Hi Ben,
On 16/12/2015 20:25, Ben Campbell wrote:
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
- section 3, first paragraph:
MiTM prevention is just one of many reasons to match the reference
identifier, right?
Are you thinking of access controls being another reason or something else?
-5.1:
It might be worth mentioning that the methods in this draft require the
provider to manage private keys for the tenant domains.
Yes.
- Informative References:
Please consider whether 2595,
As this document is replacing bits of 2595, Informative is Ok. Other
bits of it were obsoleted by other documents already, IMHO.
5234,
This is only mentioned when describing URI-IDs, which are "MUST NOT be
used". So I think this doesn't need to be normative either.
and 6066
I think UTA DEEP document is going to talk more about use of SNI with TLS.
should be normative references.
Editorial and Nits:
-2, Reference Identifier:
I agree with Barry's comments. Additionally,/*do you need the 2119 MUST in the
definition*/?
I don't think so. Can you give an example of how MUST can be used?
It seems like that belongs in the related
requirements/procedures section.
-4.1: This section needs more proofreading\. Here's some things I found,
but I may have missed stuff.
-- "manual confirm exception" -> "manually confirm exceptions"
-- "because TLS server certificate verification" - Missing "the" before
TLS
-- "failure to match TLS server certificate against the expected domains"
- missing "the" before TLS. Should "domains" be singular?
There can be more than one expected domain, so I've changed that to
"domain(s)".
I fixed all of the above.
-- "for example.org domain" - missing "the" before "example.org"
-- "this solution depends reliance of DNSSEC " - I don't understand the
phrase
Cut & paste error. Should be "depends on DNSSEC".
-- "The ability of issuing certificates that contain SRV-ID implies..." -
I don't understand the phrase.
I changed that to
"The ability to issue certificates ..."
So the ability to do X implies the ability to verify that entities
requesting them are authorized to run email service for these SRV-IDs.
Where X is "issue certificates that contain SRV-ID".
- 5: Lots of sentence fragments in the numbered list items. That's not
necessarily wrong, but mixing them up like this makes it harder to read.
Ok, I will have a look.
(At least for me.)
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
