Hi Alexey, Thanks very much for the review! I'm keeping pending changes available here, to be published after the telechat: https://github.com/IPv6-mPvD/mpvd-ietf-drafts/pull/25
I've updated the text to reference a DNS-ID in the cert, and not imply that there is only one such name: .... (e.g., that a DNS-ID {{?RFC6125}} on the certificate is equal to the PvD ID expressed as an FQDN) I've also added a reference to HTTP/2 and mentioned that the example is using the HTTP/2 syntax: The following example shows a GET request that the host sends, in HTTP/2 syntax {{?RFC7540}}: Thanks, Tommy > On Jan 17, 2020, at 7:40 AM, Alexey Melnikov via Datatracker > <nore...@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-intarea-provisioning-domains-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > This is a well written document, but I have a small set of issues I would like > to discuss: > > 4.4. Detecting misconfiguration and misuse > > When a host retrieves the PvD Additional Information, it MUST verify > that the TLS server certificate is valid for the performed request > (e.g., that the Subject Alternative Name is equal to the PvD ID > expressed as an FQDN). > > The last sentence is not right: you should say “one of Subject Alternative > Names is equal to ... “ because a server certificate can have multiple Subject > Alternative Names. > > 5.4. Providing Additional Information to PvD-Aware Hosts > > This section is using HTTP/2 syntax for requests and responses, but HTTP 2 RFC > is not listed as a reference. > > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area