Reviewer: Dan Romascanu
Review result: Ready with Issues
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.
For mo
On Saturday, 13 May 2017 07:21:06 CEST Dave Garrett wrote:
> On Friday, May 12, 2017 11:17:45 pm Christian Huitema wrote:
> > The "server DH Key" poses a significant forward secrecy issue. Suppose
> > that the key is compromised. Now the secret police can find out what
> > nasty sites was accessed
In the most recent Google email transparency reports:
https://www.google.com/transparencyreport/saferemail/
we see for the first time an essentially equal (and some days slightly
greater) fraction of inbound and outbound email using STARTTLS.
Between Apr 15th and May 6th the STARTTLS us
Hi Eric,
Thanks for your response. Sorry for the delay, I'v been traveling.
The responses sound good, I do have a clarification and will respond
inline.
On Sat, May 13, 2017 at 2:09 PM, Eric Rescorla wrote:
> Hi Kathleen,
>
> Thanks for your review.
>
>
>> 1. Since this is going for IETF last c
Just commenting on Section 4.2 …
>
> > 3. Section 4.2.
> >
> >"In general, detailed certificate validation procedures are out of
> >scope for TLS (see [RFC5280]). This section provides TLS-specific
> >requirements."
> >
> > I don't see an explanation of why it is out-of-scope. The
On Monday, May 15, 2017 07:56:44 am Hubert Kario wrote:
> On Saturday, 13 May 2017 07:21:06 CEST Dave Garrett wrote:
> > On Friday, May 12, 2017 11:17:45 pm Christian Huitema wrote:
> > > The "server DH Key" poses a significant forward secrecy issue. Suppose
> > > that the key is compromised. Now t
> On May 15, 2017, at 3:38 PM, Russ Housley wrote:
>
>>> I don't see an explanation of why it is out-of-scope. The reference
>>> is just to RFC5280, which seems odd. I would expect the reference to
>>> be to something that explains why it is out-of-scope.
>
> I think the the separation of cer
On Mon, May 15, 2017 at 12:38 PM, Russ Housley wrote:
> Just commenting on Section 4.2 …
>
> >
> > > 3. Section 4.2.
> > >
> > >"In general, detailed certificate validation procedures are out of
> > >scope for TLS (see [RFC5280]). This section provides TLS-specific
> > >requirements.
