On Mon, Dec 22, 2025 at 9:42 PM Behcet Sarikaya <[email protected]> wrote:
> Sorry I sent unfinished review by mistake, here it is: > > > On Mon, Dec 22, 2025 at 8:30 PM Behcet Sarikaya via Datatracker < > [email protected]> wrote: > >> Document: draft-ietf-dance-tls-clientid >> Title: TLS Extension for DANE Client Identity >> Reviewer: Behcet Sarikaya >> Review result: Ready with Nits >> > Thank you for your review Behcet, and apologies for the late reply. > I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >> >> For more information, please see the FAQ at >> >> <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. >> >> Document: draft-ietf-dance-tls-clientid-07 >> Reviewer: Behcet Sarikaya >> Review Date: 2025-12-22 >> IETF LC End Date: 2025-12-23 >> IESG Telechat date: Not scheduled for a telechat >> >> Summary: >> > The document draft-ietf-dance-tls-clientid-07 defines an extension to TLS > that allows a client to send its > DANE identity to the server as part of the connection setup. > The server can find the associated certificate or raw public key > for that exact identity. In TLS 1.3, the identity is encrypted. > >> >> Major issues: >> >> None > > >> Minor issues: >> >> None. > > >> Nits/editorial comments: >> >> From Eric Rescorla's email on Dec. 15, 2025 > # TLS 1.2 is Frozen > > draft-ietf-dance-clientid-07 registers a new TLS extension, but with > the approval of draft-ietf-tls-tls12-frozen-08, the extension registry > is frozen. > > this draft should only be defining a new extension for TLS > 1.3. > > This nit at least requires some revision on the draft > Yes, we are updating the text to make this TLS 1.3 only (more details in my response to Eric's note). *Section 2 > TLSA is defined in RFC 6698: > The TLSA DNS resource record (RR) is used to associate a TLS server > certificate or public key with the domain name where the record is > found, thus forming a "TLSA certificate association" > > again with some minor revision the above could be reflected in the draft. > This is mostly explained in RFC 6698 which we expect readers to be familiar with. But let me see if I can add some wording to address your request. * idnits complains about 2 normative references RFC 5246 TLS 1.2 and RFC > 6347 DTLS 1.2 have been obsoleted by > their TLS 1.3 versions but in the document this is no issue. > > This requires no revision. > Behcet > Thanks! Shumon.
_______________________________________________ Gen-art mailing list -- [email protected] To unsubscribe send an email to [email protected]
