Re: [websec] WG Last Call on draft-ietf-websec-strict-transport-sec-06

Mon, 30 Apr 2012 15:26:58 -0700

thanks for the review Paul. I noticed I didn't respond to some portions of your message that didn't get transformed into issue tickets. here goes... 

> Significant:
>
> This document pretends that the TLSA protocol from the DANE WG will not
> exist.
this item is captured in <http://trac.tools.ietf.org/wg/websec/trac/ticket/39> and has been discussed in a separate thread.. 

<https://www.ietf.org/mail-archive/web/websec/current/msg01141.html>


> Moderate:
>
> In section 8.1.2, I don't know what "ignoring separator characters" means,
> and suspect it will cause pain if left this way.

That phrase is simply deleted in my -07 working copy.


> [I-D.ietf-tls-ssl-version3] is not a "work in progress". I'll take this up
> on the rfc-interest mailing list, and nothing needs to be done here.
That is addressed in my working copy via ref of (the recently published) [RFC6101] instead. 


> RFC 2818 is listed as a normative reference, and yet it is Informational.
> This will need to be called out in the PROTO report. Alternately, it can be
> called an informative reference, since one does not need to understand it
> in order to implement this document.

this item was addressed by Alexey in his reply here..

<https://www.ietf.org/mail-archive/web/websec/current/msg01104.html>


> I have alerted the idna-update mailing list of this WG LC. This might cause
> some helicoptered-in comments, but better now than during IETF LC.
I had noticed that. I'll followup there once -07 is pub'd. Note that I'd engaged in non-trivial discussions there on idna-update@ about various aspects of -strict-transport-sec back in Sep-2011... 

<http://www.alvestrand.no/pipermail/idna-update/2011-September/007140.html>

..and I have some hopefull-improved IDNA language in my -07 working copy.


> Editorial:
>
> "annunciate" (used a few times) is a fancy word for "announce". Maybe use
> the far more common word instead.
>
> In section 3.1, "suboptimal downside" is unclear. Is there an optimal
> downside? I suggest replacing it with "negative".
>
> The lead sentences in sections 11.2, 11.4, and 11.5 lack verbs; verbs are
> used in 11.1 and 11.3. This should be an easy fix.
the above are captured in issue ticket #40 <http://trac.tools.ietf.org/wg/websec/trac/ticket/40> 


thanks again,

=JeffH


_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec

Reply via email to