Thank you for writing this BCP. I believe it provides important guidance and
support its publication.
I have the following comments on draft -13:
Overall:
The draft uses the term “adversary” (3 times) and the term “attacker” (>100
times). I suggest using one term consistently.
My understanding
I see what you meant.
Thanks,
Rifaat
On Tue, Dec 3, 2019 at 3:46 PM Richard Backman, Annabelle <
richa...@amazon.com> wrote:
> >> The documentation for Symantec's SSL Visibility product [1] indicates
> that sessions using client certificates will be rejected unless they are
> exempted based on
