This is good enough.
comments.. 1) a nit in 4.3: OLD: Servers SHOULD authenticate using at least 2048-bit certificates. NEW: When using RSA servers SHOULD authenticate using certificates with at least a 2048-bit modulus for the public key. I didn't spot the same thing elsewhere but it could be there. 2) 5.2 title and elsewhere - use "Opportunistic Security" and not "Opportunistic Encryption" we had that (boring;-) debate so we may as well stick to the outcome 3) Wrt Brian's point about DHE 1024, I think that was already discussed on the list earlier and while the mozilla figures are interesting they don't change my mind - I think the benefit of PFS and the fact that s/w updates can fix this silently after one has configured the DHE cipherstuite and that the draft already says you should use 2048 all add to to where the draft is ok as-is. Cheers, S. On 12/11/14 00:52, Leif Johansson wrote: > > Since there were so many LC on draft-ietf-uta-tls-bcp-06.txt the chairs > have decided to run an additional short WGLC on > draft-ietf-uta-tls-bcp-07.txt > > Please make sure your comments have been addressed by reviewing the > document. We will be looking for a few explicit "+1" on the list to > indicate that review has been done. > > To provide a little bit of time for post-IETF travel, this WGLC will > expire on 21/11 > > Cheers Orit & Leif > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta > > _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
