Good Morning,


Thanks for your comments Yoav, please see my responses below, a new revision 
will be published shortly to address issues brought up in this latest round of 
comments.





Thanks

Roger





-----Original Message-----
From: Yoav Nir via Datatracker <nore...@ietf.org<mailto:nore...@ietf.org>>
Sent: Tuesday, September 17, 2019 3:37 PM
To: sec...@ietf.org<mailto:sec...@ietf.org>
Cc: i...@ietf.org<mailto:i...@ietf.org>; 
draft-ietf-regext-epp-fees....@ietf.org<mailto:draft-ietf-regext-epp-fees....@ietf.org>;
 regext@ietf.org<mailto:regext@ietf.org>
Subject: Secdir telechat review of draft-ietf-regext-epp-fees-18



Notice: This email is from an external sender.







Reviewer: Yoav Nir

Review result: Has Nits



The changes in revision -17 are fine.



I would still like to have it stated that financial information is not at risk 
of leaking because the account information of a customer is only sent in 
communications with that customer. The Security Considerations section already 
says that encryption is used when transmitting financial information. That is 
necessary but not sufficient. You also need to state that such information is 
only sent to entities that should have access to that information.



[RDC] Section 7 will be updated to add: “The server will only provide 
information, including financial information, that is relevant to the 
authenticated client.”


_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Reply via email to