Hi Jon,
Thank you very much for your comments.
Best regards,
Ines
On Tue, Feb 23, 2021 at 1:41 AM Peterson, Jon <jon.peterson@team.neustar> wrote:
Hi Ines,
Thanks for the read on this one (and sorry for the lengthy RTT). A few responses.
Minor issues:
1-Introduction Section:
"..., including various forms of robocalling, voicemail hacking, and
swatting..." --> should a reference to RFC7375 be added here?
Sure, I added that.
2- It would be nice to add in Terminology section:
- delegation: the concept of delegation and its levels are defined in RFC8226.
- definition for "legitimate spoofing". I understand that the draft explain it
with an example.
Okay, done.
3- It would be nice to add references to concepts, e.g. cA boolean --> cA
boolean [rfc5280#section-4.2.1.9]
Happy to add an RFC5280 ref there, though there's one in the next sentence as well.
"x5u" link -> "x5u" (X.509 URL) [RFC7515#section-4.1.5] link
Above, the document already clarified that it is the '"x5u" field of a PASSporT", so I think this is okay,
4- Section 4: It would be nice to add graphics explaining the process.
E.g. can be used as a model the images displayed in
https://urldefense.com/v3/__https://access.atis.org/apps/group_public/download.php/47134/IPNNI-2019-00043R000.pdf__;!!N14HnBHF!pqqZYxfzyDJsOfjv6c430dpNOf2YhrmkDNAxZirgs5A8IzZ83HtQcqUazIErtBmFUer3YYg$
or https://urldefense.com/v3/__https://niccstandards.org.uk/wp-content/uploads/2019/03/ND1522V1.1.1.pdf__;!!N14HnBHF!pqqZYxfzyDJsOfjv6c430dpNOf2YhrmkDNAxZirgs5A8IzZ83HtQcqUazIErtBmFvLx6Y_8$
Not sure about adding new pictures at this point; or at least, I think the basic idea should be clear from the text by itself.
5- Section 5:"Authentication service behavior for delegate certificates is
little
changed from [RFC8224] STIR behavior" --> It is not clear to me what are the
little changes.
Additionally, how you quantify little/big changes?, maybe something like?:
"Authentication service behavior varies from STIR behavior [RFC8224] as
follows:...."
Okay, I can do that.
6- Section 8.1: Should the picture displayed in
https://urldefense.com/v3/__https://www.ietf.org/proceedings/104/slides/slides-104-stir-certificate-delegation-00--Slide__;!!N14HnBHF!pqqZYxfzyDJsOfjv6c430dpNOf2YhrmkDNAxZirgs5A8IzZ83HtQcqUazIErtBmFHaoqDrY$
5 be added here?
Really would rather not do new pictures at this point.
7- Security Consideration section: should a reference to RFC7375 be added here?
Added.
Nits/editorial comments:
8- Expand the first time: JWS -> JSON Web Signature (JWS)
Done. Thanks!
Jon Peterson
Neustar, Inc.
Thank you for this document,
Ines.
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
