ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt> (Updated TLS Server Identity Check Procedure for Email Related Protocols) to Proposed Standard

2015-11-21 08:42:05
Hi Russ,
Thank you for your comments.

On 20/11/2015 21:36, Russ Housley wrote:
I support this document going forward.  Below I suggest four improvements to 
the document.

(1)  In Introduction says:

   Note that this document doesn't apply to use of TLS in MTA-to-MTA
   SMTP.

Can this be enhanced to include a pointer to where this can be found?

Currently this is discussed in draft-friedl-uta-smtp-mta-certs, but this
is not a WG document, so I would rather not have a pointer.

(2)  The next paragraph in the Introduction says:

   The main goal of the document is to provide consistent TLS server
   identity verification procedure across multiple email related
   protocols.

Since this is a standards-track document, I think it would be better to say:

   This document provides a consistent TLS server identity
   verification procedure across multiple email related protocols.

Changed, thank you.

(3)  Section 2 does a lot by reference, which is fine.  I think it would help 
the reader to duplicate a bit of context from RFC 6125, in particular 
repeating the definitions of CN-ID, DNS-ID, and SRV-ID.

Yes, I struggled with this as well. This would be lots of cut & pasted
text.

(4)  Section 3 needs to state first that the certificate passes certification 
path validation as described in Section 6 of RFC 5280, and second passes the 
email-specific rules in this section.

Yes, this was implied. Added to my copy.


<Prev in Thread] Current Thread [Next in Thread>