[Last-Call] Genart last call review of draft-ietf-cdni-https-delegation-subcerts-08

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Mallory Knodel
Review result: Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-cdni-https-delegation-subcerts-??
Reviewer: Mallory Knodel
Review Date: 2024-06-25
IETF LC End Date: 2024-06-25
IESG Telechat date: Not scheduled for a telechat

Summary: I found no major issues with the draft as it's written. Its
specifications are concise and clear. I have only suggested adding one sentence
to the privacy considerations section as a minor issue.

Major issues: None

Minor issues: The privacy considerations section might include the following
sentence, to parallel the security considerations section and present a
reasonable risk to implementers of this specification, "A single or systematic
retrieval of delegated credentials and associated private keys would allow the
attacker to decrypt any data sent by the end user intended for the end service,
which may include PII."

Nits/editorial comments: None.


-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux