Alexey: Thanks for addressing my comments. I think the CN-ID, DNS-ID, and SRV-ID definitions would be about 1/2 page. Is that a lot of text? Russ On Nov 21, 2015, at 9:41 AM, Alexey Melnikov wrote: > Hi Russ, > Thank you for your comments. > > On 20/11/2015 21:36, Russ Housley wrote: >> I support this document going forward. Below I suggest four improvements to the document. >> >> (1) In Introduction says: >> >> Note that this document doesn't apply to use of TLS in MTA-to-MTA >> SMTP. >> >> Can this be enhanced to include a pointer to where this can be found? > > Currently this is discussed in draft-friedl-uta-smtp-mta-certs, but this > is not a WG document, so I would rather not have a pointer. > >> (2) The next paragraph in the Introduction says: >> >> The main goal of the document is to provide consistent TLS server >> identity verification procedure across multiple email related >> protocols. >> >> Since this is a standards-track document, I think it would be better to say: >> >> This document provides a consistent TLS server identity >> verification procedure across multiple email related protocols. > > Changed, thank you. > >> (3) Section 2 does a lot by reference, which is fine. I think it would help the reader to duplicate a bit of context from RFC 6125, in particular repeating the definitions of CN-ID, DNS-ID, and SRV-ID. > > Yes, I struggled with this as well. This would be lots of cut & pasted > text. > >> (4) Section 3 needs to state first that the certificate passes certification path validation as described in Section 6 of RFC 5280, and second passes the email-specific rules in this section. > > Yes, this was implied. Added to my copy. >