I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
This review is in response to a request for early Gen-ART review.
Document: draft-ietf-tls-downgrade-scsv-03
Reviewer: Russ Housley
Review Date: 2015-01-19
IETF LC End Date: 2015-01-23
IESG Telechat date: unknown
Summary: Almost Ready.
Major Concerns:
None.
Minor Concerns:
The upper-right corner of the title page and the abstract disagree. One
says that this document updates 3 RFCs, and the other says that it
updates 4 RFCs. I think that both are wrong based on this text from the
introduction:
This specification applies to implementations of TLS 1.0 [RFC2246],
TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], and to implementations of
DTLS 1.0 [RFC4347] and DTLS 1.2 [RFC6347].
Please correct the title page header and the abstract.
Other Comments:
In the introduction, I suggest the following editorial change to improve
clarity:
OLD:
... they can be particularly critical if they mean losing the
TLS extension feature (when downgrading to SSL 3.0).
NEW:
... they can be particularly harmful when the result is loss of the
TLS extension feature by downgrading to SSL 3.0.
Further down in the introduction, there is a missing word:
OLD:
... is not suitable substitute ...
NEW:
... is not a suitable substitute ...