Deb Cooley has entered the following ballot position for draft-ietf-anima-brski-prm-18: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-anima-brski-prm/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 7.3, para 2: Pick one: either 'mutual authentication' or 'client authentication'. If you pick 'mutual authentication', then in sentence 2, it could be 'mTLS uses....' [one should do a global search, there are a bunch of 'client authentication' instances throughout the draft] Section 7.3, para 3: Is this suggesting that the registrar only needs to verify the Registrar-Agent's connection if it doesn't already have the Registrar-Agent's EE certificate? seems odd....and possibly insecure. Section 12.1: Is there a resource exhaustion DOS attack on the Pledge? Section 6.1 and 12.3: Doesn't frequent rekey of the Registrar-Agent lead to synchronization issues with the Registrar? How is this mitigated? _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
