Roman Danyliw has entered the following ballot position for draft-ietf-intarea-provisioning-domains-10: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 4.4. Per “When a host retrieves the PvD Additional Information, it MUST verify that the TLS server certificate is valid for the performed request (e.g., that the Subject Alternative Name is equal to the PvD ID expressed as an FQDN). This authentication creates a secure binding between the information provided by the trusted Router Advertisement, and the HTTPS server.”, what is the trust anchor the client is supposed to use to valid the server certificate is valid? How is that trust anchor provisioned? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I support Ben Kaduk and Adam Roach’s DISCUSS positions. Section 4.1. Per “If the HTTP status of the answer is between 200 and 299, inclusive, the host MAY get a file containing a single JSON object”, what should be the behavior of a host that gets 200 status code but no JSON object – should it try again, conclude (like in a 4xx status code) that there is not further information, etc.? _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
