Matt, thanks for your review. Shumon, thanks for your response. I have entered a No Objection ballot.
Alissa > On Feb 6, 2018, at 11:31 PM, Shumon Huque <[email protected]> wrote: > > On Tue, Feb 6, 2018 at 8:25 PM, Matthew Miller > <[email protected] <mailto:[email protected]>> > wrote: > Reviewer: Matthew Miller > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>>. > > Document: draft-ietf-tls-dnssec-chain-extension-06 > Reviewer: Matthew A. Miller > Review Date: 2018-02-06 > IETF LC End Date: 2018-02-07 > IESG Telechat date: 2018-02-08 > > Summary: > > This document is ready, with one issue that I think could benefit > from some clarification. > > Major issues: > > NONE > > Minor issue: > > This is more a question, that might warrant some clarification: > In 7. Verification, the last paragraph discusses client-side > caching of the RRsets. If a client has cached the full RRset chain > from TLSA to root RRSIG (and that cache is still viable), is the > client still expected to specify the "dnssec_chain" extension? > > In my reading, that does not seem necessary, and I think it might > be worth noting if that is true. > > Yes, if the client has cached either the validated TLSA RRset or the > full chain, then it doesn't need to send the dnssec_chain for subsequent > connections. > > If it has only cached other portions of the chain, then it needs to. > > We can clarify this. > > Shumon Huque > > _______________________________________________ > Gen-art mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/gen-art
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
