Hi Roman, Thank you for the good suggestions. Comments addressed here https://github.com/tlswg/tls-subcerts/pull/108
Best, Nick On Tue, May 31, 2022 at 5:49 PM Roman Danyliw via Datatracker < nore...@ietf.org> wrote: > Roman Danyliw has entered the following ballot position for > draft-ietf-tls-subcerts-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ** Section 4 > Endpoints will reject delegated > credentials that expire more than 7 days from the current time (as > described in Section 4.1) based on the default (see Section 3. > > For clarity, consider: > > NEW > By default, unless set to an alternative value by an application profile > (see > Section 3), endpoints will reject delegated credentials that expire more > than 7 > days from the current time (as described in Section 4.1.3). > > ** Section 7.1 > However, they cannot create new delegated credentials. Thus, > delegated credentials should not be used to send a delegation to an > untrusted party, ... > > The second sentence doesn’t seem to follow from the first. > > ** Appendix B > The following certificate has the Delegated Credentials OID. > > For clarity, consider: > > NEW > The following is an example of a delegation certificate which satisfies the > requirements described in Section 4.2 (i.e., uses the DelegationUsage > extension > and has the digitalSignature KeyUsage). > > ** Appendix B. I will leave to the RFC Editor to decide if using the > Watson > Ladd’s personal home page (kc2kdm.com) in the certificate SAN is an > acceptable > example domain name. > > Editorial Nits > > ** Abstract. Typo. s/to to/to/ > > ** Section 4.2. Typo. s/documnt/document/ > > ** Section 7.6. In the spirit of inclusive language, consider if there is > an > alternative term to “man-in-the-middle certificate” > > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
