Hiya,
I had a read of this. Seems to me to be in fine shape but a couple of comments below. If those have already been discussed, apologies, and do ignore 'em. I don't think any of my comments need addressing before publication, but figured it was no harm sending 'em anyway:-) - section 3.2: I wondered why no mention of MTA-STS or DANE? Could/should we say that MTA implementations SHOULD include support for such strictness? - 4.2: there's been some cfrg [1] discussion (but not much and without so far reaching a conclusion) on deterministic signatures (RFC6979) and fault injection attacks. I wonder if we want to say anything about that? It might be worth just adding a reference that describes the problem, but I don't think we can expect the cfrg discussion to have resolved before this gets published. Those attacks are probably not that important for a typical TLS server but more interesting for small devices with TLS servers so maybe it's a bit too niche a concern to include? - 7.4: is it still true that "many TLS implementations reuse Diffie-Hellman and Elliptic Curve Diffie-Hellman exponents across multiple connections"? If not, then maybe s/many/some/ or cast the sentence into the past tense? - refs: is rfc6125 still the right reference given the -bis work? - refs: The 2015 date for the bettercrypto.org seems wrong. I guess that site has been updated since? It says 2018 on their front page anyway, but I'm not sure what'd be the right reference. Cheers, S.[1] https://datatracker.ietf.org/meeting/113/materials/slides-113-cfrg-signatures-deterministic-vs-randomized-00
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta