Alissa Cooper has entered the following ballot position for draft-ietf-emu-eap-tls13-13: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 2.1.3: “When NAI reuse can be done without privacy implications, it is RECOMMENDED to use the same anonymous NAI in the resumption, as was used in the original full authentication. E.g. the NAI @realm can safely be reused, while the NAI ZmxleG8=@realm cannot.” I think it would help to make this recommendation more specific. Does “without privacy implications” mean without the username part? Or does it mean something else? Should this text reference RFC 7542 for further context? Section 5.7: “Where a good decision is unclear” —> “Where the decision is in doubt” (or something like that; it isn’t obvious what a “good” decision is) _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
