Hello Blake,
Some additional nits:
1. Cert-03.txt:
i. Section 2.3, paragraph 2. Delete sentence # 2
and # 3
or relocate into an appendix or footnote. Rationale: verbiage
seems to be editorial/expository/informational, but not technical
per se.
j. Section 2.3, paragraph 5, sentences 3-5.
Relocate
into first paragraph. Rationale: information is too important
to be hidden back there.
k. Section 3.1, paragraphs 1-4. Delete or relocate
into an appendix. Rationale: verbiage seems to be editorial
and/or expository in nature, but not technical per se.
l. Section 3.2. Relocate paragraph # 2 into the
last
paragraph of this section. Replace "emailAddress" with "Email
Address" in last line of last paragraph.
m. Section 4.0.
(1) Relocate paragraph # 1 into an appendix
and
delete the word "that" from the penultimate line of this same
paragraph. Rationale: verbiage seems mostly expository
in nature, but not technical per se.
(2) Insert new lead-off paragraph that sets
forth
the "MUST" language items.
(3) Relocate all but the first sentence in
existing
paragraph # 2 into an appendix. Rationale: verbiage seems to be
editorial/expository/informational, but not technical per se.
n. Section 4.2.
(1) In line # 1, what does the "and" mean?
And...what?
(2) Sentence # 1 and # 2 should be
reordered.
Rationale: current sentence #2 contains a "MUST statement and is
more important.
o. Section 4.4.
(1) Paragraph 1. Except for the last two
sentences,
relocate rest of paragraph into an appendix. Rationale: verbiage
seems mostly expository in nature, but not technical per se.
(2) Paragraph 1, line 10. Change "minimum
required"
to "maximum allowable". Rationale: to promote interoperability
despite the v3 extensions "curse," and so that verbiage agrees
with the first sentence in paragraph # 3.
(3) Paragraph 3, line 2. Define the term
"critical."
(4) Paragraph 3. This paragraph is too
confusing
(what with "non-critical unless"..."deemed critical"..."SHOULD
NOT be marked as critical", etc. Recommend complete rewrite or
delete.
p. Section 4.4.1.
(1) Paragraph 2, line 3. Define "end-user
subscriber" vis-a-vis "clients" , "users", "receiving agent",
and "sending agents".
(2) Final line. One-line paragraphs =
improper
grammar. Combine line with paragraph #1 or # 2. How should the
"basicConstraints extension be marked? "Critical" or...?
q. Section 4.4.3. How should the "subject
alternative
name extension" be marked?
r. Section 5.0 Is a "failure" always a security
consideration? Are there security considerations that are not
failures?
2. Msg-03.txt. Later
Also hope this helps.
Bill
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
William F. Flanigan, Jr., Ph.D. Voice: (703) 735-3305
Defense Information Systems Agency DSN: 653
Strategic Planning Office (JEBA) Fax: (703)735-3255
10701 Parkridge Boulevard Voice Mail: (703)735-3305
Reston, VA 20191-4357 Internet:
<flanigab(_at_)ncr(_dot_)disa(_dot_)mil>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%