Re: [Int-area] Alexey Melnikov's No Objection on draft-ietf-intarea-provisioning-domains-10: (with COMMENT)

Wed, 22 Jan 2020 08:51:52 -0800 

Hi Alexey,

Thanks very much for the review! I'm keeping pending changes available here, to 
be published after the telechat: 
https://github.com/IPv6-mPvD/mpvd-ietf-drafts/pull/25

I've updated the text to reference a DNS-ID in the cert, and not imply that 
there is only one such name:

....
(e.g., that a DNS-ID {{?RFC6125}} on the certificate is equal to
the PvD ID expressed as an FQDN)

I've also added a reference to HTTP/2 and mentioned that the example is using 
the HTTP/2 syntax:

The following example shows a GET request that the host sends, in HTTP/2
syntax {{?RFC7540}}:

Thanks,
Tommy


> On Jan 17, 2020, at 7:40 AM, Alexey Melnikov via Datatracker 
> <nore...@ietf.org> wrote:
> 
> Alexey Melnikov has entered the following ballot position for
> draft-ietf-intarea-provisioning-domains-10: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> This is a well written document, but I have a small set of issues I would like
> to discuss:
> 
> 4.4.  Detecting misconfiguration and misuse
> 
>   When a host retrieves the PvD Additional Information, it MUST verify
>   that the TLS server certificate is valid for the performed request
>   (e.g., that the Subject Alternative Name is equal to the PvD ID
>   expressed as an FQDN).
> 
> The last sentence is not right: you should say “one of Subject Alternative
> Names is equal to ... “ because a server certificate can have multiple Subject
> Alternative Names.
> 
> 5.4.  Providing Additional Information to PvD-Aware Hosts
> 
> This section is using HTTP/2 syntax for requests and responses, but HTTP 2 RFC
> is not listed as a reference.
> 
> 
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area


_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

Reply via email to