Éric Vyncke has entered the following ballot position for draft-ietf-tls-subcerts-14: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Éric Vyncke, INT AD, review of # Éric Vyncke, INT AD, review of draft-ietf-tls-subcerts-14 Thank you for the work put into this document. It solves a common and important issue while keeping backward compatibility. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Joe Salowey for the shepherd's write-up including the WG consensus and the intended status. I hope that this helps to improve the document, Regards, -éric ## COMMENTS ### Section 1 ``` Furthermore, this mechanism allows the server to use modern signature algorithms such as Ed25519 [RFC8032] even if their CA does not support them. ``` Does it also mean that the signature algorithm could be weaker ? I found the use of `(D)TLS termination services`, `(D)TLS server`, `(D)TLS peer` a little confusing on whether they represent the same entity. ### Section 3.2 The small graphic in the text is really useful but: * should include a figure legend * the bottom part would be welcome in the introduction ## Section 4.2 Thanks to Sean Turner for providing the explanation about the use of Cloudflare OID into an IETF standard. ## Section 5.1 Unsure whether having such a short subsection is useful (albeit being harmless) especially when there is only one subsection. ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls