On 06/28/2017 04:15 PM, Joseph Salowey wrote: > This is the working group last call > for draft-ietf-tls-dnssec-chain-extension-04. Please send you > comments to the list by July 12, 2017.
Just a couple minor things I don't remember being mentioned already that I noticed in a quick read: When section 3.4 mentions that "this document describes the data structure in sufficient detail that implementors if they desire can write their own code to do this", it seems that this really on makes sense when the "this" is for the encoding side, not the decoding side. That is, in that we expect future DNS clients to continue to process responses in the current format, but future DNS servers might generate responses that cannot be properly decoded just following this document. (E.g., what would happen if NSEC5 became popular?) In section 8: Mandating this extension for Raw Public Key authentication (where there are no X.509 certificates) could employ configuration mechanisms external to the TLS protocol this sentence structure is a little confusing; it might be better to say something like "If needed, configuration mechanism external to the TLS protocol could be used to mandate the use of this extension for Raw Public Key authentication". -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
