Re: [Last-Call] Artart last call review of draft-ietf-tls-subcerts-12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christian: thank you for this review, I especially agree with the point on the IANA considerations – I have raised that in my ballot and will be looking forward to the authors’ reply.

 

Francesca

 

From: last-call <last-call-bounces@xxxxxxxx> on behalf of Christian Amsüss via Datatracker <noreply@xxxxxxxx>
Date: Tuesday, 5 April 2022 at 21:26
To: art@xxxxxxxx <art@xxxxxxxx>
Cc: last-call@xxxxxxxx <last-call@xxxxxxxx>, draft-ietf-tls-subcerts.all@xxxxxxxx <draft-ietf-tls-subcerts.all@xxxxxxxx>, tls@xxxxxxxx <tls@xxxxxxxx>
Subject: [Last-Call] Artart last call review of draft-ietf-tls-subcerts-12

Reviewer: Christian Amsüss
Review result: Ready with Nits

Thanks for this well-written document

ART topics:

The document does not touch on any of the typical ART review issues; times are
relative in well understood units, and versioning, formal language (ASN.1,
which is outside of my experience to check) and encoding infrastructure
(struct) follows TLS practices.

General comments:

* The introduction of this mechanism gives the impression of a band-aid applied
to a PKI ecosystem that has accumulated many limitations as outlined in section
3.1. The present solution appears good, but if there is ongoing work on the
underlying issues (even experimentally), I'd appreciate a careful reference to
it.

* Section 7.6 hints at the front end querying the back-end for creation of new
DCs -- other than that, DC distribution (neither push- nor pull-based) is
discussed. If there are any mechanisms brewing, I'd appreciate a reference as
well.

Please check:

* The IANA considerations list "delegated_credential" for CH, CR and CT
messages. I did not find a reference in the text for Ct, only for CH and CR.

Editorial comments:

* (p5) "result for the peer.." -- extraneous period.
* (p9, p15, p16) The "7 days" are introduced as the default for a profilable
prarameter, but later used without further comment.


--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux