> ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks to Martin Thomson for his ARTART review. > > A stylistic point: The Abstract is made up of five sentences all of which > start > "This document". It's a bit of a rigid read. Maybe something like this? > > This document provides usage guidance for external Pre-Shared Keys > (PSKs) in Transport Layer Security (TLS) 1.3 as defined in RFC 8446. > It lists TLS security properties provided by PSKs under > certain assumptions, and then demonstrates how violations of these > assumptions lead to attacks. It also discusses PSK use cases > and provisioning processes. Advice for > applications to help meet these assumptions is provided. Finally, > it lists the privacy and security properties that are not provided by > TLS 1.3 when external PSKs are used. >
Thanks. I swapped two of your sentence so that the two sentences about assumptions are one after the other. > Section 4.1 contains this, which I can't quite parse: > > To illustrate the rerouting attack, consider the group of peers who > know the PSK be A, B, and C. > > Should there be a "to" after "PSK"? I suggest: To illustrate the rerouting attack, consider three peers, A, B, and C, who all know the PSK. The attack proceeds as follows: > In Section 8: > > Each endpoint SHOULD know the identifier of the other endpoint with > which its wants to connect and SHOULD compare it with the other > > s/its/it/ Fixed. Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
