Reviewer: Christopher Wood Review result: Has Nits Thanks for updating this document! All of my comments from the previous review have been addressed. It reads much better now. I only have some minor nits to note below: - Section 8.5: This section title references ciphersuite downgrade, yet the text refers to configured use of less-good ciphersuites. Perhaps the title should be, "Threat: Weak TLS Configurations"? - Section 8.6: I don't quite follow this section. Certainly, describing how one validates certificates is out of scope. However, the title suggests this is part of how one "uses" certificates? I might just scratch this section altogether, and instead reference RFC5280 where certificate-based authentication is first presented. - Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits." - Section 8.10.1: I would reference opportunistic security here, as an unauthenticated key exchange yields similar properties. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call