Barry Leiba has entered the following ballot position for draft-ietf-uta-tls-attacks-04: Yes
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-uta-tls-attacks/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- A tiny thing in the Introduction: "suffice it to say" may sound cute, but if it were really sufficient, the document could stop there. I suggest replacing "suffice it to say" with "a quick summary is". But take this or leave it as you please. My other comment is more significant: -- Section 2.13 -- o Implementations may not validate the server identity. This validation typically amounts to matching the protocol-level server name with the certificate's Subject Alternative Name field. Note: historically, although incorrect, this information is also often found in the Common Name part of the Distinguished Name instead. I had to read the "note" a few times before I followed it. It's not the information that's incorrect, and the "also ... instead" bit is confusing. But the biggest problem is that it's unclear what the incorrect thing IS: is it that the information is put in the CN and shouldn't be? Or is it that validators retrieve it from there instead of from the SAN? Maybe this (correct it as necessary)?: NEW o Implementations might not validate the server identity. This validation typically amounts to matching the protocol-level server name with the certificate's Subject Alternative Name field. Note: this same information is often in the Common Name part of the Distinguished Name also, and some validators incorrectly retrieve it from there instead of from the Subject Alternative Name. (That also changes the "may" to "might", to avoid accidentally conveying a sense of permission.) _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
