[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

evaluation: draft-ietf-msgtrk-mtqp

To: iesg-secretary@ietf.org
Subject: evaluation: draft-ietf-msgtrk-mtqp
From: Steve Bellovin <smb@research.att.com>
Date: Thu, 30 Oct 2003 10:47:40 -0500
Cc: iesg@ietf.org

I'm still maintaining my DISCUSS.

Section 3:  It says that if TLS is required, the server "SHOULD" 
specify the "required" parameter.  Why isn't that a MUST?  The document 
itself uses the word "required", and the previous IESG comments 
demonstrated the need for such a flag.

The following two comments from Eric Rescorla have not been addressed:

S 6.1 
 I'm not that comfortable with the fact that no real guidance is
 provided about the peer identities. Is there some reason that they
 shouldn't match the FQDN? At least if one is caching the peer's
 use of STARTTLS you should cache the cert identity.

 As a nit, these guys are using "privacy" when they really mean
 "confidentiality".


		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: Re: Evaluation: draft-ietf-sigtran-v5ua-04.txt
Next by Date: Comments: draft-ietf-geopriv-dhcp-lci-option-02.txt
Previous by thread: Evaluation: draft-ietf-msec-mikey-07.txt
Next by thread: Comments: draft-ietf-geopriv-dhcp-lci-option-02.txt
Index(es):
- Date
- Thread