The IESG has received a request from an individual submitter to consider
the following document:
- 'Suite B Cipher Suites for TLS '
<draft-rescorla-tls-suiteb-06.txt> as an Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2008-10-23. Exceptionally,
comments may be sent to iesg(_at_)ietf(_dot_)org instead. In either case,
please
retain the beginning of the Subject line to allow automated sorting.
These are comments on the current (-09) draft.
1) Profile naming
The document defines a "compliant profile" and a "interoperability profile". As
anyone who works with compliance and interoperability testing knows, these two
words are often confused in the marketplace. It would take a reader a great
deal of effort to figure out why the "compliant profile" didn't also lead to
interoperability, and vice versa.
Reading more carefully, it becomes clear that the "interoperability profile" is
probably for a transition mechanism between current implementations and fully
compliant mechanisms. That is, it allows interoperability with today's
implementations (with restrictions), but helps lead to fully compliant
implementations over time.
If this is true, it would be *much* clearer if the two profiles were called
"compliant profile" and "transition profile". This would make it much easier
for an implementer to understand, and to prevent confusion when a vendor wants
to say that their implementation interoperates with another.
2) Document organization
The definitions for the two profiles are mixed in Section 4. While this saves a
bit of text (and probably paper...), it makes it hard to interpret. Further,
some of the material in Section 4 is not at all about the
interoperability^Wtransition profile; for example, the security levels
discussion is not related to the situation where one has for interoperability
reasons chosen TripleDES. Section 4 should really should be just about the
compliant profile and a new stand-alone section (new section 5) should be for
the interoperability^Wtransition profile. Otherwise, someone reading the
subsections of Section 4 won't be able to determine what part of the text at
the beginning of the section it applies to.
3) Other
Not really a nit: the document consists of two profiles, but the Abstract says
"a profile".
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf