Good Morning,
Thanks for your comments Yoav, please see my responses below, a new revision will be published shortly to address issues brought up in this latest round of comments. Thanks Roger -----Original Message----- From: Yoav Nir via Datatracker <nore...@ietf.org<mailto:nore...@ietf.org>> Sent: Tuesday, September 17, 2019 3:37 PM To: sec...@ietf.org<mailto:sec...@ietf.org> Cc: i...@ietf.org<mailto:i...@ietf.org>; draft-ietf-regext-epp-fees....@ietf.org<mailto:draft-ietf-regext-epp-fees....@ietf.org>; regext@ietf.org<mailto:regext@ietf.org> Subject: Secdir telechat review of draft-ietf-regext-epp-fees-18 Notice: This email is from an external sender. Reviewer: Yoav Nir Review result: Has Nits The changes in revision -17 are fine. I would still like to have it stated that financial information is not at risk of leaking because the account information of a customer is only sent in communications with that customer. The Security Considerations section already says that encryption is used when transmitting financial information. That is necessary but not sufficient. You also need to state that such information is only sent to entities that should have access to that information. [RDC] Section 7 will be updated to add: “The server will only provide information, including financial information, that is relevant to the authenticated client.”
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext