Jeffrey Altman <jaltman@xxxxxxxxxxxxxxxxxxxx> writes: > Sam Hartman wrote: >> Unless there is strong support for the more complex registration >> process in the draft, we'd like to go to expert review. > > The technical argument in favor of a review list, whether a special > list for this purpose or some pre-existing list such as SecDir, is that > it is not always easy to find experts who are familiar with both of the > protocols being bound. As a result, having more reviewers is a safety > net. This is especially important for reviews of security protocols. Another reason is accountability: the registration applications and responses could be archived in a mailing list archive. That is helpful for future expert reviewers, to be able to review past behaviour and considerations when dealing with new situations. > I do not believe that the registration process defined in this draft is > particularly burdensome. It is a well defined process with time limits > that will provide a predictable response time for requesters. It > doesn't limit the Area Director's ability to select an expert to perform > the review. It simply provides for transparency and public comment on > the registration. > > I believe the registration procedure should be implemented as described > in the draft. I agree. Btw, I couldn't find any checks to make sure that the name prefixes of channel bindings turn out to be unique? To solve it, always adding (for example) a ':' between the IANA allocated and the actual channel binding value would be useful. Consider if 'TLS1' and 'TLS1.2' are registered. Consider a channel binding value for 'TLS1' that, through some encoding, starts with '.2', thereby forming 'TLS1.2' at the beginning. Maybe this problem is already solved, although I have missed it. Any pointers to particular sections? /Simon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf