Hiya, I've done my AD review of this and have three questions I'd like to ask before starting IETF last call. I mostly care about the answer to #3. #1 is just a suggestion that might avoid some process-crap and #2 is just me being curious (unless #2 turns out to be a part of #3).
(1) Why experimental? Wouldn't this be better as info and documented as "here's a spec for a thing that's widely deployed." I fear we may get questions like "what's the experiment?", "where's this going in future?" if this aims for experimental, and info may avoid that esp if we really want people to move to TLS1.3. I also didn't see list discussion about what kind of RFC to aim for, but maybe it was discussed at a meeting or interim? (Apologies if I missed that in my scan of the list.) (2) The write up and some mail list traffic and AGL's bloggy thing all refer to NPN, but there's no mention of NPN or ALPN in the draft. What's up with that? (Not saying that needs to be explained, but I wondered.) (3) Why is there no description of the reasons for all the MUST only use whitelisted <foo> and for the choices that are whitelisted? Wouldn't omitting that tend to lead people to use this more badly? That could be done with some explanatory text and using some of the references below maybe. Or, if we don't really want new folks to implement this (do we?) then just saying that might mean it's ok to not explain the "why." (And then you could also address #1 above then by issuing this as an historic RFC too if you wanted.) Cheers, S. Possible refs: - http://www.ieee-security.org/TC/SP2015/papers-archived/6949a535.pdf (esp Section V-C) - http://homes.esat.kuleuven.be/~fvercaut/papers/ACM2012.pdf - https://hal.inria.fr/hal-01184171/document - https://arxiv.org/pdf/1602.02396.pdf - https://eprint.iacr.org/2016/072.pdf
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
