Sorry I sent unfinished review by mistake, here it is:
On Mon, Dec 22, 2025 at 8:30 PM Behcet Sarikaya via Datatracker < [email protected]> wrote: > Document: draft-ietf-dance-tls-clientid > Title: TLS Extension for DANE Client Identity > Reviewer: Behcet Sarikaya > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. > > Document: draft-ietf-dance-tls-clientid-07 > Reviewer: Behcet Sarikaya > Review Date: 2025-12-22 > IETF LC End Date: 2025-12-23 > IESG Telechat date: Not scheduled for a telechat > > Summary: > The document draft-ietf-dance-tls-clientid-07 defines an extension to TLS that allows a client to send its DANE identity to the server as part of the connection setup. The server can find the associated certificate or raw public key for that exact identity. In TLS 1.3, the identity is encrypted. > > Major issues: > > None > Minor issues: > > None. > Nits/editorial comments: > > From Eric Rescorla's email on Dec. 15, 2025 # TLS 1.2 is Frozen draft-ietf-dance-clientid-07 registers a new TLS extension, but with the approval of draft-ietf-tls-tls12-frozen-08, the extension registry is frozen. this draft should only be defining a new extension for TLS 1.3. This nit at least requires some revision on the draft *Section 2 TLSA is defined in RFC 6698: The TLSA DNS resource record (RR) is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a "TLSA certificate association" again with some minor revision the above could be reflected in the draft. * idnits complains about 2 normative references RFC 5246 TLS 1.2 and RFC 6347 DTLS 1.2 have been obsoleted by their TLS 1.3 versions but in the document this is no issue. This requires no revision. Behcet
_______________________________________________ Gen-art mailing list -- [email protected] To unsubscribe send an email to [email protected]
