Robert Wilton has entered the following ballot position for draft-ietf-tls-external-psk-guidance-04: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-external-psk-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document. I find it always useful, and enlightening, when this sort of guidance is published. One minor nit/question on 7. Privacy Considerations TLS does little to keep PSK identity information private. For example, an adversary learns information about the external PSK or its identifier by virtue of it appearing in cleartext in a ClientHello. I wasn't sure what "it" in the last sentence refers to. I would potentially read that as being the external PSK, and hence the external PSK appears in cleartext in a ClientHello. I don't know TLS, but this seemed surprising. Hence you may want to consider whether this sentence should be tweaked to make it clearer. Thanks, Rob _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
