[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: [TLS] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-ietf-?= =?utf-8?q?tls-sni-encryption-05=3
From: Éric_Vyncke_via_Datatracker <noreply () ietf ! org>
Date: 2019-09-17 20:58:44
Message-ID: 156875392447.17507.3998113824897028508.idtracker () ietfa ! amsl ! com
[Download RAW message or body]
Éric Vyncke has entered the following ballot position for
draft-ietf-tls-sni-encryption-05: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encryption/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thank you for the work put into this document. It is well-written and easy to
follow. Please find below a couple of comments and nits.
Reading
" In practice, it may well be that no solution can meet every
requirement, and that practical solutions will have to make some
compromises."
in the abstract brought a smile on my face ;-) Same for "employees of the UK
National Cyber Security Centre" at the end ;-)
Regards,
-éric
== COMMENTS ==
-- Section 2.1 --
C.1) I would suggest to use the words "network operators" rather than ISP as
enterprise or parents for home networks are also relying on clear-text SNI to
enforce some policies.
-- Section 2.2 --
C.2) The word "abuses" seems a little strong in the first paragraph, I prefer
the wording used in 2.1 "unanticipated usage". But, this is only one comment.
-- Section 3.6 --
C.3) It is rather a question for my own curiosity... "The fronting service
could be pressured by adversaries. " is an obvious attack but even if SNI is
protected, the fronting service can still apply any policy to a protected
service as it has the knowledge of protected services by design. Hence, I
wonder why this case is mentioned here.
-- Security section --
Like Warren, I find the content of this section unusual.
== NITS ==
-- Section 2.1 --
Probably worth expanding "MITM" at first use.
--Section 3.3 --
Probably worth expanding "DOS" at first use.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic