On Mon, May 15, 2017 at 12:38 PM, Russ Housley wrote:
> Just commenting on Section 4.2 …
>
> >
> > > 3. Section 4.2.
> > >
> > >"In general, detailed certificate validation procedures are out of
> > >scope for TLS (see [RFC5280]). This section provides TLS-specific
> On May 15, 2017, at 3:38 PM, Russ Housley wrote:
>
>>> I don't see an explanation of why it is out-of-scope. The reference
>>> is just to RFC5280, which seems odd. I would expect the reference to
>>> be to something that explains why it is out-of-scope.
>
> I think
On Monday, May 15, 2017 07:56:44 am Hubert Kario wrote:
> On Saturday, 13 May 2017 07:21:06 CEST Dave Garrett wrote:
> > On Friday, May 12, 2017 11:17:45 pm Christian Huitema wrote:
> > > The "server DH Key" poses a significant forward secrecy issue. Suppose
> > > that the key is compromised. Now
Just commenting on Section 4.2 …
>
> > 3. Section 4.2.
> >
> >"In general, detailed certificate validation procedures are out of
> >scope for TLS (see [RFC5280]). This section provides TLS-specific
> >requirements."
> >
> > I don't see an explanation of why it is out-of-scope.
Hi Eric,
Thanks for your response. Sorry for the delay, I'v been traveling.
The responses sound good, I do have a clarification and will respond
inline.
On Sat, May 13, 2017 at 2:09 PM, Eric Rescorla wrote:
> Hi Kathleen,
>
> Thanks for your review.
>
>
>> 1. Since this is going
In the most recent Google email transparency reports:
https://www.google.com/transparencyreport/saferemail/
we see for the first time an essentially equal (and some days slightly
greater) fraction of inbound and outbound email using STARTTLS.
Between Apr 15th and May 6th the STARTTLS
On Saturday, 13 May 2017 07:21:06 CEST Dave Garrett wrote:
> On Friday, May 12, 2017 11:17:45 pm Christian Huitema wrote:
> > The "server DH Key" poses a significant forward secrecy issue. Suppose
> > that the key is compromised. Now the secret police can find out what
> > nasty sites was accessed
Reviewer: Dan Romascanu
Review result: Ready with Issues
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.
For