[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
review/comments of/on draft-ietf-netconf-tls-00.txt
Here are my initial comments. Mainly editorial/administrative
for now, except for the last comment/question.
- ID-NITS tells us:
== Missing Reference: 'RFC4279' is mentioned on line 246, but not defined
-- Duplicate reference: RFC4346, mentioned in 'TLSEXT', was also
mentioned
in 'TLS'.
Summary: 0 errors (**), 1 warning (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information
about
the items above.
see:
http://tools.ietf.org/wg/netconf/draft-ietf-netconf-tls/draft-ietf-netconf-t
ls-00.nits.txt
- expand acronyms.
You have as title: NETCONF over TLS
I suggest to change it to
NETCONF over Transport Layer Security (TLS)
that would also bee more conistent with the titles of
RFC4742, 4743 and 4744
I would also expand the TLS acronym in the abstract and in
section 1.1
- general
Personally I like ciatations of the form [RFC4346] better than
[TLS}. The reason is that I can immediately see which RFC
to check. I know it is subjective. So if you feel strong about
your form of citation, then I will respect that.
- Section 1.1
I wonder if it would not be better to be more consistent with the
other NETCONF documents and use the terms "client"and "server"
instead of "manager" and "agent"
In fact throughout the document, you sometimes do use the
terms client and server and other times manager and agent.
- section 3.2
of the password is stored is used to generate the PSK. It is
----------------^^--------^^
for the seconf "is" maybe change it to "and is" ??
- In section 3.2 I read:
The psk_identity_hint is initially defined in section 5.1 of RFC4279
The psk_identity_hint can do double duty and also provide a form of
server authentication in the case where the user has the same
password on a number of NETCONF agents.
and wonder: would that not be risky in that if an intruder discovers
the password of one agent, that he then has access to
all/several other agents as well?
Bert Wijnen
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>