Hi Russ,
Thank you for your comments.
On 20/11/2015 21:36, Russ Housley wrote:
I support this document going forward. Below I suggest four improvements to
the document.
(1) In Introduction says:
Note that this document doesn't apply to use of TLS in MTA-to-MTA
SMTP.
Can this be enhanced to include a pointer to where this can be found?
Currently this is discussed in draft-friedl-uta-smtp-mta-certs, but this
is not a WG document, so I would rather not have a pointer.
(2) The next paragraph in the Introduction says:
The main goal of the document is to provide consistent TLS server
identity verification procedure across multiple email related
protocols.
Since this is a standards-track document, I think it would be better to say:
This document provides a consistent TLS server identity
verification procedure across multiple email related protocols.
Changed, thank you.
(3) Section 2 does a lot by reference, which is fine. I think it would help
the reader to duplicate a bit of context from RFC 6125, in particular
repeating the definitions of CN-ID, DNS-ID, and SRV-ID.
Yes, I struggled with this as well. This would be lots of cut & pasted
text.
(4) Section 3 needs to state first that the certificate passes certification
path validation as described in Section 6 of RFC 5280, and second passes the
email-specific rules in this section.
Yes, this was implied. Added to my copy.