Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-email-tls-certs-07: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 17 December 2015 12:03 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE901B2B71; Thu, 17 Dec 2015 04:03:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lCGMfymtPL_m; Thu, 17 Dec 2015 04:03:45 -0800 (PST)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 848791B2B9C; Thu, 17 Dec 2015 04:03:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1450353801; d=isode.com; s=selector; i=@isode.com; bh=9MLb0S5x8AYpy9uH0wdXHSceu/eKhrqyXnUeclFjGRI=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=ep3qqMpzNsT0lEpXuQ/I3oI8BBVe+YhCeT/iKgpbQZgVzOjQ6gjMC7kbINehv3HZieoS58 DRkt7r6y3mFdFxT/d6/7M52/UOQLJ2mjV348LlZdryXy21RClczAzfjUEPTyPSNB1kJdgF u98jCC6uoCGic8A00mh4ledJUBVD/rM=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <VnKkiQBBxwGL@statler.isode.com>; Thu, 17 Dec 2015 12:03:21 +0000
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
References: <20151216202545.32662.29398.idtracker@ietfa.amsl.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <5672A472.9000200@isode.com>
Date: Thu, 17 Dec 2015 12:02:58 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To: <20151216202545.32662.29398.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------030702010008030102010509"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/XvlJNbkZhWBSSeAzcmQ85TFXXvw>
Cc: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-email-tls-certs@ietf.org, Leif Johansson <leifj@sunet.se>
Subject: Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-email-tls-certs-07: (with COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 12:03:49 -0000
Hi Ben, On 16/12/2015 20:25, Ben Campbell wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > - section 3, first paragraph: > MiTM prevention is just one of many reasons to match the reference > identifier, right? Are you thinking of access controls being another reason or something else? > -5.1: > It might be worth mentioning that the methods in this draft require the > provider to manage private keys for the tenant domains. Yes. > - Informative References: > Please consider whether 2595, As this document is replacing bits of 2595, Informative is Ok. Other bits of it were obsoleted by other documents already, IMHO. > 5234, This is only mentioned when describing URI-IDs, which are "MUST NOT be used". So I think this doesn't need to be normative either. > and 6066 I think UTA DEEP document is going to talk more about use of SNI with TLS. > should be normative references. > > Editorial and Nits: > -2, Reference Identifier: > I agree with Barry's comments. Additionally,/*do you need the 2119 MUST in the definition*/? I don't think so. Can you give an example of how MUST can be used? > It seems like that belongs in the related > requirements/procedures section. > -4.1: This section needs more proofreading\. Here's some things I found, > but I may have missed stuff. > -- "manual confirm exception" -> "manually confirm exceptions" > -- "because TLS server certificate verification" - Missing "the" before > TLS > -- "failure to match TLS server certificate against the expected domains" > - missing "the" before TLS. Should "domains" be singular? There can be more than one expected domain, so I've changed that to "domain(s)". I fixed all of the above. > -- "for example.org domain" - missing "the" before "example.org" > -- "this solution depends reliance of DNSSEC " - I don't understand the > phrase Cut & paste error. Should be "depends on DNSSEC". > -- "The ability of issuing certificates that contain SRV-ID implies..." - > I don't understand the phrase. I changed that to "The ability to issue certificates ..." So the ability to do X implies the ability to verify that entities requesting them are authorized to run email service for these SRV-IDs. Where X is "issue certificates that contain SRV-ID". > - 5: Lots of sentence fragments in the numbered list items. That's not > necessarily wrong, but mixing them up like this makes it harder to read. Ok, I will have a look. > (At least for me.)
- Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-em… Alexey Melnikov
- Re: [Uta] Ben Campbell's Yes on draft-ietf-uta-em… Alexey Melnikov