> I don't think there is a better list of COMMENTs than those directly in > the IESG ballots:
> https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/ballot/ I am very sure that all of the open DISCUSS and COMMENT ballots have been addressed, except for three items that Ben raised that need clarification from him or the WG. That is message https://mailarchive.ietf.org/arch/msg/trans/yFJRli55wJ68EcQy5H97b97t8yY/ posted to the list a week ago. I think it is reasonable to ask the members of the IESG to take a look at the current document and confirm that their items have been addressed. Or, if Ben will respond to the email relatively soon, then it might make sense to wait for that. As a convenience here is a list of what changed since the last review: Address most of Ben's comments (#327) * Remove timestamp redundancy * Add CABBR ref for use in public definition * Log-trust mechanisms are being developed * Avoid using needless `n` term * Clarify processing rules (no looping) * Define leaf_index in "verifying an inclusion proof" * Use "D_m" instead of "D[m]" * Clarify OID comparison in 3.2 * Clarify maximum chain length semantics * Clarify format of Final STH * Clearify full DER encoding of OID * Use 2119 language around log OID length * Clarify sct_extensions * Signature cannot be zero-length * Add some back references/pointers * then->"so that" clarification * Clarify chain as array of JSON strings * Clarify "chosen certificate" is the hashed value * Clarify JSON "representing" -> "equivalent to" * Add note about TLS to get-anchors message * Add "of course" words on TLS extensions * We don't discuss client use/discovery of logs * Remove redundant "to the server" in handshake * Allow omitting or sending empty array * Update text about LogID OIDs * Make RFC 6223,6979 normative * Remove two questions; handled in PR 329 * Respond to Rob's feedback * Clarify need for signer's key * Remove work file Alexey comments (#325) * Define LSB * Add DER reference * Add TLS 1.2 reference * No limit on MMD value * Clarify which Base64 encoding * Add URL reference * Reword "prevent CA from avoiding blame" * Clarify why extra fields SHOULD be ignored * Revise "client evaluate compliance" * Say why monitor polling frequency isn't specified. * Rob's feedback on the PR. Address Alexey DISCUSS items (#318) * Add trans:errors to URN sub-namespace * Also ask IANA to create the trans:error registry. * Fix typo; add missing errors Address Mirja (and other misc) comments: * Explain lack of OID registry * Add pointers to Merkle docs * Remove references to gossip I-D * Clarify lack of specifics on HTTP status codes * Edit wording on shutting down a log * Reference IANA registry names * Clarify server status options * Update server status-sending options * Remove 'for off-line use' per @agwa * Fix some typo's * Explain why server-side isn't covered * Add clarifying notes to SignatureScheme registry * Clarification on timeouts and limits * Clarify ignoring SCT extensions * Remove refs to draft-ietf-trans-threat-analysis (#328) * Proof paths can be zero-length (#326) _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
