[Last-Call] Secdir telechat review of draft-ietf-dtn-tcpclv4-18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Christopher Wood
Review result: Has Nits

Thanks for updating this document! All of my comments from the previous review
have been addressed. It reads much better now. I only have some minor nits to
note below:

- Section 8.5: This section title references ciphersuite downgrade, yet the
text refers to configured use of less-good ciphersuites. Perhaps the title
should be, "Threat: Weak TLS Configurations"? - Section 8.6: I don't quite
follow this section. Certainly, describing how one validates certificates is
out of scope. However, the title suggests this is part of how one "uses"
certificates? I might just scratch this section altogether, and instead
reference RFC5280 where certificate-based authentication is first presented. -
Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits." -
Section 8.10.1: I would reference opportunistic security here, as an
unauthenticated key exchange yields similar properties.

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux