.Section 2 said:
“   We can categorize the three identifier types as follows:

   *  A DNS-ID is direct and unrestricted.

   *  An IP-ID is direct and unrestricted.

   *  An SRV-ID is typically indirect but can be direct, and is
      restricted.

   *  A URI-ID is direct and restricted.
”
Three identifier types or four identifier types? My impression is the latter.

5.Section 2
s/possibile/possible

6.Section 3 said:
“In this case, applications need
   to be aware that the textual representation of an IPv4 address can
   appear to be a valid DNS name, though it is not.  ”
it in the text ‘though it is not’ is referred to digit representation of an
IPv4 address? Or not?

7.Section 7.1
I am surprised there is no protection measures to mitigate risk of vouching for
rogue or buggy hosts in this document?

v2.23.0 | Report a Bug | By Email