On Thu, Mar 02, 2023 at 11:06:24AM -0700, Peter Saint-Andre wrote:
> The authors hope that this version is now ready to move forward.
Just a quick comment:
As specified in Section 6.3, restricting the presented identifiers in
wildcard character (e.g., \*.example.com but not \*.\*.example.com)
certificates to only one wildcard character (e.g., \*.example.com but
and restricting the use of wildcards to only the left-most domain not
\*.\*.example.com) and restricting the use of wildcards to only label
can help to mitigate certain aspects of the attack described in the
left-most domain label can help to mitigate certain aspects of
[Defeating-SSL]. the attack described in [Defeating-SSL].
Why all the '\\' characters before the '*'s? Suggested, double-quote the
names instead, if the concern is whether the "*" is literal or a
wildcard placeholder in the text for a generic example:
As specified in Section 6.3, restricting the presented identifiers in
wildcard character (e.g., "*.example.com" but not "*.*.example.com")
certificates to only one wildcard character (e.g., "*.example.com" but
and restricting the use of wildcards to only the left-most domain not
"*.*.example.com") and restricting the use of wildcards to only label
can help to mitigate certain aspects of the attack described in the
left-most domain label can help to mitigate certain aspects of
[Defeating-SSL]. the attack described in [Defeating-SSL].
Otherwise, looks fine.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
