---- Original Message ----- From: "Julien Meuric" <julien.meu...@orange.com> To: "Dhruv Dhody" <dhruv.dh...@huawei.com>; "DIEGO LOPEZ GARCIA" <diego.r.lo...@telefonica.com> Cc: <pce@ietf.org> Sent: Thursday, November 19, 2015 10:19 AM > Hi Dhruv, > > If you expect some updates after a review from the Security Directorate, > then the sooner the better. If you feel it useful, we will proceed when > your next revision is published. > > Thanks for being proactive here,
Two sorts of things that the Security Directorate might comment on - the use of compression, where the I-D says " * Support for and negotiation of compression is OPTIONAL. " whereas on 26th April 2014 (not 2015) the TLS WG said " We have strong confirmation of consensus to remove compression from TLS 1.3. The Editor is requested to make the appropriate changes to the draft on github. Joe" This came about because of loopholes that had been found with the use of compression; my sense is that compression has gone the way of RC4 (but that there is no I-D to say so). - fingerprints, where the I-D says "Implementations MUST support SHA-256 as the hash algorithm for the fingerprint." which seems reasonable but there is an outstanding DISCUSS on another I-D which says "(3) Consider zmap. When this is deployed, what'll be the effect of surveys that fingerprint all of the devices on the visible Internet who implement this protocol? Did the WG consider that?" to which my response is I don't understand; but it is a DISCUSS so someone will in due course. Like PCEPS, the reference is to the fingerprint of a certificate stored in a device for client/server authentication with TLS. Will this I-D get the same DISCUSS? I don't see why not (but then I don't understand the DISCUSS:-( Tom Petch > > Julien > > > Nov. 19, 2015 - dhruv.dh...@huawei.com: > > Hi Julien, > > > > We have the update ready to go. > > > > Quoting from Tom's mail - > > > >> So I value the early intervention of the > >> Security Directorate to try and fix such > >> issues sooner, and so cheaper, rather than later. > > > > We were wondering if it would be worthwhile (and allowed by the process) to request for an early Sec-Dir review while the control is still with the WG? > > > > Regards, > > Dhruv > > > > > >> -----Original Message----- > >> From: Pce [mailto:pce-boun...@ietf.org] On Behalf Of Julien Meuric > >> Sent: 19 November 2015 14:56 > >> > >> Hola Diego, > >> > >> The WG LC was started for a 2-week period: you can consider it finished. > >> > >> Finished or not, you are expected to resolve all the received comments and > >> publish an update accordingly, so as to have the I-D ready to be sent to the > >> IESG. Feel free to proceed as soon as you are able to. > >> > >> Cheers, > >> > >> Julien > >> > >> > >> Nov. 18, 2015 - diego.r.lo...@telefonica.com: > >>> > >>> And let me insist that I'd directly ask the UTA WG about this. My only > >>> question is about procedure: shall we wait till we finish the last > >>> call period? Shall we perform it as part of the last call process? > >>> What do our chairs think? > >> > >> _______________________________________________ > >> Pce mailing list > >> Pce@ietf.org > >> https://www.ietf.org/mailman/listinfo/pce > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce _______________________________________________ Pce mailing list Pce@ietf.org https://www.ietf.org/mailman/listinfo/pce