Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt

Fri, 27 May 2022 08:01:26 -0700 

Thanks Stephen, opened 4 issues, 
https://github.com/yaronf/I-D/issues?q=is%3Aissue+is%3Aopen+label%3ABCP195

        Yaron

On 5/27/22, 16:51, "Uta on behalf of Stephen Farrell" <[email protected] on 
behalf of [email protected]> wrote:


    Hiya,

    I had a read of this. Seems to me to be in fine shape but
    a couple of comments below. If those have already been
    discussed, apologies, and do ignore 'em.

    I don't think any of my comments need addressing before
    publication, but figured it was no harm sending 'em
    anyway:-)

    - section 3.2: I wondered why no mention of MTA-STS or
       DANE? Could/should we say that MTA implementations
       SHOULD include support for such strictness?

    - 4.2: there's been some cfrg [1] discussion (but not much
       and without so far reaching a conclusion) on deterministic
       signatures (RFC6979) and fault injection attacks. I wonder
       if we want to say anything about that? It might be worth
       just adding a reference that describes the problem, but
       I don't think we can expect the cfrg discussion to have
       resolved before this gets published. Those attacks are
       probably not that important for a typical TLS server but
       more interesting for small devices with TLS servers so
       maybe it's a bit too niche a concern to include?

    - 7.4: is it still true that "many TLS implementations
       reuse Diffie-Hellman and Elliptic Curve Diffie-Hellman
       exponents across multiple connections"? If not, then
       maybe s/many/some/ or cast the sentence into the past
       tense?

    - refs: is rfc6125 still the right reference given the -bis
       work?

    - refs: The 2015 date for the bettercrypto.org seems wrong.
       I guess that site has been updated since? It says 2018 on
       their front page anyway, but I'm not sure what'd be the
       right reference.

    Cheers,
    S.

    [1] 
    
https://datatracker.ietf.org/meeting/113/materials/slides-113-cfrg-signatures-deterministic-vs-randomized-00
    _______________________________________________
    Uta mailing list
    [email protected]
    https://www.ietf.org/mailman/listinfo/uta


_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta

Reply via email to