Thanks, Russ! Forwarding to the list for visibility and discussion. Orit. > -----Original Message----- > From: Russ Housley [mailto:[email protected]] > Sent: Thursday, March 05, 2015 12:30 PM > To: Orit Levin (LCA) > Cc: Sean Turner; Leif Johansson; Chris Newman; Keith Moore; Russ Housley > Subject: Re: Review of security latches mechanism in draft-ietf-uta-email- > deep > > Sorry it has taken so long to find a window to do this review. > > Overall the document looks very good, but I have a few suggestions. > > Section 3.2 seems out of place. I t does not describe an assurance level, so > it should go somewhere else. Also, it needs a reference or a few additional > sentences to define "certificate pinning." A reader that has not been > following this for many years will probably not know what to put in their > code. > > In Section 9.5, you should probably say something about end-to-end > encryption and its impact on making these checks. > > I think you should swap the order of Sections 10.4.3 and 10.4.4. > > A few places, the terms "privacy" and "confidentiality" seem to be used as > synonyms. They are not. Please see the definitions in RFC 2828. > > Thanks for the hard work, > Russ > > > On Mar 02, 2015, at 19:01, Orit Levin (LCA) <[email protected]> wrote: > > > Dear Russ and Sean, > > Following the action items from the last UTA meeting, this is a reminder > to review the security latches mechanism defined in > https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/ and post the > results on the UTA list. > > Thank you very much and cheers, > > Orit.
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
