Re: [Last-Call] Genart last call review of draft-ietf-stir-cert-delegation-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Ines,

Thanks for the read on this one (and sorry for the lengthy RTT). A few responses.
    
    Minor issues:
    
    1-Introduction Section:
    
    "..., including various forms of robocalling, voicemail hacking, and
    swatting..." --> should a reference to RFC7375 be added here?

Sure, I added that.
    
    2- It would be nice to add in Terminology section:
    
    -  delegation: the concept of delegation and its levels are defined in RFC8226.
    - definition for "legitimate spoofing". I understand that the draft explain it
    with an example.

Okay, done.
    
    3- It would be nice to add references to concepts, e.g. cA boolean --> cA
    boolean [rfc5280#section-4.2.1.9]

Happy to add an RFC5280 ref there, though there's one in the next sentence as well. 
    
    "x5u" link -> "x5u" (X.509 URL) [RFC7515#section-4.1.5] link

Above, the document already clarified that it is the '"x5u" field of a PASSporT", so I think this is okay,
    
    4- Section 4: It would be nice to add graphics explaining the process.
    E.g. can be used as a model the images displayed in
    https://urldefense.com/v3/__https://access.atis.org/apps/group_public/download.php/47134/IPNNI-2019-00043R000.pdf__;!!N14HnBHF!vZrienbZUwtHwW4zRQP1U-rug03A0oiYVhoxVCgIQSuo5sLqiIF9M5zX8OsrvTQ$  
    or https://urldefense.com/v3/__https://niccstandards.org.uk/wp-content/uploads/2019/03/ND1522V1.1.1.pdf__;!!N14HnBHF!vZrienbZUwtHwW4zRQP1U-rug03A0oiYVhoxVCgIQSuo5sLqiIF9M5zXkp7wSmM$  
    
Not sure about adding new pictures at this point; or at least, I think the basic idea should be clear from the text by itself.

    5- Section 5:"Authentication service behavior for delegate certificates is
    little
       changed from [RFC8224] STIR behavior" --> It is not clear to me what are the
       little changes.
    
    Additionally, how you quantify little/big changes?, maybe something like?:
    "Authentication service behavior varies from STIR behavior [RFC8224] as
    follows:...."

Okay, I can do that.
    
    6- Section 8.1: Should the picture displayed in
    https://urldefense.com/v3/__https://www.ietf.org/proceedings/104/slides/slides-104-stir-certificate-delegation-00--Slide__;!!N14HnBHF!vZrienbZUwtHwW4zRQP1U-rug03A0oiYVhoxVCgIQSuo5sLqiIF9M5zX-sJIr4Q$  
    5 be added here?
    
Really would rather not do new pictures at this point.

    7- Security Consideration section: should a reference to RFC7375 be added here?

Added.
    
    Nits/editorial comments:
    
    8- Expand the first time: JWS -> JSON Web Signature (JWS)

Done. Thanks!

Jon Peterson
Neustar, Inc.
    
    Thank you for this document,
    
    Ines.
    
    
    
    


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux